In the ApsaraDB for MongoDB console, you can view audit logs in a specified time range and filter audit logs that match various conditions.

Prerequisites

You have enabled the new audit log feature. For more information, see Enable the new audit log feature.

Background information

You can query audit logs for detailed insight when you want to view database request records, discover the cause for sudden increases in resource consumption, or find records of modify and delete operations on data.

View audit logs

  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the resource group and the region of the target instance.
  3. In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances based on the instance type.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane of the Instance page, choose Data Security > Audit Logs.
  6. On the Mongo audit log center page that appears, view audit log details of the ApsaraDB for MongoDB instance.

Filter audit logs

You can define different conditions to filter audit logs.

  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the resource group and the region of the target instance.
  3. In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances based on the instance type.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane of the Instance page, choose Data Security > Audit Logs.
  6. On the Mongo audit log center page that appears, define conditions to filter audit logs.
    Filter conditions
    Table 1. Filter conditions
    Filter condition Description
    Keyword Filters audit logs by keywords such as the client IP address, executed commands, accounts, and extended information.
    Note
    • The Keyword filed supports exact match, so you must enter complete information.
      • For example, you must enter a complete IP address such as 192.168.1.1, instead of 192.168 or 1.1.
      • You must enter a complete command such as AUTH or auth, instead of au.
    • You must enclose keywords that contain colons within double quotation marks (""), such as "userId:1".
    Operation Type Filters audit logs by operation type. Operation types include:
    • query
    • find
    • insert
    • update
    • delete
    • remove
    • getMore: the read operation
    • command: the protocol command such as the aggregate method
    Client IP Address The client IP address used to connect the ApsaraDB for MongoDB instance.
    Database Name The name of the ApsaraDB for MongoDB database.
    Set Name The name of the ApsaraDB for MongoDB instance set.
    Username The account used to log on to the ApsaraDB for MongoDB instance.

View audit logs within a specified time range

You can view slow query logs within a specified time range by using the time picker.

  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the resource group and the region of the target instance.
  3. In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances based on the instance type.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane of the Instance page, choose Data Security > Audit Logs.
  6. On the Mongo audit log center page that appears, click Please Select.
  7. Specify the time range in the time picker.
    Time picker
    Table 2. Time picker sections
    No. Section Description
    1 Time Information about the time range is displayed in this section when you move the pointer over a relative time or a time frame.
    2 Relative A time period relative to the current point in time. Information about the time range is displayed in the Time section when you move the pointer over any element in this section.
    2 Time Frame A time frame period that is more than one minute. Information about the time range is displayed in the Time section when you move the pointer over any element in this section.
    4 Custom A custom time period. Specify a time period and click OK to confirm the time period.

FAQ

  • I can only view 2,000 audit log entries in total. Where can I view the others?

    The Audit Logs page on the ApsaraDB for MongoDB console displays up to 2,000 audit log entries. To view more audit log entries, you must log on to the Log Service console. For more information, see Query logs.

  • Where can I view old audit log documentation?

    See Configure audit logging for an ApsaraDB for MongoDB instance.