添加SQL防火墙规则时的Azure警报

Question

firewall rule is added to an Azure SQL database时是否有一种方法来提醒您？我检查了监控刀片，但没有看到度量或日志事件。

Answer 1

您可以使用逻辑应用来实现：

1. 使用“收到HTTP请求时”模板创建一个新的逻辑应用程序。使用以下JSON作为样本有效负载。然后，您将需要添加条件和操作（电子邮件？）。在电子邮件正文中，您可以发送更多详细信息，例如来电者电子邮件，来电者IP等。

条件应为Status = Activated且OperationName =“ Microsoft.Sql / servers / firewallRules / write”。  2.在Monitor中创建一个新警报。资源将是您的SQL Server，信号将是“所有管理操作”。 创建一个新的动作组并设置一个Webhook动作。使用上一步中生成的逻辑应用程序webhook url。

{
    "headers": {
        "Connection": "Keep-Alive",
        "Expect": "100-continue",
        "Host": "abc.logic.azure.com",
        "User-Agent": "IcMBroadcaster/1.0",
        "X-CorrelationContext": "abc",
        "Content-Length": "1350",
        "Content-Type": "application/json; charset=utf-8"
    },
    "body": {
        "schemaId": "Microsoft.Insights/activityLogs",
        "data": {
            "status": "Activated",
            "context": {
                "activityLog": {
                    "channels": "Operation",
                    "eventSource": "Administrative",
                    "eventTimestamp": "2019-03-09T10:00:36.549+00:00",
                    "eventDataId": "eventid",
                    "level": "Informational",
                    "operationName": "Microsoft.Sql/servers/firewallRules/write",
                    "properties": {
                        "originalEventTimestamp": "03/09/2019 10:00:17",
                        "correlationId": "correlationId",
                        "eventId": "eventId",
                        "eventName": "OverwriteFirewallRules",
                        "operationName": "Microsoft.Sql/servers/firewallRules/write",
                        "status": "Succeeded",
                        "description_scrubbed": "description",
                        "caller": "useremail@email.com",
                        "callerCredentialType": "LiveId",
                        "eventChannel": "OperationLogStore",
                        "ipAddress": "useripaddress",
                        "eventSource": "SQL Databases Event Supplier"
                    },
                    "resourceId": "resourceId",
                    "resourceGroupName": "groupname",
                    "resourceProviderName": "MICROSOFT.SQL",
                    "status": "Succeeded",
                    "subscriptionId": "subscriptionId",
                    "submissionTimestamp": "2019-03-09T10:00:36.549+00:00",
                    "resourceType": "microsoft.sql/servers"
                }
            },
            "properties": {}
        }
    }
}

Answer 2

您可以使用活动日志来执行此操作。如果您添加新的防火墙规则并在几分钟后检查“活动日志”，将会看到一系列条目，其名称为更新SQL Server防火墙规则。点击状态为成功的图标。下一页将具有新警报规则按钮。

您需要编辑条件，因为它会将启​​动程序设置为您的用户名。为此，请点击条件并更改事件发起人值。