This topic describes how to enable the new audit log feature for an ApsaraDB for MongoDB instance. The new audit log feature is integrated with Log Service and allows you to query, analyze, and export the audit logs of the instance. The new audit log feature also helps you gain insights into the security and performance of the instance.

Prerequisites

  • The instance is a replica set instance or sharded cluster instance that runs MongoDB 4.2 or earlier.
  • The AliyunLogFullAccess policy is attached to a Resource Access Management (RAM) user. This prerequisite must be met if you want to enable the new audit log feature by using the credentials of a RAM user. For more information, see Grant permissions to a RAM user.

Background information

Log Service is an all-in-one service that is developed by Alibaba Cloud based on extensive big data analytics scenarios. You can use Log Service to collect, consume, push, query, and analyze log data without the need to write code. Log Service helps you improve O&M efficiency. Some features of Log Service are integrated with ApsaraDB for MongoDB. This allows ApsaraDB for MongoDB to provide the audit log feature, which is stable, flexible, efficient, and easy to use.

Impacts

  • After you enable the new audit log feature for an instance, the performance of the instance slightly decreases.
  • After you enable the new audit log feature for an instance, Log Service logs the specified types of operations that are performed on the instance. The logs can be used to troubleshoot issues in the instance.

Billing

A free trial edition is provided for the new audit log feature.
Note If you are using the free trial edition, you can retain up to 100 GB of audit log data for one day.

Procedure

  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the resource group and the region of the target instance.
  3. In the left-side navigation pane, click Replica Set Instances, or Sharded Cluster Instances based on the instance type.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane, choose Data Security > Audit Logs.
  6. Click Enable Audit Logs.
    Enable Audit Logs
  7. In the message that appears, click OK.

What to do next