Configure and Deploy Auditing

On this page

Prerequisites

Procedure

Cloud Manager will no longer support Automation, Backup, and Monitoring for MongoDB 3.6 and 4.0 after August 30th, 2024. Please upgrade your MongoDB deployment or migrate to Atlas.

OAuth 2.0 authentication for programmatic access to Cloud Manager is available as a Preview feature.: The feature and the corresponding documentation might change at any time during the Preview period. To use OAuth 2.0 authentication, create a service account to use in your requests to the Cloud Manager Public API.

MongoDB Enterprise provides the capability to audit mongod and mongos instances. The auditing facility allows administrators and users to track system activity for deployments with multiple users and applications. Administrators can configure auditing to write to the console, syslog, a JSON file or a BSON file. You can also use filters to restrict which events are logged.

Important

If you're running MongoDB Enterprise version 5.0 or later and MongoDB Agent 11.11.0.7355 or later, you can:

Set separate rules for rotating server logs and audit logs.
Compress and delete audit logs using Cloud Manager. For security reasons, we recommend managing your audit log compression and deletion outside of Cloud Manager.

If you're running earlier versions of MongoDB Enterprise or the MongoDB Agent, Cloud Manager:

Uses your System Log Rotation settings to rotate both the server logs and the audit logs.
Doesn't compress or delete audit logs. If you configure compression and deletion, Cloud Manager applies these settings to the server logs only.

MongoDB Community users can rotate, compress, and delete the server logs only.

Note

For more general information about auditing, including the audit guarantee, see Auditing. For details about audited events, see Audit Event Actions, Details, and Results. For information about setting up filters, see Configure Audit Filters.

Prerequisites

Your Cloud Manager cluster must run MongoDB Enterprise, version 2.6 or later, to configure and deploy auditing.

Procedure

In MongoDB Cloud Manager, go to the Deployment page for your project.

If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.
If it's not already displayed, select your desired project from the Projects menu in the navigation bar.
If the Deployment page is not already displayed, click Deployment in the sidebar.
The Deployment page displays.

Go to the Processes page.

Click the Processes tab for your deployment.

The Processes page displays.

Click Modify next to the MongoDB process for which you want to configure auditing.

Click Advanced Configuration Options.

Click + Add Option.

Select auditLogDestination from the Startup Option menu.

Select the desired destination for audit events from the Value menu.

(Optional) If you selected `file` as the audit log destination, repeat step 4 and specify the following additional properties:

auditLogFormat: JSON or BSON
auditLogPath: the desired location of the audit log file

(Optional) To filter which events are audited, repeat steps 1-4 and add the `auditLogFilter` property.

For information about how to create filters, see Configure Audit Filters.

Click Apply to deploy your auditing configuration.

Back

Rotate Master KMIP Keys

MongoDB Agent