locked
can we lock audit logs ? RRS feed

  • Question

  • I've got auditing turned on for my Azure SQL Data Warehouse, and the logs are being funneled into an Azure BLOB Storage Container. I want these logs to be locked-down and un-tamperable. This seems not to be the default. Is the way to do this to create a new storage account resource just for the audit logs, and add a lock to it? There seems to be no way to lock just a particular BLOB container.
    Thursday, June 21, 2018 5:07 PM

Answers

  • https://blogs.msdn.microsoft.com/windowsazurestorage/2018/06/19/azure-immutable-blob-storage-now-in-public-preview/

    Azure Blog is releasing in preview today immutable blobs. Is this the functionality you're looking for?

    Best,

    Ellis Hiroki 

    • Marked as answer by Tekbloke Friday, June 22, 2018 1:12 PM
    Thursday, June 21, 2018 5:28 PM
  • You can store your production or business critical data after this feature is generally available.

    Azure resource lock and immutable blob both are different features. You can avoid an accidental delete of your data with resource lock and this feature is available for many azure resources. You can avoid an accidental delete and tampering of your data by using immutable blob storage, currently this feature is only available with the Azure blob storage.

    For more information refer:

    https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage

    • Proposed as answer by vikranth s Tuesday, July 3, 2018 1:28 PM
    • Marked as answer by Tekbloke Thursday, July 5, 2018 2:22 PM
    Wednesday, June 27, 2018 3:41 PM
  • I am afraid we do not have an ETA. You can use the Immutable Storage feature with any existing GPv2 accounts or on new storage accounts if the account type is GPv2. This feature is only available with blob storage. 

    • Marked as answer by Tekbloke Monday, June 25, 2018 6:06 PM
    Monday, June 25, 2018 4:07 PM

All replies

  • https://blogs.msdn.microsoft.com/windowsazurestorage/2018/06/19/azure-immutable-blob-storage-now-in-public-preview/

    Azure Blog is releasing in preview today immutable blobs. Is this the functionality you're looking for?

    Best,

    Ellis Hiroki 

    • Marked as answer by Tekbloke Friday, June 22, 2018 1:12 PM
    Thursday, June 21, 2018 5:28 PM
  • Perfect... that's exactly what I was looking for....Thank you, Ellis.

    went through the document and it says that as of now  "do not store production or business critical data". 

    Any idea when this will be out of preview ? and would adding a lock to the resources effect the same result ? 

    Friday, June 22, 2018 1:29 PM
  • I am afraid we do not have an ETA. You can use the Immutable Storage feature with any existing GPv2 accounts or on new storage accounts if the account type is GPv2. This feature is only available with blob storage. 

    • Marked as answer by Tekbloke Monday, June 25, 2018 6:06 PM
    Monday, June 25, 2018 4:07 PM
  • Thank you Vikranth S ! one last concern..

    as per the public preview link mentioned above..

    • there is the restriction which says ""Do not store production or business critical data"" is it only till it is in public preview or  we should never store even after it is in GA.??

    As far as locking, I don't see any mention of BLOB-storage in https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources and the locking is done on a resource level. BLOB storage is (I believe) what's used by the SQL audit logs. But the link I just pasted does say that I should expect the unexpected when using read-only locks.

    What's the surest way to lock down the audit logs that my Azure SQL Data Warehouse sends to my Azure Storage Container?

    Tuesday, June 26, 2018 2:11 PM
  • You can store your production or business critical data after this feature is generally available.

    Azure resource lock and immutable blob both are different features. You can avoid an accidental delete of your data with resource lock and this feature is available for many azure resources. You can avoid an accidental delete and tampering of your data by using immutable blob storage, currently this feature is only available with the Azure blob storage.

    For more information refer:

    https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage

    • Proposed as answer by vikranth s Tuesday, July 3, 2018 1:28 PM
    • Marked as answer by Tekbloke Thursday, July 5, 2018 2:22 PM
    Wednesday, June 27, 2018 3:41 PM
  • Just Checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same. And, if you have any further query do let us know.


    Saturday, June 30, 2018 10:23 AM