On this page本页内容
MongoDB Enterprise includes an auditing capability for mongod and mongos instances. The auditing facility allows administrators and users to track system activity for deployments with multiple users and applications.
The auditing facility can write audit events to the console, the syslog, a JSON file, or a BSON file. To enable auditing for MongoDB Enterprise, see Configure Auditing.
For information on the audit log messages, see System Event Audit Messages.有关审核日志消息的信息,请参阅系统事件审核消息。
Once enabled, the auditing system can record the following operations [1]:一旦启用,审核系统可以记录以下操作[1]:
auditAuthorizationSuccess set to true).auditAuthorizationSuccess设置为true)。For details on audited actions, see Audit Event Actions, Details, and Results.
With the auditing system, you can set up filters to restrict the events captured. 使用审计系统,您可以设置筛选器来限制捕获的事件。To set up filters, see Configure Audit Filters.要设置筛选器,请参阅配置审核筛选器。
| [1] | Operations in an aborted transaction still generate audit events. However, there is no audit event that indicates that the transaction aborted. |
The auditing system writes every audit event [2] to an in-memory buffer of audit events. MongoDB writes this buffer to disk periodically. For events collected from any single connection, the events have a total order: if MongoDB writes one event to disk, the system guarantees that it has written all prior events for that connection to disk.
If an audit event entry corresponds to an operation that affects the durable state of the database, such as a modification to data, MongoDB will always write the audit event to disk before writing to the journal for that entry.
That is, before adding an operation to the journal, MongoDB writes all audit events on the connection that triggered the operation, up to and including the entry for the operation.也就是说,在向日志中添加操作之前,MongoDB会写入触发该操作的连接上的所有审核事件,包括该操作的条目。
These auditing guarantees require that MongoDB run with 这些审计保证要求MongoDB在启用journaling enabled.journaling(日志记录)的情况下运行。
Warning
MongoDB may lose events if the server terminates before it commits the events to the audit log. 如果服务器在将事件提交到审核日志之前终止,MongoDB可能会丢失事件。The client may receive confirmation of the event before MongoDB commits to the audit log. 在MongoDB提交到审核日志之前,客户端可能会收到事件的确认。For example, while auditing an aggregation operation, the server might crash after returning the result but before the audit log flushes.例如,在审核聚合操作时,服务器可能会在返回结果后、审核日志刷新之前崩溃。
| [2] |