Set up Database Auditing¶
This feature is not available for M0 free clusters, M2, and
M5 clusters. To learn more about which features are unavailable,
see Atlas M0 (Free Cluster), M2, and M5 Limitations.
Serverless instances are in preview and do not support this feature at this time. To learn more, see Serverless Instance Limitations.
Overview¶
To enable or disable database auditing, you must have the
Organization Owner role or the Project Owner
role for the project that you want to update.
Auditing allows administrators to track system activity for deployments with multiple users. Atlas administrators can select the actions that they want to audit, as well as the database users, Atlas roles, and LDAP groups whose actions they want audited. Atlas supports auditing all system event actions documented at Audit Event Actions, Details, and Results.
The authCheck event action logs authorization attempts by users
trying to read from and write to databases in the clusters in your
project. The following specific commands are audited:
| [1] | (1, 2, 3) MongoDB versions 4.2 and later do not support these commands. |
Atlas implements the authCheck event action as the following
four separate actions:
Event Action | Description |
|---|---|
authChecksReadFailures | The authCheck event action for all failed reads with the auditAuthorizationSuccess
parameter set to false. This is the default for read-related event actions. |
authChecksReadAll | The Warning Enabling Audit authorization successes can severely impact cluster performance. Enable this option with caution. |
authChecksWriteFailures | The authCheck event action for all failed writes with the auditAuthorizationSuccess
parameter set to false. This is the default for write-related event actions. |
authChecksWriteAll | The Warning Enabling Audit authorization successes can severely impact cluster performance. Enable this option with caution. |
See Audit Guarantee for information about how MongoDB writes audit events to disk.
Procedure¶
To learn about best practices for auditing the actions of temporary database users, see Auditing Temporary Database Users.
Use the following procedure to set up database auditing:
Log in to your Atlas project.¶
In the Security section of the left navigation, click Advanced.¶
Toggle the button next to Database Auditing to On.¶
Select the database users, Atlas roles, and LDAP groups whose actions you want to audit in Select users and roles.¶
Alternatively, click Use Custom JSON Filter to manually enter an audit filter as a JSON string. For more information on configuring custom audit filters in Atlas, see Configure a Custom Auditing Filter.
Select the event actions that you want to audit in Select actions to audit.¶
Deselecting the authenticate action prevents Atlas from
auditing authentication failures.
When selecting the authorization success granularity
of auditing for the authCheck event action, Atlas does
not support different selections for reads and writes. For example,
you may not select Successes and Failures for authCheck Reads
and Failures for authCheck Writes. If you
select both authCheck Reads and authCheck Writes,
Atlas automatically applies your selected granularity to both.
Click Save.¶
To retrieve the audit logs in Atlas, see MongoDB Logs. To retrieve the audit logs using the API, see Logs.