This topic describes how to enable the audit log feature for an ApsaraDB for MongoDB instance. The audit log feature is integrated with Log Service and allows you to query, analyze online, and export the audit logs of the instance. The audit log feature also helps you gain insights into the security and performance of the instance.

Background information

Log Service is an all-in-one service that is developed by Alibaba Cloud based on extensive big data experience. You can use Log Service to collect, consume, deliver, query, and analyze log data without the need to write code. Log Service helps you improve O&M efficiency. Some features of Log Service are integrated with ApsaraDB for MongoDB. This allows ApsaraDB for MongoDB to provide the audit log feature that is stable, flexible, efficient, and easy to use.

Prerequisites

  • The instance is a general-purpose instance with local disks or a dedicated instance with local disks.
  • The AliyunLogFullAccess policy is attached to the RAM user that is used to enable the audit log feature. For more information, see Grant permissions to a RAM user.

Limits

Impacts

  • The free trial edition of the audit log feature slightly lowers the performance of an ApsaraDB for MongoDB instance.
  • After you enable the free trial edition of the audit log feature, Log Service logs all types of operations that are performed on the instance. The logs can be used to troubleshoot issues in the instance.

Procedure

  1. Log on to the ApsaraDB for MongoDB console.
  2. In the upper-left corner of the page, select the resource group and region to which the instance belongs.
  3. In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances based on the instance type.
  4. Click the ID of an instance, or click More icon in the Actions column corresponding to the instance and select Manage.
  5. In the left-side navigation pane of the instance details page, choose Data Security > Audit Logs.
  6. On the Latest Audit Logs page, click Enable Audit Logs.
  7. In the Enable Audit Logs message, read the prompt and click OK.