Difference between Auditing vs Diagnostic settings in SQL Azure

Question

In SQL Azure, there are two options for getting database events in Azure portal are Auditing and Diagnostic settings.

In which scenario we will use them.

Answer 1

Azure SQL database Auditing is usually used for:

• Retain an audit trail of selected events. You can define categories of database actions to be audited.
• Report on database activity. You can use pre-configured reports and a dashboard to get started quickly with activity and event reporting.
• Analyze reports. You can find suspicious events, unusual activity, and trends.

Diagnostics settings:

You can use the Diagnostics settings menu for each single, pooled, or instance database in Azure portal to configure streaming of diagnostics telemetry. In addition, diagnostic telemetry can also be configured separately for database containers: elastic pools and managed instances. You can set the following destinations to stream the diagnostics telemetry: Azure Storage, Azure Event Hubs, and Azure Monitor logs.

As 4c74356b41 said, they are difference things and with different uses.

Please reference:

1. Azure SQL Database metrics and diagnostics logging
2. Get started with SQL database auditing

Hope this helps.

Answer 2

Just found this "When auditing is configured to a Log Analytics workspace or to an Event Hub destination via the Azure portal or PowerShell cmdlet, a Diagnostic Setting is created with "SQLSecurityAuditEvents" category enabled.". link

For me, this means that auditing is an easier way to enable one of the features of Diagnostic Settings.