setAuditConfig
定义
setAuditConfig
版本 5.0 中的新增功能。
setAuditConfig
is an administrative command that sets new audit configurations formongod
andmongos
server instances at runtime.Use the
db.adminCommand( { command } )
method to runsetAuditConfig
against theadmin
database.
兼容性
此命令可用于以下环境中托管的部署:
MongoDB Enterprise:基于订阅、自我管理的 MongoDB 版本
MongoDB Community:源代码可用、免费使用且可自行管理的 MongoDB 版本
重要
MongoDB Atlas集群不支持此命令。 有关Atlas支持所有命令的信息,请参阅不支持的命令。
语法
该命令具有以下语法:
{ setAuditConfig: 1, filter: <Filter Document>, auditAuthorizationSuccess: <Boolean> }
setAuditConfig
具有以下字段:
字段 | 类型 | 说明 |
---|---|---|
| 整型 | Run |
| 文档 | An audit filter |
| 布尔 | Log all, or only failed access authorizations |
行为
Enable 审核 to use
setAuditConfig
at runtime.
auditAuthorizationSuccess
enables auditing of authorization success for the authCheck action. The parameter value must be
true
to audit read and write operations. However, when
auditAuthorizationSuccess
is false
auditing has less
performance impact because the audit system only
logs authorization failures.
Configuration updates are distributed via the oplog mechanism
which means updates on mongod
nodes are distributed to
secondary nodes very quickly. There is a different distribution
mechanism on mongos
nodes. mongos
nodes
have to poll
the primary
server at regular intervals for configuration updates. You may see
stale data due to polling delay if you run setAuditConfig
on the primary server and getAuditConfig
on a
分片 before the shard has polled the primary server
for updated configuration details.
示例
In these examples the audit messages have been reformatted. They appear on a single line in the log file.
Audit Collection Creation and Deletion
Enable auditing when a collection is created or deleted.
db.admin.runCommand( { setAuditConfig: 1, filter: { atype: { $in: [ "createCollection", "dropCollection" ] } }, auditAuthorizationSuccess: false } )
When the inventory
collection is created in the sales
database,
the audit system will log a message like this:
{ "atype" : "createCollection", "ts" : { "$date" : "2021-08-09T13:45:05.372+00:00" }, "uuid" : { "$binary" : "RKU/YLizS6K9se2GUU7ZVQ==", "$type" : "04" }, "local" : { "ip" : "127.0.0.1", "port" : 27502 }, "remote" : { "ip" : "127.0.0.1", "port" : 51918 }, "users" : [], "roles" : [], "param" : { "ns" : "sales.inventory" }, "result" : 0 }
When the inventory
collection is dropped from the sales
database, the audit system will log a message like this:
{ "atype" : "dropCollection", "ts" : { "$date" : "2021-08-09T13:45:00.661+00:00" }, "uuid" : { "$binary" : "0gle4/pSQli+LUcz43ykag==", "$type" : "04" }, "local" : { "ip" : "127.0.0.1", "port" : 27502 }, "remote" : { "ip" : "127.0.0.1", "port" : 51928 }, "users" : [], "roles" : [], "param" : { "ns" : "sales.inventory" }, "result" : 0 }
Audit Document Interactions
集 auditAuthorizationSuccess
to true
and create a
filter which includes actions of interest to audit read and write
operations.
db.admin.runCommand( { setAuditConfig: 1, filter: { atype: "authCheck", "param.command": { $in: [ "find", "insert", "delete", "update", "findandmodify" ] } }, auditAuthorizationSuccess: true } )
Search the inventory
collection in the sales
database using the
find
command to create an audit log entry like this one:
{ "atype" : "authCheck", "ts" : { "$date" : "2021-08-09T15:28:10.788+00:00" }, "uuid" : { "$binary" : "ngwRt5CRTZqgE4TsfleoqQ==", "$type" : "04" }, "local" : { "ip" : "127.0.0.1", "port" : 27502 }, "remote" : { "ip" : "127.0.0.1", "port" : 51930 }, "users" : [], "roles" : [], "param" : { "command" : "find", "ns" : "sales.inventory", "args" : { "find" : "inventory", "filter" : { "widget" : 1 }, "lsid" : { "id" : { "$binary" : "FNWNxiitQ8GHKrHx8eJSbg==", "$type" : "04" } }, "$clusterTime" : { "clusterTime" : { "$timestamp" : { "t" : 1628521381, "i" : 1 } }, "signature" : { "hash" : { "$binary" : "AAAAAAAAAAAAAAAAAAAAAAAAAAA=", "$type" : "00" }, "keyId" : { "$numberLong" : "0" } } }, "$db" : "sales" } }, "result" : 0 }