Set-AzureRmSqlDatabaseAuditing does not work with AuditAction, Set-AzureRmSqlDatabaseAuditingPolicy works

[zhiweiv]

Azure PowerShell Version
5.0

I want to audit update events only on database, I tried the below code
$AuditAction = "UPDATE ON database::[xxx] BY [public]";
Set-AzureRmSqlDatabaseAuditing -ResourceGroupName "xxx" -ServerName "xxx" -DatabaseName "xxx" -StorageAccountName "xxx" -AuditAction $AuditAction -PassThru -AuditActionGroup "FAILED_DATABASE_AUTHENTICATION_GROUP" -State Enabled

After I executed the script, it did not audit anything. However, the legacy cmdlet Set-AzureRmSqlDatabaseAuditingPolicy works perfectly,
$AuditAction = "UPDATE ON database::[xxx] BY [public]";
Set-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName "xxx" -ServerName "xxx" -DatabaseName "xxx" -StorageAccountName "xxx" -AuditAction $AuditAction -PassThru -AuditActionGroup "FAILED_DATABASE_AUTHENTICATION_GROUP" -AuditType Blob

Since Set-AzureRmSqlDatabaseAuditingPolicy is obsolete and will be removed in the future, please help to verify and fix it in Set-AzureRmSqlDatabaseAuditing.

Thanks

[cormacpayne]

@zhiweiv Hey Zhiwei, would you mind running the above cmdlets with $DebugPreference = "Continue" and providing the resulting debug output?

Also, if you could run Get-Module -ListAvailable and provide the resulting list of modules and their versions, that would be great.

CC: @ranisha2

[zhiweiv]

Hi Cormac,

The results are too big to paste here, I have upload them to my OneDrive, you can access them via https://1drv.ms/f/s!Al_DGOKCXcMSj2fqf6fakP3IbYtx.
There are 3 files: Get-Module.txt/ResultOfSet-AzureRmSqlDatabaseAuditing.txt/ResultOfSet-AzureRmSqlDatabaseAuditingPolicy.txt.

I removed account info in them due to privacy reason.

Thanks

[ranisha2]

@zhiweiv
Hi Zhiwei,

Thank you for reporting this.
Turns out it's a bug from our side. We'll fix this as soon as possible.

[zhiweiv]

Thanks ranisha2.

[zhiweiv]

@cormacpayne
Hi Cormac, sorry to bother you. After I ran $DebugPreference = "Continue", my scripts keep outputing debug logs, I didn't find a way to turn it off after a lot of Google, I have tried $DebugPreference="SilentlyContinue" and restarted my laptop.
Do you know how to turn off the debug output?

Many thanks

[cormacpayne]

@zhiweiv Hey Zhiwei, when you start a new PowerShell session and run $DebugPreference, what does it return?

When you set $DebugPreference = "Continue", it should only retain that value for the session. The way to go back to no output is to set $DebugPreference = "SilentlyContinue", so I'm curious as to why it wouldn't change this for you.

Worst case scenario, you can modify your $profile script to set $DebugPreference = "SilentlyContinue" and this will get ran whenever you open a new PowerShell session.

[zhiweiv]

@cormacpayne
Hi Cormac, it is my fault. I left the $DebugPreference = "Continue" somewhere in my scripts during the test, that is why $DebugPreference = "SilentlyContinue" is not working. It is ok now.

Sorry again.

[maddieclayton]

Closing as fixed. Please reopen this if the issue still exists.