Query audit logs

View audit logs

1. Log on to the ApsaraDB for MongoDB console.
2. In the upper-left corner of the page, select the resource group and the region of the target instance.
3. In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances based on the instance type.
4. Find the target instance and click its ID.
5. In the left-side navigation pane of the Instance page, choose Data Security > Audit Logs.
6. On the Mongo audit log center page that appears, view audit log details of the ApsaraDB for MongoDB instance.

Filter audit logs

You can define different conditions to filter audit logs.

1. Log on to the ApsaraDB for MongoDB console.
2. In the upper-left corner of the page, select the resource group and the region of the target instance.
3. In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances based on the instance type.
4. Find the target instance and click its ID.
5. In the left-side navigation pane of the Instance page, choose Data Security > Audit Logs.
6. On the Mongo audit log center page that appears, define conditions to filter audit logs.
   

   Table 1. Filter conditions

   Filter condition	Description
   Keyword	Filters audit logs by keywords such as the client IP address, executed commands, accounts, and extended information. Note The Keyword filed supports exact match, so you must enter complete information. For example, you must enter a complete IP address such as 192.168.1.1, instead of 192.168 or 1.1. You must enter a complete command such as AUTH or auth, instead of au. You must enclose keywords that contain colons within double quotation marks (""), such as "userId:1".
   Operation Type	Filters audit logs by operation type. Operation types include: query find insert update delete remove getMore: the read operation command: the protocol command such as the aggregate method
   Client IP Address	The client IP address used to connect the ApsaraDB for MongoDB instance.
   Database Name	The name of the ApsaraDB for MongoDB database.
   Set Name	The name of the ApsaraDB for MongoDB instance set.
   Username	The account used to log on to the ApsaraDB for MongoDB instance.

View audit logs within a specified time range

You can view slow query logs within a specified time range by using the time picker.

1. Log on to the ApsaraDB for MongoDB console.
2. In the upper-left corner of the page, select the resource group and the region of the target instance.
3. In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances based on the instance type.
4. Find the target instance and click its ID.
5. In the left-side navigation pane of the Instance page, choose Data Security > Audit Logs.
6. On the Mongo audit log center page that appears, click Please Select.
7. Specify the time range in the time picker.
   

   Table 2. Time picker sections

   No.	Section	Description
   1	Time	Information about the time range is displayed in this section when you move the pointer over a relative time or a time frame.
   2	Relative	A time period relative to the current point in time. Information about the time range is displayed in the Time section when you move the pointer over any element in this section.
   2	Time Frame	A time frame period that is more than one minute. Information about the time range is displayed in the Time section when you move the pointer over any element in this section.
   4	Custom	A custom time period. Specify a time period and click OK to confirm the time period.

FAQ

• I can only view 2,000 audit log entries in total. Where can I view the others?

  The Audit Logs page on the ApsaraDB for MongoDB console displays up to 2,000 audit log entries. To view more audit log entries, you must log on to the Log Service console. For more information, see Query logs.

• Where can I view old audit log documentation?

  See Configure audit logging for an ApsaraDB for MongoDB instance.