Enable the audit log feature - ApsaraDB for MongoDB - Alibaba Cloud Documentation Center

This topic describes how to enable the audit log feature for an ApsaraDB for MongoDB instance. The audit log feature is integrated with Log Service and allows you to query, analyze online, and export the audit logs of the instance. The audit log feature also provides real-time insight into the security and performance of the instance.

Background information

Log Service is an all-in-one service that is developed by Alibaba Cloud based on extensive big data experience. You can use Log Service to collect, consume, deliver, query, and analyze log data without the need to write code. Log Service helps you improve O&M efficiency. Some features of Log Service are integrated with ApsaraDB for MongoDB. This allows ApsaraDB for MongoDB to provide the audit log feature that is stable, flexible, efficient, and easy to use.

Prerequisites

The instance is a general-purpose instance with local disks or a dedicated instance with local disks.
The AliyunLogFullAccess policy is attached to the RAM user that is used to enable the audit log feature. For more information, see Grant permissions to the RAM user.

Limits

In the free trial edition, audit logs can be retained for one day. The maximum amount of storage available for all instances that reside in the same region is 100 GB.
Starting from January 6, 2022, the official edition of the audit log feature has been launched in all regions, and new applications for the free trial edition have ended. For more information, see [Notice] On official launch of the pay-as-you-go audit log feature and no more application for the free trial edition.

Impacts

The free trial edition of the audit log feature slightly lowers the performance of an ApsaraDB for MongoDB instance.
After you enable the free trial edition of the audit log feature, Log Service logs all types of operations that are performed on the instance. The logs can be used to troubleshoot issues in the instance.

Procedure

Log on to the ApsaraDB for MongoDB console.
In the upper-left corner of the page, select the resource group and region to which the instance belongs.
In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances based on the instance type.
Click the ID of an instance, or click in the Actions column corresponding to the instance and select Manage.
In the left-side navigation pane of the instance details page, choose Data Security > Audit Logs.
On the Latest Audit Logs page, click Enable Audit Logs.
In the Enable Audit Logs message, read the prompt and click OK.