Comments on: MongoDB Audit Log: Why and How https://www.percona.com/blog/mongodb-audit-log-why-and-how/ Mon, 04 May 2020 11:03:01 +0000 hourly 1 https://wordpress.org/?v=6.5.2 By: kailash Kanojia https://www.percona.com/blog/mongodb-audit-log-why-and-how/#comment-10972186 Mon, 04 May 2020 11:03:01 +0000 https://www.percona.com/blog/?p=41035#comment-10972186 Hi Hasan, do we have any mechanism to include the client hostname in auditing log file, at present we only get remote IP which if dynamic may change and its difficult to trace from which machine an event triggered.

]]> By: Oded https://www.percona.com/blog/mongodb-audit-log-why-and-how/#comment-10971951 Wed, 18 Mar 2020 15:25:51 +0000 https://www.percona.com/blog/?p=41035#comment-10971951 do you need to restart Mongo to change the Auditing configuration?

]]> By: orefad https://www.percona.com/blog/mongodb-audit-log-why-and-how/#comment-10969535 Sun, 05 Aug 2018 23:32:11 +0000 https://www.percona.com/blog/?p=41035#comment-10969535 Thanks Hasan. I’ve implemented as above. Looking forward to when Mongo grows to the point where it’s an added line in the config file :).

]]> By: hasan https://www.percona.com/blog/mongodb-audit-log-why-and-how/#comment-10969457 Mon, 23 Jul 2018 10:50:39 +0000 https://www.percona.com/blog/?p=41035#comment-10969457 logrotate can be used to rotate logs

/var/log/mongodb/auditLog.bson
{
rotate 7
daily
missingok
notifempty
delaycompress
compress
dateext
sharedscripts
postrotate
/bin/kill -SIGUSR1 cat /var/lib/mongodb/mongod.lock 2> /dev/null 2> /dev/null || true
endscript
}

]]> By: orefad https://www.percona.com/blog/mongodb-audit-log-why-and-how/#comment-10969426 Mon, 16 Jul 2018 10:41:21 +0000 https://www.percona.com/blog/?p=41035#comment-10969426 Is there a plan/way of rotating+compressing the log as they are written to one file and this can grow out of hand?

]]> By: hasan https://www.percona.com/blog/mongodb-audit-log-why-and-how/#comment-10969419 Sat, 14 Jul 2018 12:27:47 +0000 https://www.percona.com/blog/?p=41035#comment-10969419 I have tried and found that it can be achieved in following way

auditLog:
destination: file
format: BSON
path: /var/log/mongodb/audit.bson
filter: ‘{ “users.user”: { $in: [ “alice”, “bob”, “john” ]} }’

]]> By: hasan https://www.percona.com/blog/mongodb-audit-log-why-and-how/#comment-10969388 Fri, 13 Jul 2018 18:48:11 +0000 https://www.percona.com/blog/?p=41035#comment-10969388 can you please give an example in which i can apply filter for more than one user for audit logs. I want to give exact names of two different users in filter.
Thanks

]]> By: Gauravkumar Mishra https://www.percona.com/blog/mongodb-audit-log-why-and-how/#comment-10969100 Tue, 17 Apr 2018 11:41:29 +0000 https://www.percona.com/blog/?p=41035#comment-10969100 how would one filter the drop collection and create collections, as well as include auditing for insert, delete on collections. its like a combination of audit.

]]> By: Tomislav https://www.percona.com/blog/mongodb-audit-log-why-and-how/#comment-10968128 Wed, 31 May 2017 12:40:01 +0000 https://www.percona.com/blog/?p=41035#comment-10968128 Hi Nils,
you can specify “auditLog.destination” option to “syslog” and then “systemLog.syslogFacility” to the facility you wish to use for these messages.

]]> By: Nils https://www.percona.com/blog/mongodb-audit-log-why-and-how/#comment-10967939 Wed, 29 Mar 2017 15:38:03 +0000 https://www.percona.com/blog/?p=41035#comment-10967939 How would one specify the syslog server, facility etc.?

]]>