Data has been deleted from one of my tables in the Azure Postgres SQL database. Is there any way I can figure out which user has deleted the database using log analytics workspace? Is there any specific metrics that has to be enabled to be able to figure out which user has deleted the data.
Asked
Active
Viewed 214 times
1 Answers
0
You need to have audit turned on Azure postgres ( general purpose or memory optimized tiers only ). See the documentation enter link description here
Once turned on, these audit records will be written by default to postgres server log. Then you can download the logs either through the portal or AZ command line to search for your delete statement.
If you are doing this on a large scale then you have to automate using az commandline.
This will list all the logs you have first run it to find out which log ( hourly ) you want to investigate into.
az postgres server-logs list -g resource_group -s server --query "[].[name,url]"az postgres server-logs download -n file_name_from_above -g resource_group -s server
Sumit S
- 516
- 5
- 17