If you have read my other blog about deploying diagnostics to SQL Server, then its important to note that there are some differences with Azure SQL Pools.
In your Parameters section of the ARM template, put these lines of code. (I have taken out the DefaultValue bits from the code so we can keep it simple)
"LogAnalyticsWorkspaceName": {
"type": "string"
},
"LogAnalyticsSubscriptionID": {
"type": "string"
},
"LogAnalyticsResourceGroup": {
"type": "string"
},
"EnableDiagnostics": {
"type": "bool"
}Weirdly, the code for Diagnostics and Auditing sits under the main Resource section of the ARM template and is not nested like the Azure SQL Server is. I think the reason is that when you apply Synapse SQL Auditing at the SERVER or shall we say Workspace level then it automatically applies to any of your SQL Pools.
{
"comments": "SQL auditing needs a diagnostic settting added. We are adding all other diagnostics with this and not just SQLSecurityAuditEvents",
"condition": "[parameters('EnableDiagnostics')]",
"apiVersion": "2021-05-01-preview",
"type": "Microsoft.Synapse/workspaces/providers/diagnosticSettings",
"name": "[concat(parameters('workspaceName'), '/microsoft.insights/', 'AuditingAndAllDiagnostics-', parameters('workspaceName'))]",
"dependsOn": [
"[resourceId('Microsoft.Synapse/workspaces', parameters('workspaceName'))]"
],
"properties": {
"workspaceId": "[resourceId(parameters('LogAnalyticsSubscriptionID'), parameters('LogAnalyticsResourceGroup'), 'Microsoft.OperationalInsights/workspaces',parameters('LogAnalyticsWorkspaceName'))]",
"logs": [
{
"category": "SynapseRbacOperations",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": true
}
},
{
"category": "GatewayApiRequests",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": true
}
},
{
"category": "SQLSecurityAuditEvents",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": true
}
},
{
"category": "BuiltinSqlReqsEnded",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": true
}
},
{
"category": "IntegrationPipelineRuns",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": true
}
},
{
"category": "IntegrationActivityRuns",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": true
}
},
{
"category": "IntegrationTriggerRuns",
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": true
}
}
],
"metrics": [
{
"category": "AllMetrics",
"enabled": true
}
]
}
},
{
"condition": "[parameters('EnableDiagnostics')]",
"type": "Microsoft.Synapse/workspaces/auditingSettings",
"apiVersion": "2019-06-01-preview",
"name": "[concat(parameters('workspaceName'), '/DefaultAuditingSettings')]",
"dependsOn": [
"[concat('Microsoft.Synapse/workspaces/', parameters('workspaceName'))]"
],
"properties": {
"state": "Enabled",
"isAzureMonitorTargetEnabled": true,
"workspaceId": "[resourceId(parameters('LogAnalyticsSubscriptionID'), parameters('LogAnalyticsResourceGroup'), 'Microsoft.OperationalInsights/workspaces',parameters('LogAnalyticsWorkspaceName'))]"
}
}