• Security >
• Security Reference >
• System Event Audit Messages

System Event Audit Messages

Note

The audit system is available only in MongoDB Enterprise.

The event auditing feature can record events in JSON format. The recorded JSON messages have the following syntax:

{
  atype: <String>,
  ts : { "$date": <timestamp> },
  local: { ip: <String>, port: <int> },
  remote: { ip: <String>, port: <int> },
  users : [ { user: <String>, db: String> }, ... ],
  params: <document>,
  result: <int>
}

Field	Type	Description
atype	String	Action type. See Event Actions, Details, and Results.
ts	document	Document that contains the date and UTC time of the event, in ISO 8601 format.
local	document	Document that contains the local ip address and the port number of the running instance.
remote	document	Document that contains the remote ip address and the port number of the incoming connection associated with the event.
users	array	Array of user identification documents. Because MongoDB allows a session to log in with different user per database, this array can have more than one user. Each document contains a user field for the username and a db field for the authentication database for that user.
params	document	Specific details for the event. See Event Actions, Details, and Results.
result	integer	Error code. See Event Actions, Details, and Results.

Event Actions, Details, and Results

The following table lists for each atype or action type, the associated params details and the result values, if any.

atype	params	result	Notes
authenticate	{ user: <user name>, db: <database>, mechanism: <mechanism> }	0 - Success 18 - Authentication Failed
authCheck	{ command: <name>, ns: <database>.<collection>, args: <command object> }	0 - Success 13 - Unauthorized to perform the operation.	The auditing system logs only authorization failures. ns field is optional. args field may be redacted.
createCollection	{ ns: <database>.<collection> }	0 - Success
createDatabase	{ ns: <database> }	0 - Success
createIndex	{ ns: <database>.<collection>, indexName: <index name>, indexSpec: <full index specification> }	0 - Success
renameCollection	{ old: <database>.<collection>, new: <database>.<collection> }	0 - Success
dropCollection	{ ns: <database>.<collection> }	0 - Success
dropDatabase	{ ns: <database> }	0 - Success
dropIndex	{ ns: <database>.<collection>, indexName: <index name> }	0 - Success
createUser	{ user: <user name>, db: <database>, customData: <document>, roles: [ <role1>, ... ] }	0 - Success	customData field is optional.
dropUser	{ user: <user name>, db: <database> }	0 - Success
dropAllUsersFromDatabase	{ db: <database> }	0 - Success
updateUser	{ user: <user name>, db: <database>, passwordChanged: <boolean>, customData: <document>, roles: [ <role1>, ... ] }	0 - Success	customData field is optional.
grantRolesToUser	{ user: <user name>, db: <database>, roles: [ <role1>, ... ] }	0 - Success	The roles array contains role documents. See role Document.
revokeRolesFromUser	{ user: <user name>, db: <database>, roles: [ <role1>, ... ] }	0 - Success	The roles array contains role documents. See role Document.
createRole	{ role: <role name>, db: <database>, roles: [ <role1>, ... ], privileges: [ <privilege1>, ... ] }	0 - Success	Either roles or the privileges field can be optional. The roles array contains role documents. See role Document. The privileges array contains privilege documents. See privilege Document.
updateRole	{ role: <role name>, db: <database>, roles: [ <role1>, ... ], privileges: [ <privilege1>, ... ] }	0 - Success	Either roles or the privileges field can be optional. The roles array contains role documents. See role Document. The privileges array contains privilege documents. See privilege Document.
dropRole	{ role: <role name>, db: <database> }	0 - Success
dropAllRolesFromDatabase	{ db: <database> }	0 - Success
grantRolesToRole	{ role: <role name>, db: <database>, roles: [ <role1>, ... ] }	0 - Success	The roles array contains role documents. See role Document.
revokeRolesFromRole	{ role: <role name>, db: <database>, roles: [ <role1>, ... ] }	0 - Success	The roles array contains role documents. See role Document.
grantPrivilegesToRole	{ role: <role name>, db: <database>, privileges: [ <privilege1>, ... ] }	0 - Success	The privileges array contains privilege documents. See privilege Document.
revokePrivilegesFromRole	{ role: <role name>, db: <database name>, privileges: [ <privilege1>, ... ] }	0 - Success	The privileges array contains privilege documents. See privilege Document.
replSetReconfig	{ old: <configuration>, new: <configuration> }	0 - Success
enableSharding	{ ns: <database> }	0 - Success
shardCollection	{ ns: <database>.<collection>, key: <shard key pattern>, options: { unique: <boolean> } }	0 - Success
addShard	{ shard: <shard name>, connectionString: <hostname>:<port>, maxSize: <maxSize> }	0 - Success	When a shard is a replica set, the connectionString includes the replica set name and can include other members of the replica set.
removeShard	{ shard: <shard name> }	0 - Success
shutdown	{ }	0 - Success	Indicates commencement of database shutdown.
applicationMessage	{ msg: <custom message string> }	0 - Success	See logApplicationMessage.

Additional Information

role Document

The <role> document in the roles array has the following form:

{
  role: <role name>,
  db: <database>
}

privilege Document

The <privilege> document in the privilege array has the following form:

{
  resource: <resource document> ,
  actions: [ <action>, ... ]
}

See Resource Document for details on the resource document. For a list of actions, see Privilege Actions.

←   Default MongoDB Port Security Release Notes  →

Copyright © 2011-2014 MongoDB, Inc. Licensed under Creative Commons. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.