I just started with PSMDB partly for the audit log capability.
In the audit log currently I am seeing authentication events (example: login) and authentication failures (“find” on a database the user does not have readWrite access to).
But I am not seeing a record of deletes, inserts, etc.
Question: Is that to be expected? Or are there default filters that I would need to override?
Thanks
Hi imbroglioj,
CRUD operations are logged under the “authCheck” audit event which by default doesn’t log successful operations. For that to work you’ll need to set “auditAuthorizationSuccess” parameter to true and then create a filter for the operations you would like to see. Notice that “auditAuthorizationSuccess” can have a performance impact.
Here’s the info from MongoDB docs on enabling logging of CRUD operations:
[url]https://docs.mongodb.com/manual/tutorial/configure-audit-filters/#filter-on-read-and-write-operations-for-a-collection[/url]
Here you can check more info on event actions which are logged:
[url]https://docs.mongodb.com/manual/reference/audit-message/#audit-event-actions-details-and-results[/url]
It works the same in PSMDB and we should get PSMDB docs updated for audit log soon. Also we plan at least one blogpost by the end of the month about using audit log in PSMDB/MongoDB so stay tuned.