In the ApsaraDB for MongoDB console, you can view audit logs in a specified time range and filter audit logs that match various conditions.

Prerequisites

You have enabled the new new audit log service. For more information, see Enable audit log service (new version).

Background information

You can query audit logs for detailed insight when you want to view database request records, discover the cause for sudden increases in MongoDB resource consumption, or find records of modify and delete operations on data.

View audit logs

  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the region of the target instance.
  3. In the left-side navigation pane, clickReplica Set Instances or Sharding Instances based on the instance type.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane of the Instance page, choose Data Security > Audit Log.
  6. The Mongo audit log center page displays audit log information for the ApsaraDB for MongoDB instance.

Filter audit logs

You can define different conditions to filter audit logs.

  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the region of the target instance.
  3. In the left-side navigation pane, clickReplica Set Instances or Sharding Instances based on the instance type.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane of the Instance page, choose Data Security > Audit Log.
  6. On the Mongo audit log center page, you can define conditions to filter audit logs.
    Set Filter
    Table 1. Filter conditions
    Filter condition Description
    Keyword Filters audit logs by keywords such as the client IP address, executed commands, accounts, and extended information.
    Note
    • The Keyword filed uses exact match, so you must enter complete information.
      • For example, you must enter a complete IP address such as 192.168.1.1, instead of 192.168 or 1.1.
      • You must enter a complete command such as AUTH or auth, instead of au.
    • You must enclose keywords that contain colons within double quotation marks (""), such as "userId:1".
    Opration Types The type of audit logs. Valid values:
    • query
    • find
    • insert
    • update
    • delete
    • remove
    • getMore
    • command
    Client IP Address The client IP address used to connect the ApsaraDB for MongoDB instance.
    Database Name The name of the apsaradb for MongoDB database.
    Set Name The name of the ApsaraDB for MongoDB instance Set.
    Username The username used to log on to the ApsaraDB for MongoDB database.

View audit logs within a specified time range

You can view audit logs within a specified time range by using the time picker.

  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the region of the target instance.
  3. In the left-side navigation pane, clickReplica Set Instances or Sharding Instances based on the instance type.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane of the Instance page, choose Data Security > Audit Log.
  6. On the Mongo audit log center page, click Please Select
  7. Specify the time range in the time picker.
    Set the time picker
    Table 2. Time picker sections
    No. Section Description
    1 Time Information about the time range is displayed in this section when you move the pointer over a relative time or a time frame.
    2 Relative A time period relative to the current point in time. Information about the time range is displayed in the Time section when you move the pointer over any element in this section.
    2 Time Frame A time frame period that is more than one minute in length. Information about the time range is displayed in the Time section when you move the pointer over any element in this section.
    4 Custom A custom time period. Specify a time period and click OK to confirm the time period.

FAQ