Evaluates whether audit logging is enabled for ApsaraDB for MongoDB instances. Instances with audit logging enabled are evaluated as Compliant.
Scenarios
Enable audit logging for ApsaraDB for MongoDB instances to query, analyze, and export logs in real time, helping you monitor instance activity and ensure data security.
Risk level
Default risk level: low.
You can change the risk level based on your business requirements when you apply this rule.
Compliance evaluation logic
- If the audit log feature is enabled for each ApsaraDB for MongoDB instance, the evaluation result is Compliant.
- If the audit log feature is disabled for an ApsaraDB for MongoDB cluster, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
Rule details
| Item | Description |
| Rule name | mongodb-instance-log-audit |
| Rule identifier | mongodb-instance-log-audit |
| Tag | MongoDB and AuditBaseline |
| Automatic remediation | Not supported |
| Trigger type | Configuration change |
| Supported resource type | ApsaraDB for MongoDB instance |
| Input parameter | None. |
Incompliance remediation
Enable the audit log feature for an ApsaraDB for MongoDB instance. For more information, see Enable audit logs.