recommended strategy to harvest audit logs from percona mongodb docker containers?

Hi,

We are currently using Percona Server for MongoDB in Docker containers using this image percona/percona-server-mongodb

I have auditing enabled per this documentation. I’d like to find a good way to harvest these logs from the various replica set member containers we have running on several hosts to a central storage location. Does anyone have recommendations on a good way to do this? One idea would be to write out to a file that can then be mounted and then picked up from the host filesystem, or perhaps a better idea is to write to syslog and then setup forwarding to a remote syslog server, but in that case the percona-server-mongodb container isn’t equipped out of the box to forward syslog entries?

I’d be interested to hear if anyone in the community is harvesting audit logs and what approaches have/have not worked for you.

Hello @spiffly423 ,

as you mentioned there are few ways to do that.

  1. Mount shared storage (like NFS) to all containers, configure logs to write there.

  2. Write logs to local storage, use host level log streamer (like Filebeat) and send the logs anywhere

  3. Use docker logging drivers. There are multiple options on how to do that. I would recommend this one, as it is simple and docker-native approach.

Just out of curiosity - are you using any orchestration (swarm, mesos, k8s)? Have you looked into Percona k8s operator for Mongo?