Open vamshisiram opened 1 year ago
Hello, one of my customer is also asking for this same issue. Looks like currently we don't support to enable the Audit with Log analytics workspace, and also I found there is also no option in Azure ARM Template / Synapse rest API to let . So do terraform have this plan to support this? Thanks
actually, you enable a log analytics workspace destination for auditing by setting the diagnostic setting on the synapse workspace resource. specificaully, the SQLSecurityAuditEvents log category
I think it's too late, but it might help someone so putting it out there. I was able to do this with:
resource "azurerm_synapse_workspace_extended_auditing_policy" "audit_settings" {
synapse_workspace_id = azurerm_synapse_workspace.example.id
}
resource "azurerm_monitor_diagnostic_setting" "example" {
name = "example-diagnostic-setting"
target_resource_id = azurerm_synapse_workspace.example.id
log_analytics_workspace_id = azurerm_log_analytics_workspace.example.id
enabled_log {
category = "SQLSecurityAuditEvents"
}
metric {
category = "AllMetrics"
enabled = true
}
}
Is there an existing issue for this?
Community Note
Terraform Version
1.3.7
AzureRM Provider Version
3.2.0
Affected Resource(s)/Data Source(s)
azurerm_synapse_workspace_extended_auditing_policy
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
expect to send the audit logs to log analytics worksapce instead of a storage account.
Actual Behaviour
only seeing code to send audit logs to storage account
Steps to Reproduce
deploy audit logs for synapse workspace
Important Factoids
No response
References
No response