Database Manual / Reference / Database Commands / Auditing

setAuditConfig (database command数据库命令)

Important

Deprecated in version 7.1: Use the auditConfig cluster parameter instead.7.1版本中已弃用:请改用auditConfig集群参数。

Definition定义

setAuditConfig

New in version 5.0.在版本5.0中新增。

setAuditConfig is an administrative command that sets new audit configurations for mongod and mongos server instances at runtime.setAuditConfig是一个管理命令,用于在运行时为mongodmongos服务器实例设置新的审计配置。

Use the db.adminCommand( { command } ) method to run setAuditConfig against the admin database.使用db.adminCommand( { command } )方法对admin数据库运行setAuditConfig

Compatibility兼容性

This command is available in deployments hosted in the following environments:此命令在以下环境中托管的部署中可用:

  • MongoDB Enterprise: The subscription-based, self-managed version of MongoDB:MongoDB的基于订阅的自我管理版本
  • MongoDB Community: The source-available, free-to-use, and self-managed version of MongoDB:MongoDB的源代码可用、免费使用和自我管理版本

Important

This command is not supported in MongoDB Atlas clusters. MongoDB Atlas集群不支持此命令。For information on Atlas support for all commands, see Unsupported Commands.有关Atlas支持所有命令的信息,请参阅不支持的命令

Syntax语法

The command has the following syntax:该命令具有以下语法:

db.adminCommand(
   {
     setAuditConfig: 1,
     filter: <Filter Document>,
     auditAuthorizationSuccess: <Boolean>
   }
)

Command Fields命令字段

The command has the following fields:该命令包含以下字段:

Field字段Type类型Description描述
setAuditConfiginteger整数Run 运行setAuditConfig
filterdocument文档An audit filter审计筛选器
auditAuthorizationSuccessboolean布尔值Log all, or only failed access authorizations记录所有或仅记录失败的访问授权

Behavior行为

Enable auditing to use setAuditConfig at runtime.启用审核以在运行时使用setAuditConfig

auditAuthorizationSuccess enables auditing of authorization success for the authCheck action. 启用authCheck操作的授权成功审核。The parameter value must be true to audit read and write operations. However, when auditAuthorizationSuccess is false auditing has less performance impact because the audit system only logs authorization failures.参数值必须为true才能审核读写操作。然而,当auditAuthorizationSuccessfalse时,审计对性能的影响较小,因为审计系统只记录授权失败。

Configuration updates are distributed via the oplog mechanism which means updates on mongod nodes are distributed to secondary nodes very quickly. 配置更新是通过oplog机制分发的,这意味着mongod节点上的更新会很快分发到辅助节点。There is a different distribution mechanism on mongos nodes. mongos nodes have to poll the primary server at regular intervals for configuration updates. mongos节点上有不同的分布机制。mongos节点必须定期poll(轮询)主服务器以获取配置更新。You may see stale data due to polling delay if you run setAuditConfig on the primary server and getAuditConfig on a shard before the shard has polled the primary server for updated configuration details.如果在分片轮询主服务器以获取更新的配置详细信息之前,在主服务器上运行setAuditConfig并在分片上运行getAuditConfig,则可能会由于轮询延迟而看到过时的数据。

Examples示例

In these examples the audit messages have been reformatted. They appear on a single line in the log file.在这些示例中,审计消息已被重新格式化。它们出现在日志文件的一行中。

Audit Collection Creation and Deletion审计集合的创建和删除

Enable auditing when a collection is created or deleted.在创建或删除集合时启用审核。

db.admin.runCommand(
   {
      setAuditConfig: 1,
      filter:
         {
            atype:
               {
                  $in: [ "createCollection", "dropCollection" ]
               }
         },
      auditAuthorizationSuccess: false
   }
)

When the inventory collection is created in the sales database, the audit system will log a message like this:当在sales数据库中创建inventory集合时,审计系统将记录如下消息:

{
   "atype" : "createCollection",
   "ts" : { "$date" : "2021-08-09T13:45:05.372+00:00" },
   "uuid" : { "$binary" : "RKU/YLizS6K9se2GUU7ZVQ==", "$type" : "04" },
   "local" : { "ip" : "127.0.0.1", "port" : 27502 },
   "remote" : { "ip" : "127.0.0.1", "port" : 51918 },
   "users" : [],
   "roles" : [],
   "param" : { "ns" : "sales.inventory" },
   "result" : 0
}

When the inventory collection is dropped from the sales database, the audit system will log a message like this:inventory集合从sales数据库中删除时,审计系统将记录一条如下消息:

{
   "atype" : "dropCollection",
   "ts" : { "$date" : "2021-08-09T13:45:00.661+00:00" },
   "uuid" : { "$binary" : "0gle4/pSQli+LUcz43ykag==", "$type" : "04" },
   "local" : { "ip" : "127.0.0.1", "port" : 27502 },
   "remote" : { "ip" : "127.0.0.1", "port" : 51928 },
   "users" : [],
   "roles" : [],
   "param" : { "ns" : "sales.inventory" },
   "result" : 0
}

Audit Document Interactions审计文件交互

Set auditAuthorizationSuccess to true and create a filter which includes actions of interest to audit read and write operations.auditAuthorizationSuccess设置为true,并创建一个包含审核读写操作所需操作的筛选器。

db.admin.runCommand(
   {
      setAuditConfig: 1,
      filter:
         {
            atype: "authCheck",
            "param.command":
               {
                  $in: [ "find", "insert", "delete", "update", "findandmodify" ]
               }
         },
      auditAuthorizationSuccess: true
   }
)

Search the inventory collection in the sales database using the find command to create an audit log entry like this one:使用find命令在sales数据库中搜索inventory集合,以创建如下审计日志条目:

{
   "atype" : "authCheck",
   "ts" : { "$date" : "2021-08-09T15:28:10.788+00:00" },
   "uuid" : { "$binary" : "ngwRt5CRTZqgE4TsfleoqQ==", "$type" : "04" },
   "local" : { "ip" : "127.0.0.1", "port" : 27502 },
   "remote" : { "ip" : "127.0.0.1", "port" : 51930 },
   "users" : [],
   "roles" : [],
   "param" : {
      "command" : "find",
      "ns" : "sales.inventory",
      "args" : {
         "find" : "inventory",
         "filter" : { "widget" : 1 },
         "lsid" : { "id" : { "$binary" : "FNWNxiitQ8GHKrHx8eJSbg==", "$type" : "04" } },
         "$clusterTime" : { "clusterTime" : { "$timestamp" : { "t" : 1628521381, "i" : 1 } },
         "signature" : { "hash" : { "$binary" : "AAAAAAAAAAAAAAAAAAAAAAAAAAA=", "$type" : "00" },
         "keyId" : { "$numberLong" : "0" } } },
         "$db" : "sales"
      }
   },
   "result" : 0
}

Tip