This topic describes how to enable the log audit feature in the ApsaraDB for MongoDB console and send audit logs to Log Service.
- Log on to the ApsaraDB for MongoDB console.
- In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances based on the instance type.
- In the top navigation bar, select the resource group and region of your instance.
- In the instance list, click the instance.
- In the left-side navigation pane, choose .
- If this is your first time to use the log audit feature, follow the on-screen instructions
to complete authorization.
After the authorization is complete, the system generates the AliyunServiceRoleForMongoDB RAM role. Your instance can assume the AliyunServiceRoleForMongoDB RAM role to access Log Service resources within your Alibaba Cloud account. For more information, see ApsaraDB for MongoDB service-linked roles.Notice Do not revoke the permissions from the RAM role or delete the RAM role. If you revoke the permissions from the RAM role or delete the RAM role, the audit logs of the ApsaraDB for MongoDB instance cannot be sent to Log Service.
- On the Latest Audit Logs page, specify the log retention period and click Enable Audit Logs.
- In the Enable Audit Logs message, click OK.