• Security >
• Auditing >
• Configure Auditing

Configure Auditing

Auditing in MongoDB Atlas

MongoDB Atlas supports auditing for all M10 and larger clusters. Atlas supports specifying a JSON-formatted audit filter as documented in Configure Audit Filters and using the Atlas audit filter builder for simplified auditing configuration. To learn more, see the Atlas documentation for Set Up Database Auditing and Configure a Custom Auditing Filter.

MongoDB Enterprise supports auditing of various operations. A complete auditing solution must involve all mongod server and mongos router processes.

The audit facility can write audit events to the console, the syslog (option is unavailable on Windows), a JSON file, or a BSON file. For details on the audited operations and the audit log messages, see System Event Audit Messages.

Enable and Configure Audit Output

Use the --auditDestination option to enable auditing and specify where to output the audit events.

Warning

For sharded clusters, if you enable auditing on mongos instances, you must enable auditing on all mongod instances in the cluster, i.e. shards and config servers.

Output to Syslog

To enable auditing and print audit events to the syslog (option is unavailable on Windows) in JSON format, specify syslog for the --auditDestination setting. For example:

copy

mongod --dbpath data/db --auditDestination syslog

Include additional options as required for your configuration. For instance, if you wish remote clients to connect to your deployment or your deployment members are run on different hosts, specify the --bind_ip. For more information, see Localhost Binding Compatibility Changes.

Important

Before you bind to other ip addresses, consider enabling access control and other security measures listed in Security Checklist to prevent unauthorized access.

Warning

The syslog message limit can result in the truncation of the audit messages. The auditing system will neither detect the truncation nor error upon its occurrence.

You may also specify these options in the configuration file:

copy

storage:
   dbPath: data/db
auditLog:
   destination: syslog

Output to Console

To enable auditing and print the audit events to standard output (i.e. stdout), specify console for the --auditDestination setting. For example:

copy

mongod --dbpath data/db --auditDestination console

Include additional options as required for your configuration. For instance, if you wish remote clients to connect to your deployment or your deployment members are run on different hosts, specify the --bind_ip. For more information, see Localhost Binding Compatibility Changes.

Important

Before you bind to other ip addresses, consider enabling access control and other security measures listed in Security Checklist to prevent unauthorized access.

You may also specify these options in the configuration file:

copy

storage:
   dbPath: data/db
auditLog:
   destination: console

Output to JSON File

To enable auditing and print audit events to a file in JSON format, specify the following options:

Option	Value
--auditDestination	file
--auditFormat	JSON
--auditPath	The output filename. Accepts either the full path name or relative path name.

For example, the following enables auditing and records audit events to a file with the relative path name of data/db/auditLog.json:

copy

mongod --dbpath data/db --auditDestination file --auditFormat JSON --auditPath data/db/auditLog.json

Include additional options as required for your configuration. For instance, if you wish remote clients to connect to your deployment or your deployment members are run on different hosts, specify the --bind_ip. For more information, see Localhost Binding Compatibility Changes.

Important

Before you bind to other ip addresses, consider enabling access control and other security measures listed in Security Checklist to prevent unauthorized access.

The audit file rotates at the same time as the server log file.

You may also specify these options in the configuration file:

copy

storage:
   dbPath: data/db
auditLog:
   destination: file
   format: JSON
   path: data/db/auditLog.json

Note

Printing audit events to a file in JSON format degrades server performance more than printing to a file in BSON format.

Output to BSON File

To enable auditing and print audit events to a file in BSON binary format, specify the following options:

Option	Value
--auditDestination	file
--auditFormat	BSON
--auditPath	The output filename. Accepts either the full path name or relative path name.

For example, the following enables auditing and records audit events to a BSON file with the relative path name of data/db/auditLog.bson:

copy

mongod --dbpath data/db --auditDestination file --auditFormat BSON --auditPath data/db/auditLog.bson

Include additional options as required for your configuration. For instance, if you wish remote clients to connect to your deployment or your deployment members are run on different hosts, specify the --bind_ip. For more information, see Localhost Binding Compatibility Changes.

Important

Before you bind to other ip addresses, consider enabling access control and other security measures listed in Security Checklist to prevent unauthorized access.

The audit file rotates at the same time as the server log file.

You may also specify these options in the configuration file:

copy

storage:
   dbPath: data/db
auditLog:
   destination: file
   format: BSON
   path: data/db/auditLog.bson

To view the contents of the file, pass the file to the MongoDB utility bsondump. For example, the following converts the audit log into a human-readable form and output to the terminal:

copy

bsondump data/db/auditLog.bson

See also

Configure Audit Filters, Auditing, System Event Audit Messages

←   Auditing Configure Audit Filters  →

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.