Note
Auditing in MongoDB AtlasMongoDB Atlas中的审计
MongoDB Atlas supports auditing for MongoDB Atlas支持M10 and larger clusters. To learn more, see Set Up Database Auditing in the MongoDB Atlas documentation.M10和更大集群的审计。要了解更多信息,请参阅MongoDB Atlas文档中的设置数据库审计。
MongoDB Enterprise includes an auditing capability for MongoDB Enterprise为mongod and mongos instances. mongod和mongos实例提供了审计功能。The auditing facility allows administrators and users to track system activity for deployments with multiple users and applications.审计工具允许管理员和用户跟踪具有多个用户和应用程序的部署的系统活动。
Enable and Configure Audit Output启用和配置审核输出
The auditing facility can write audit events to the console, the syslog, a JSON file, or a BSON file. 审计工具可以将审计事件写入控制台、syslog、JSON文件或BSON文件。To enable auditing in MongoDB Enterprise, set an audit output destination with 要在MongoDB Enterprise中启用审核,请使用--auditDestination. --auditDestination设置审核输出目标。For details, see Configure Auditing.有关详细信息,请参阅配置审核。
For information on the audit log messages, see System Event Audit Messages.有关审核日志消息的信息,请参阅系统事件审核消息。
Audit Events and Filter审核事件和筛选器
Once enabled, the auditing system can record the following operations启用后,审核系统可以记录以下操作 [1]:
- schema (DDL),
replica set and sharded cluster,复制集和分片集群,authentication and authorization, and身份验证和授权,以及CRUD operations (requiresCRUD操作(要求auditAuthorizationSuccessset totrue).auditAuthorizationSuccess设置为true)。
Note
Starting in MongoDB 5.0, secondaries do not log DDL audit events for replicated changes. DDL audit events are still logged for DDL operations that modify the local database and the 从MongoDB 5.0开始,secondary不会记录复制更改的DDL审核事件。对于修改本地数据库和系统配置文件集合的DDL操作,仍会记录DDL审核事件。system.profile collection.
For details on audited actions, see System Event Audit Messages.有关已审核操作的详细信息,请参阅系统事件审核消息。
With the auditing system, you can set up filters to restrict the events captured. To set up filters, see Configure Audit Filters.使用审计系统,您可以设置筛选器来限制捕获的事件。要设置筛选器,请参阅配置审核筛选器。
| [1] | |
Audit Guarantee审计保证
The auditing system writes every audit event [2] to an in-memory buffer of audit events. MongoDB writes this buffer to disk periodically. For events collected from any single connection, the events have a total order: if MongoDB writes one event to disk, the system guarantees that it has written all prior events for that connection to disk.审计系统将每个审计事件[2]写入审计事件的内存缓冲区。MongoDB会定期将此缓冲区写入磁盘。对于从任何单个连接集合的事件,事件有一个总顺序:如果MongoDB将一个事件写入磁盘,系统保证它已将该连接的所有先前事件写入磁盘。
If an audit event entry corresponds to an operation that affects the durable state of the database, such as a modification to data, MongoDB will always write the audit event to disk before writing to the journal for that entry.如果审计事件条目对应于影响数据库持久状态的操作,例如对数据的修改,MongoDB将始终在写入该条目的日志之前将审计事件写入磁盘。
That is, before adding an operation to the journal, MongoDB writes all audit events on the connection that triggered the operation, up to and including the entry for the operation.也就是说,在将操作添加到日志之前,MongoDB会在触发该操作的连接上写入所有审计事件,包括该操作的条目。
Warning
MongoDB may lose events if the server terminates before it commits the events to the audit log. The client may receive confirmation of the event before MongoDB commits to the audit log. For example, while auditing an aggregation operation, the server might terminate after returning the result but before the audit log flushes.如果服务器在将事件提交到审计日志之前终止,MongoDB可能会丢失事件。客户端可能会在MongoDB提交到审计日志之前收到事件的确认。例如,在审核聚合操作时,服务器可能会在返回结果后但在审核日志刷新之前终止。
In addition, if the server cannot write to the audit log at the 此外,如果服务器无法在audit destination, the server will terminate.audit destination处写入审计日志,则服务器将终止。
| [2] | |