Recently we are working on percona community mongodb audit plugins where we encounter with incomplete log output where fulldocument after binary was not populated. For detail I am attaching the snippet.
We are not able to find the exact date change statement in the log output.
{ “atype” : “authCheck”, “ts” : { “$date” : “2024-04-15T14:57:48.642+05:30” }, “local” : { “ip” : “172.10.11.161”, “port” : 27077 }, “remote” : { “ip” : “127.0.0.1”, “port” : 57534 }, “users” : [ { “user” : “superuser”, “db” : “admin” } ], “roles” : [ { “role” : “root”, “db” : “admin” } ], “param” : { “command” : “insert”, “ns” : “dba.mycollection”, “args” : { “insert” : “mycollection”, “ordered” : true, “lsid” : { “id” : { “$binary” : “1DmJ3qt7R1S+FEfKgtZ5aA==”, “$type” : “04” } }, “$db” : “dba” } }, “result” : 0 } —missing data change statement after $binary
{ “atype” : “authCheck”, “ts” : { “$date” : “2024-04-15T15:00:49.748+05:30” }, “local” : { “ip” : “172.10.11.161”, “port” : 27077 }, “remote” : { “ip” : “127.0.0.1”, “port” : 58574 }, “users” : [ { “user” : “superuser”, “db” : “admin” } ], “roles” : [ { “role” : “root”, “db” : “admin” } ], “param” : { “command” : “insert”, “ns” : “dba.mycollection”, “args” : { “insert” : “mycollection”, “ordered” : true, “lsid” : { “id” : { “$binary” : “Lnqx0UA0Q7u4OZ42BXVRNA==”, “$type” : “04” } }, “$db” : “dba” } }, “result” : 0 }
{ “atype” : “authCheck”, “ts” : { “$date” : “2024-04-15T15:16:52.046+05:30” }, “local” : { “ip” : “172.10.11.161”, “port” : 27077 }, “remote” : { “ip” : “127.0.0.1”, “port” : 63732 }, “users” : [ { “user” : “superuser”, “db” : “admin” } ], “roles” : [ { “role” : “root”, “db” : “admin” } ], “param” : { “command” : “find”, “ns” : “dba.mycollection”, “args” : { “find” : “mycollection”, “filter” : {}, “lsid” : { “id” : { “$binary” : “4njOBq+ORm+dX9PLdBpIRg==”, “$type” : “04” } }, “$db” : “dba” } }, “result” : 0 }