Databases

Monitoring Cloud SQL with SQL Server database auditing

Cloud SQL for SQL Server is a fully-managed database service that allows you to run SQL Server in the cloud and let Google take care of the toil. In the past year, we’ve launched features that help you get the most out of SQL Server, like support for Active Directory authentication, SQL Server 2019, and Cross Region Replicas. We’re happy to add another SQL Server security feature: database auditing. Database auditing allows you to monitor changes to your SQL Server databases, like database creations, data inserts, or table deletions. 

Cloud SQL writes audit logs generated by SQL Server to the local disk and to Google Cloud Storage. You can specify how long logs should be stored on the instance - for up to seven days - and use a SQL Server function to inspect logs. Cloud SQL will also automatically write all audit files to a Google Cloud Storage bucket that you manage, so you can decide how long to retain these records if you need them for longer than seven days, or consolidate them with audit files from other SQL Server instances. 

To enable database auditing, go to the Google Cloud console, select your Cloud SQL for SQL Server instance, and select Edit from the Overview page. You can also enable SQL Server Audit when you create a new Cloud SQL instance:

Monitoring Cloud SQL.jpg

Once you’ve enabled auditing for your Cloud SQL for SQL Server instance, you can create SQL Server audits and audit specifications, which determine what information will be tracked on your databases. You can capture granular information about operations performed on your databases, including, for example, every time a login succeeds or fails. If you want to capture different information for each of your databases, you can create different audit specifications for each database on your instance, or you can create server-level audit specifications to track changes across all databases. 

SQL Server auditing is now available for all Cloud SQL for SQL Server instances. Learn more about how to get started with this feature today!