/
configure-auditing.txt
157 lines (111 loc) · 4.49 KB
/
configure-auditing.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
==================
Configure Auditing
==================
.. default-domain:: mongodb
.. contents:: On this page
:local:
:backlinks: none
:depth: 1
:class: singlecol
.. versionadded:: 2.6
:products:`MongoDB Enterprise </mongodb-enterprise-advanced?jmp=docs>`
supports :ref:`auditing <auditing>` of various operations. A complete
auditing solution must involve **all** :binary:`~bin.mongod` server and
:binary:`~bin.mongos` router processes.
The audit facility can write audit events to the console, the
:term:`syslog` (option is unavailable on Windows), a JSON file, or a
BSON file. For details on the audited operations and the audit log
messages, see :doc:`/reference/audit-message`.
Enable and Configure Audit Output
---------------------------------
Use the ``--auditDestination`` option to enable
auditing and specify where to output the audit events.
.. warning::
For sharded clusters, if you enable auditing on :binary:`~bin.mongos`
instances, you must enable auditing on all :binary:`~bin.mongod`
instances in the cluster, i.e. shards and config servers.
Output to Syslog
~~~~~~~~~~~~~~~~
To enable auditing and print audit events to the syslog (option
is unavailable on Windows) in JSON format, specify ``syslog`` for the
``--auditDestination`` setting. For example:
.. code-block:: sh
mongod --dbpath data/db --auditDestination syslog
.. warning::
The syslog message limit can result in the truncation of the audit
messages. The auditing system will neither detect the truncation nor
error upon its occurrence.
You may also specify these options in the :doc:`configuration file
</reference/configuration-options>`:
.. code-block:: yaml
storage:
dbPath: data/db
auditLog:
destination: syslog
Output to Console
~~~~~~~~~~~~~~~~~
To enable auditing and print the audit events to standard
output (i.e. ``stdout``), specify ``console`` for the
``--auditDestination`` setting. For example:
.. code-block:: sh
mongod --dbpath data/db --auditDestination console
You may also specify these options in the :doc:`configuration file
</reference/configuration-options>`:
.. code-block:: yaml
storage:
dbPath: data/db
auditLog:
destination: console
Output to JSON File
~~~~~~~~~~~~~~~~~~~
To enable auditing and print audit events to a file in JSON
format, specify ``file`` for the ``--auditDestination`` setting,
``JSON`` for the ``--auditFormat`` setting, and
the output filename for the ``--auditPath``. The
``--auditPath`` option accepts either full path name or relative
path name. For example, the following enables auditing and records
audit events to a file with the relative path name of
``data/db/auditLog.json``:
.. code-block:: sh
mongod --dbpath data/db --auditDestination file --auditFormat JSON --auditPath data/db/auditLog.json
The audit file rotates at the same time as the server log file.
You may also specify these options in the :doc:`configuration file
</reference/configuration-options>`:
.. code-block:: yaml
storage:
dbPath: data/db
auditLog:
destination: file
format: JSON
path: data/db/auditLog.json
.. note:: Printing audit events to a file in JSON format degrades
server performance more than printing to a file in BSON format.
Output to BSON File
~~~~~~~~~~~~~~~~~~~
To enable auditing and print audit events to a file in BSON binary
format, specify ``file`` for the ``--auditDestination`` setting,
``BSON`` for the ``--auditFormat`` setting, and the output
filename for the ``--auditPath``. The ``--auditPath``
option accepts either full path name or relative path name. For
example, the following enables auditing and records audit events to a
BSON file with the relative path name of ``data/db/auditLog.bson``:
.. code-block:: sh
mongod --dbpath data/db --auditDestination file --auditFormat BSON --auditPath data/db/auditLog.bson
The audit file rotates at the same time as the server log file.
You may also specify these options in the :doc:`configuration file
</reference/configuration-options>`:
.. code-block:: yaml
storage:
dbPath: data/db
auditLog:
destination: file
format: BSON
path: data/db/auditLog.bson
To view the contents of the file, pass the file to the MongoDB utility
:binary:`~bin.bsondump`. For example, the following converts the audit log
into a human-readable form and output to the terminal:
.. code-block:: sh
bsondump data/db/auditLog.bson
.. seealso::
:doc:`/tutorial/configure-audit-filters`, :doc:`/core/auditing`,
:doc:`/reference/audit-message`