ApsaraDB for MongoDB lets you choose which operation types to include in audit logs. Logs for excluded types are not uploaded, which reduces audit storage costs.
Prerequisites
Before you begin, ensure that you have:
Enabled the audit log feature. For more information, see Enable the audit log feature.
Impacts
If you disable the audit log feature for specific operation types, ApsaraDB for MongoDB ignores the operations of these types during auditing. However, the audit logs that are generated for the operation types before the feature is disabled are retained. You can still query the logs to backtrack issues related to the corresponding feature. For more information, see View audit logs.
Supported operation types
The available operation types vary by instance type and node.
Sharded cluster instances
Sharded cluster instances support filtering by node type.
db node — Records requests routed to the current node. Use this to analyze slow queries and view business loads.
| Operation type | Description |
|---|---|
admin | O&M operations |
slow | Slow query operations |
query | Query operations |
insert | Insert operations |
update | Update operations |
delete | Delete operations |
command | Protocol commands, such as the aggregation method |
mongos node — Records requests sent to mongos nodes, which may be executed on any database. Use this for traffic statistics and audit operations.
| Operation type | Description |
|---|---|
admin | O&M operations |
slow | Slow query operations |
insert | Insert operations |
update | Update operations |
delete | Delete operations |
Replica set instances
| Operation type | Description |
|---|---|
admin | Operations & maintenance (O&M) operations |
slow | Slow query operations |
query | Query operations |
insert | Insert operations |
update | Update operations |
delete | Delete operations |
command | Protocol commands, such as the aggregation method |
Update audit log filters
Log on to the ApsaraDB for MongoDB console.
In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances.
In the upper-left corner, select the resource group and region of the instance.
Click the instance ID, or click Manage in the Actions column.
In the left-side navigation pane of the instance details page, choose Data Security > Audit Logs.
In the upper-right corner, click Audit Log Filter Setting.
In the Audit Log Filter Setting panel, select the operation types to audit.
Click Submit.
API reference
| Operation | Description |
|---|---|
| ModifyAuditLogFilter | Modifies the operation types for which audit logging is enabled on an ApsaraDB for MongoDB instance |
| DescribeAuditLogFilter | Queries the operation types for which audit logging is enabled on an ApsaraDB for MongoDB instance |