This topic describes how to configure audit logging for an ApsaraDB for MongoDB instance. This feature records all operations you have performed on the databases of your instance. With audit logs, you can perform operations such as fault analysis, behavior analysis, and security audit on databases.

Prerequisites

The instance is a replica set or sharded cluster instance.

Precautions

  • After you enable audit logging, the index optimization feature is also enabled. For more information, see Optimize indexes.
  • If the instance is a sharded cluster instance, you cannot manually select the types of database operations for auditing. In this case, the operation types admin, slow, query, insert, update, and delete are selected by default.
  • The default retention period of audit logs is 30 days.

Enable audit logging

  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the region of the instance.
  3. In the left-side navigation pane, click Replica Set Instances or Sharding Instances.
  4. Find the instance and click its ID.
  5. In the left-side navigation pane, choose Data Security > Audit Log.
  6. Click Enable Audit Log.Enable audit logging
  7. Click OK.

Query audit logs

  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the region of the instance.
  3. In the left-side navigation pane, click Replica Set Instances or Sharding Instances.
  4. Find the instance and click its ID.
  5. In the left-side navigation pane, choose Data Security > Audit Log.
  6. You can use a word or record in a collection (Keyword), or the database name (DB), database account name (User), start time, and end time to query the audit logs.

Select operation types for auditing

Note You can only perform this operation when the instance is a replica set instance.
  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the region of the instance.
  3. In the left-side navigation pane, click Replica Set Instances.
  4. Find the instance and click its ID.
  5. In the left-side navigation pane, choose Data Security > Audit Log.
  6. Click Audit Log Filter Setting.
  7. In the dialog box that appears, select the operation types for auditing.Select operation types for auditing
    • admin: O&M operations
    • slow: slow queries
    • query: query operations
    • insert: insert operations
    • update: update operations
    • delete: delete operations
    • command: protocol commands, such as the aggregate method
    Note If audit logging was enabled for ApsaraDB for MongoDB instances before July 2018, the default operation types for auditing are admin, slow, insert, update, delete, and command. If you want to include the query operations, select query in audit settings. For more information, see Select operation types for auditing.
  8. Click OK.

Disable audit logging

  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the region of the instance.
  3. In the left-side navigation pane, click Replica Set Instances or Sharding Instances.
  4. Find the instance and click its ID.
  5. In the left-side navigation pane, choose Data Security > Audit Log.
  6. Click Disable Audit Log.
    Note
    • After you disable audit logging, the index optimization feature is also disabled.
    • After you disable audit logging, logs are no longer collected and stored audit logs are deleted.
  7. In the message that appears, click OK.