Re: mongodb user activity log

[Aly Cabral]

Hi Kreso,

MongoDB does system activity logging through an auditing facility. Auditing is available with MongoDB Enterprise server, which is free to use in development and evaluation and can be downloaded here.

First we need to make sure that our mongod server is configured for auditing. There are many file types to chose from, but for easy human readability you can use JSON. Using this configuration:

mongod --auditFormat JSON --auditPath data/enterprise/auditLog.json

Then you should follow these instructions to create users with whatever permissions you require. Then authenticate the user you created with:

db.Auth("username","password")

The auditing facility by default allows for the tracking of system activity. This includes Authentication, User Creation, Database Creation, and Collection Creation (full list here). The authCheck action records every action that requires authorization: inserts, queries, deletion, and actions that go deeper than just system level actions. By default, authCheck only logs an event in the audit if the event was unsuccessful. To log all events, simply use this command:

db.adminCommand( { setParameter: 1, auditAuthorizationSuccess: true } )

When the auditAuthorizationSuccess is set to true, there could be performance impacts as each event will have to be logged in the audit before the oplog. Here is an example of what an authCheck event looks like in the audit log:

{
"atype": "authCheck",
"ts":
{ "$date": "2016-11-14T18:36:57.806+0000" }
,
"local":
{ "ip": "127.0.0.1", "port": 27017 }
,
"remote":
{ "ip": "127.0.0.1", "port": 48472 }
,
"users": [
{ "user": "accountUser", "db": "books" }
],
"roles": [
{ "role": "dbAdmin", "db": "books" }
,
{ "role": "readWrite", "db": "books" }
],
"param": {
"command": "find",
"ns": "books.books",
"args": {
"find": "books",
"filter": {
"year":
{ "$gt": 1800 }
}
}
},
"result": 0
}

To only log a subset of events (for example events by specific users or only certain event types) you can apply audit filters. See Tutorial: configure audit filters for more information.

Please let me know if that covers everything or if I can help with anything else!

Aly

On Tuesday, November 1, 2016 at 3:15:59 PM UTC-4, Kreso wrote:

can anybody explain to me where MongoDB stores information of user activity and how it actually works. I'm mean on user activity log within MongoDB in terms of monitoring the activities of users or transactions made by users. Can I view user activity for a specific user and where is it stored. With the user activity I mean on the users connections, queries, operations with database etc. I don't know can MongoDB do that?Excuse me if the question is stupid, but I'm newly in this and really can not understand how it works in MongoDB. I write a seminar for a college and I would be very grateful if anybody answer to me. Thanks!

​