Configure Auditing

Auditing in MongoDB Atlas

MongoDB Atlas supports auditing for all M10 and largerclusters. Atlas supports specifying a JSON-formatted auditfilter as documented in Configure Audit Filtersand using the Atlas audit filter builder for simplified auditingconfiguration. To learn more, see the Atlas documentation forSet Up Database AuditingandConfigure a Custom Auditing Filter.

New in version 2.6.

MongoDB Enterprisesupports auditing of various operations. A completeauditing solution must involve allmongod server andmongos router processes.

The audit facility can write audit events to the console, thesyslog (option is unavailable on Windows), a JSON file, or aBSON file. For details on the audited operations and the audit logmessages, see System Event Audit Messages.

Enable and Configure Audit Output

Use the —auditDestination optionto enable auditing and specify where to output the audit events.

Warning

For sharded clusters, if you enable auditing on mongosinstances, you must enable auditing on all mongodinstances in the cluster, i.e. shards and config servers.

Output to Syslog

To enable auditing and print audit events to the syslog (optionis unavailable on Windows) in JSON format, specify syslog for the—auditDestination setting. Forexample:

  1. mongod --dbpath data/db --auditDestination syslog

Include additional options as required for your configuration. Forinstance, if you wish remote clients to connect to your deploymentor your deployment members are run on different hosts, specify the—bind_ip. For more information, seeLocalhost Binding Compatibility Changes.

Important

Before you bind to other ip addresses, consider enablingaccess control and other security measures listedin Security Checklist to prevent unauthorizedaccess.

Warning

The syslog message limit can result in the truncation of the auditmessages. The auditing system will neither detect the truncation norerror upon its occurrence.

You may also specify these options in the configuration file:

  1. storage:
  2.    dbPath: data/db
  3. auditLog:
  4.    destination: syslog

Output to Console

To enable auditing and print the audit events to standardoutput (i.e. stdout), specify console for the—auditDestination setting. Forexample:

  1. mongod --dbpath data/db --auditDestination console

Include additional options as required for your configuration. Forinstance, if you wish remote clients to connect to your deploymentor your deployment members are run on different hosts, specify the—bind_ip. For more information, seeLocalhost Binding Compatibility Changes.

Important

Before you bind to other ip addresses, consider enablingaccess control and other security measures listedin Security Checklist to prevent unauthorizedaccess.

You may also specify these options in the configuration file:

  1. storage:
  2.    dbPath: data/db
  3. auditLog:
  4.    destination: console

Output to JSON File

To enable auditing and print audit events to a file in JSONformat, specify the following options:

OptionValue
—auditDestinationfile
—auditFormatJSON
—auditPathThe output filename. Accepts either the full path name orrelative path name.

For example, the following enables auditing and records audit events toa file with the relative path name of data/db/auditLog.json:

  1. mongod --dbpath data/db --auditDestination file --auditFormat JSON --auditPath data/db/auditLog.json

Include additional options as required for your configuration. Forinstance, if you wish remote clients to connect to your deploymentor your deployment members are run on different hosts, specify the—bind_ip. For more information, seeLocalhost Binding Compatibility Changes.

Important

Before you bind to other ip addresses, consider enablingaccess control and other security measures listedin Security Checklist to prevent unauthorizedaccess.

The audit file rotates at the same time as the server log file.

You may also specify these options in the configuration file:

  1. storage:
  2.    dbPath: data/db
  3. auditLog:
  4.    destination: file
  5.    format: JSON
  6.    path: data/db/auditLog.json

Note

Printing audit events to a file in JSON format degradesserver performance more than printing to a file in BSON format.

Output to BSON File

To enable auditing and print audit events to a file in BSON binaryformat, specify the following options:

OptionValue
—auditDestinationfile
—auditFormatBSON
—auditPathThe output filename. Accepts either the full path name orrelative path name.

For example, the following enables auditing and records audit events toa BSON file with the relative path name of data/db/auditLog.bson:

  1. mongod --dbpath data/db --auditDestination file --auditFormat BSON --auditPath data/db/auditLog.bson

Include additional options as required for your configuration. Forinstance, if you wish remote clients to connect to your deploymentor your deployment members are run on different hosts, specify the—bind_ip. For more information, seeLocalhost Binding Compatibility Changes.

Important

Before you bind to other ip addresses, consider enablingaccess control and other security measures listedin Security Checklist to prevent unauthorizedaccess.

The audit file rotates at the same time as the server log file.

You may also specify these options in the configuration file:

  1. storage:
  2.    dbPath: data/db
  3. auditLog:
  4.    destination: file
  5.    format: BSON
  6.    path: data/db/auditLog.bson

To view the contents of the file, pass the file to the MongoDB utilitybsondump. For example, the following converts the audit loginto a human-readable form and output to the terminal:

  1. bsondump data/db/auditLog.bson

See also

Configure Audit Filters, Auditing,System Event Audit Messages