This topic describes how to configure audit logging for an ApsaraDB for MongoDB instance. This feature records all operations you have performed on the databases of your instance. With audit logs, you can perform operations such as fault analysis, behavior analysis, and security audit on databases.

Prerequisites

The instance is a replica set or sharded cluster instance.

Precautions

  • After you enable audit logging, the index optimization feature is also enabled. For more information, see Index optimization of ApsaraDB for MongoDB.
  • If the instance is a sharded cluster instance, you cannot manually select the types of database operations for auditing. In this case, the operation types admin, slow, query, insert, update, and delete are selected by default.
  • The default retention period of audit logs is 30 days.

Enable audit logging

  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the resource group and the region of the target instance.
  3. In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances based on the instance type.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane, choose Data Security > Audit Logs.
  6. Click Enable Audit Log.
    Enable audit logging
  7. Click OK.

Query audit logs

  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the resource group and the region of the target instance.
  3. In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances based on the instance type.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane, choose Data Security > Audit Logs.
  6. You can use a word or record in a collection (Keyword), or the database name (DB), database account name (User), start time, and end time to query the audit logs.

Select operation types for auditing

Note You can only perform this operation when the instance is a replica set instance.
  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the resource group and the region of the target instance.
  3. In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances based on the instance type.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane, choose Data Security > Audit Logs.
  6. Click Audit Log Filter Setting.
  7. In the dialog box that appears, select the operation types for auditing.
    Select operation types for auditing
    • admin: O&M operations
    • slow: slow queries
    • query: query operations
    • insert: insert operations
    • update: update operations
    • delete: delete operations
    • command: protocol commands, such as the aggregate method
    Note If audit logging was enabled for ApsaraDB for MongoDB instances before July 2018, the default operation types for auditing are admin, slow, insert, update, delete, and command. If you want to include the query operations, select query in audit settings. For more information, see Select operation types for auditing.
  8. Click Submit.

Disable audit logging

  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the resource group and the region of the target instance.
  3. In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances based on the instance type.
  4. Find the target instance and click its ID.
  5. In the left-side navigation pane, choose Data Security > Audit Logs.
  6. Click Disable Audit Log.
    Note
    • After you disable audit logging, the index optimization feature is also disabled.
    • After you disable audit logging, logs are no longer collected and stored audit logs are deleted.
  7. In the message that appears, click Submit.