This topic describes how to view the audit logs of an ApsaraDB for MongoDB instance over a specified time range. This topic also describes how to filter the audit logs based on specified criteria.

Prerequisites

The new audit log feature is enabled for the instance. For more information, see Enable the new audit log feature.

Background information

You can use the audit logs of an instance to identify the causes of sudden increases in resource consumption or find the records of modify and delete operations on specific data in the instance.

View the audit logs of an instance

  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the resource group and the region of the target instance.
  3. In the left-side navigation pane, click Replica Set Instances, or Sharded Cluster Instances based on the instance type.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane, choose Data Security > Audit Logs.
  6. On the Mongo audit log center page, view the details about the audit logs of the instance.

Filter the audit logs of an instance

ApsaraDB for MongoDB can display only the audit logs that meet specified filter criteria.

  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the resource group and the region of the target instance.
  3. In the left-side navigation pane, click Replica Set Instances, or Sharded Cluster Instances based on the instance type.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane, choose Data Security > Audit Logs.
  6. On the Mongo audit log center page, configure the filter criteria.
    Filter criteria
    Table 1. Filter criteria
    Filter criterion Description
    Keyword Specify the keywords that are included in the audit logs you want to view. The keywords can be a client IP address, a command, a username, or other extended information.
    Note
    • The Keyword field supports exact match. You must enter complete information in the Keyword field. Examples:
      • If you want to specify an IP address as a keyword, you must enter a complete IP address such as 192.168.1.1. Do not enter 192.168 or 1.1.
      • If you want to specify a command as a keyword, you must enter a complete command such as AUTH or auth. Do not enter au.
    • If a keyword contains a colon (:), you must enclose the keyword in a pair of double quotation marks (""). Example: "userId:1".
    Operation Type Specify the types of operations that you want to view. The audit log feature supports the following operation types:
    • query: query operations
    • find: find operations
    • insert: insert operations
    • update: update operations
    • delete: delete operations
    • remove: remove operations
    • getMore: read operations
    • command: protocol commands such as the aggregate method
    Client IP Address Specify the IP address of the client that is connected to the instance.
    Database Name Specify the name of the database that you want to view.
    Set Name Specify the name of the collection that you want to view.
    Username Specify the username of the account that is used to connect to the instance.

View the audit logs of an instance over a specified time range

You can use the time picker to view only the audit logs that are generated over a specified time range.

  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the resource group and the region of the target instance.
  3. In the left-side navigation pane, click Replica Set Instances, or Sharded Cluster Instances based on the instance type.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane, choose Data Security > Audit Logs.
  6. On the Mongo audit log center page, click Please Select.
  7. In the Time pane, select a time range.
    Time picker
    Table 2. Time pane
    Section No. Section name Description
    1 Time details When you move the pointer over a time option in the Relative section or Time Frame section, the time details section displays the time range that maps the selected time option.
    2 Relative Select a time range relative to the current point in time. When you move the pointer over a time option in this section, the time details section displays the time range that maps the selected time option.
    3 Time Frame Select a time range that is accurate to the minute, hour, week, or day. When you move the pointer over a time option in this section, the time details section displays the time range that maps the selected time option.
    4 Custom Specify a custom time range. After you click OK, the custom time range is applied.

FAQ

  • Can I view more than 2,000 audit log entries?

    The Mongo audit log center page in the ApsaraDB for MongoDB console displays only up to 2,000 audit log entries. To view more audit log entries, you must log on to the Log Service console. For more information, see Query logs.

  • Where can I view the documentation that describes the old audit log feature?

    For more information, see Configure audit logging for an ApsaraDB for MongoDB instance.