System Event Audit Messages
On this page
Note
Available only in MongoDB Enterprise .
Audit Message
The event auditing feature can record events in JSON format. To configure auditing output, see Configure Auditing
The recorded JSON messages have the following syntax:
Field | Type | Description |
---|---|---|
atype |
string | Action type. See Audit Event Actions, Details, and Results. |
ts |
document | Document that contains the date and UTC time of the event, in ISO 8601 format. |
local |
document | Document that contains the local ip address and the port number of the running instance. |
remote |
document | Document that contains the remote ip address and the port number of the incoming connection associated with the event. |
users |
array | Array of user identification documents. Because MongoDB allows a session to log in with different user per database, this array can have more than one user. Each document contains a user field for the username and a db field for the authentication database for that user. |
roles |
array | Array of documents that specify the roles granted to the user. Each document contains a role field for the name of the role and a db field for the database associated with the role. |
param |
document | Specific details for the event. See Audit Event Actions, Details, and Results. |
result |
integer | Error code. See Audit Event Actions, Details, and Results. |
Audit Event Actions, Details, and Results
The following table lists for each atype
or action type, the associated param
details and the result
values, if any.
atype |
param |
result |
---|---|---|
authenticate |
0 - Success
18 - Authentication Failed
|
|
authCheck |
ns field is optional.
args field may be redacted.
|
0 - Success
13 - Unauthorized to perform the operation.
By default, the auditing system logs only the authorization failures. To enable the system to log authorization successes, use the |
createCollection |
0 - Success |
|
createDatabase |
0 - Success |
|
createIndex |
0 - Success |
|
renameCollection |
0 - Success |
|
dropCollection |
0 - Success |
|
dropDatabase |
0 - Success |
|
dropIndex |
0 - Success |
|
createUser |
The |
0 - Success |
dropUser |
0 - Success |
|
dropAllUsersFromDatabase |
0 - Success |
|
updateUser |
The |
0 - Success |
grantRolesToUser |
0 - Success |
|
revokeRolesFromUser |
0 - Success |
|
createRole |
The For details on the resource document, see Resource Document. For a list of actions, see Privilege Actions. |
0 - Success |
updateRole |
The For details on the resource document, see Resource Document. For a list of actions, see Privilege Actions. |
0 - Success |
dropRole |
0 - Success |
|
dropAllRolesFromDatabase |
0 - Success |
|
grantRolesToRole |
0 - Success |
|
revokeRolesFromRole |
0 - Success |
|
grantPrivilegesToRole |
For details on the resource document, see Resource Document. For a list of actions, see Privilege Actions. |
0 - Success |
revokePrivilegesFromRole |
For details on the resource document, see Resource Document. For a list of actions, see Privilege Actions. |
0 - Success |
New in version 3.6.9. |
For details on the replica set configuration document, see Replica Set Configuration. |
0 - Success |
enableSharding |
0 - Success |
|
shardCollection |
0 - Success |
|
addShard |
When a shard is a replica set, the |
0 - Success |
removeShard |
0 - Success |
|
shutdown |
Indicates commencement of database shutdown. |
0 - Success |
applicationMessage |