setAuditConfig

~~On this page~~本页内容

~~Definition~~定义
~~Behavior~~行为
~~Examples~~示例

Definition定义

setAuditConfig

New in version 5.0.在版本5.0中新增。

setAuditConfig ~~is an administrative command that sets new audit configurations for mongod and mongos server instances at runtime.~~是一个管理命令，用于在运行时为mongod和mongos服务器实例设置新的审计配置。

~~The command syntax is:~~命令语法为：

{ setAuditConfig: 1, filter: <Filter Document>, auditAuthorizationSuccess: <Boolean> }

setAuditConfig ~~has the following fields:~~具有以下字段：

~~Field~~字段	~~Type~~类型	~~Description~~描述
`setAuditConfig`	integer	~~Run~~ 运行`setAuditConfig`
`filter`	document	~~An audit filter~~审核筛选器
`auditAuthorizationSuccess`	boolean	~~Log all, or only failed access authorizations~~记录所有或仅失败的访问授权

~~Use the db.adminCommand( { command } ) method to run setAuditConfig against the admin database.~~使用db.adminCommand( { command } )方法对管理数据库运行setAuditConfig。

Behavior行为

~~Enable Auditing to use setAuditConfig at runtime.~~启用审核以在运行时使用setAuditConfig。

~~auditAuthorizationSuccess enables auditing of authorization success for the authCheck action.~~ auditAuthorizationSuccess启用authCheck操作的授权成功审核。~~The parameter value must be true to audit read and write operations.~~ 参数值必须为true才能审核读写操作。~~However, when auditAuthorizationSuccess is false auditing has less performance impact because the audit system only logs authorization failures.~~然而，当auditAuthorizationSuccess为false时，审计对性能的影响较小，因为审计系统只记录授权失败。

~~Configuration updates are distributed via the oplog mechanism which means updates on mongod nodes are distributed to secondary nodes very quickly.~~ 配置更新是通过oplog机制分发的，这意味着mongod节点上的更新会很快分发到次要节点。~~There is a different distribution mechanism on mongos nodes.~~ mongos节点上有不同的分发机制。~~mongos nodes have to poll the primary server at regular intervals for configuration updates.~~ mongos节点必须定期poll 主服务器以获取配置更新。You may see stale data due to polling delay if you run setAuditConfig on the primary server and getAuditConfig on a shard before the shard has polled the primary server for updated configuration details.如果在主服务器上运行setAuditConfig并在分片轮询主服务器以获取更新的配置详细信息之前在分片上运行getAuditConfig，则可能会由于轮询延迟而看到过时的数据。

Examples示例

~~In these examples the audit messages have been reformatted. They appear on a single line in the log file.~~在这些示例中，审核消息已重新格式化。它们出现在日志文件的一行中。

Audit Collection Creation and Deletion审核集合创建和删除

~~Enable auditing when a collection is created or deleted.~~在创建或删除集合时启用审核。

db.admin.runCommand(
   {
      setAuditConfig: 1,
      filter:
         {
            atype:
               {
                  $in: [ "createCollection", "dropCollection" ]
               }
         },
      auditAuthorizationSuccess: false
   }
)

~~When the inventory collection is created in the sales database, the audit system will log a message like this:~~当在sales数据库中创建inventory集合时，审计系统将记录如下消息：

{
   "atype" : "createCollection",
   "ts" : { "$date" : "2021-08-09T13:45:05.372+00:00" },
   "uuid" : { "$binary" : "RKU/YLizS6K9se2GUU7ZVQ==", "$type" : "04" },
   "local" : { "ip" : "127.0.0.1", "port" : 27502 },
   "remote" : { "ip" : "127.0.0.1", "port" : 51918 },
   "users" : [],
   "roles" : [],
   "param" : { "ns" : "sales.inventory" },
   "result" : 0
}

~~When the inventory collection is dropped from the sales database, the audit system will log a message like this:~~当inventory集合从sales数据库中删除时，审计系统将记录如下消息：

{
   "atype" : "dropCollection",
   "ts" : { "$date" : "2021-08-09T13:45:00.661+00:00" },
   "uuid" : { "$binary" : "0gle4/pSQli+LUcz43ykag==", "$type" : "04" },
   "local" : { "ip" : "127.0.0.1", "port" : 27502 },
   "remote" : { "ip" : "127.0.0.1", "port" : 51928 },
   "users" : [],
   "roles" : [],
   "param" : { "ns" : "sales.inventory" },
   "result" : 0
}

Audit Document Interactions审计文件交互

~~Set auditAuthorizationSuccess to true and create a filter which includes actions of interest to audit read and write operations.~~将auditAuthorizationSuccess设置为true，并创建一个筛选器，其中包含审核读写操作所需的操作。

db.admin.runCommand(
   {
      setAuditConfig: 1,
      filter:
         {
            atype: "authCheck",
            "param.command":
               {
                  $in: [ "find", "insert", "delete", "update", "findandmodify" ]
               }
         },
      auditAuthorizationSuccess: true
   }
)

~~Search the inventory collection in the sales database using the find command to create an audit log entry like this one:~~使用find命令搜索sales数据库中的inventory集合，以创建如下审核日志条目：

{
   "atype" : "authCheck",
   "ts" : { "$date" : "2021-08-09T15:28:10.788+00:00" },
   "uuid" : { "$binary" : "ngwRt5CRTZqgE4TsfleoqQ==", "$type" : "04" },
   "local" : { "ip" : "127.0.0.1", "port" : 27502 },
   "remote" : { "ip" : "127.0.0.1", "port" : 51930 },
   "users" : [],
   "roles" : [],
   "param" : {
      "command" : "find",
      "ns" : "sales.inventory",
      "args" : {
         "find" : "inventory",
         "filter" : { "widget" : 1 },
         "lsid" : { "id" : { "$binary" : "FNWNxiitQ8GHKrHx8eJSbg==", "$type" : "04" } },
         "$clusterTime" : { "clusterTime" : { "$timestamp" : { "t" : 1628521381, "i" : 1 } },
         "signature" : { "hash" : { "$binary" : "AAAAAAAAAAAAAAAAAAAAAAAAAAA=", "$type" : "00" },
         "keyId" : { "$numberLong" : "0" } } },
         "$db" : "sales"
      }
   },
   "result" : 0
}

~~Tip~~提示

~~See also:~~ 参阅：

db.adminCommand(), getAuditConfig, ~~configure audit filters~~配置审核筛选器

← rotateCertificates setFeatureCompatibilityVersion →