DocsICP FilingConsole
官方文档
首页

Query the audit log

更新时间:
复制 MD 格式
产品详情
我的收藏

This topic describes how to query the audit log for ApsaraDB for MongoDB.

Prerequisites

The audit log feature is enabled. For more information, see Enable the audit log feature.

Query audit logs

  1. Log on to the MongoDB console.

  2. Based on the instance type, click Replica Set Instances or Sharded Cluster Instances in the navigation pane on the left.

  3. In the upper-left corner of the page, select the resource group and region where the instance is located.

  4. Click the ID of the target instance, or click Manage in the Actions column for the instance.

  5. In the navigation pane on the left of the instance details page, click Data Security > Audit Logs.

  6. On the Mongo audit log center page, view audit log details. By default, the page displays logs from the last 15 Minutes (Relative).

    You can click Refresh in the upper-right corner of the Mongo audit log center page to set the audit log refresh frequency.

    • Once

      Refreshes the audit log immediately.

    • Automatic Refresh

      You can set the audit log to automatically refresh every 15 seconds, 60 seconds, 5 minutes, or 15 minutes.

      Note

      To disable the current auto-refresh interval, click Refresh > Disable and then set a new interval.

Filter audit logs

You can use different filters to narrow your results and find specific audit log entries.

  1. Log on to the MongoDB console.

  2. Based on the instance type, click Replica Set Instances or Sharded Cluster Instances in the navigation pane on the left.

  3. In the upper-left corner of the page, select the resource group and region where the instance is located.

  4. Click the ID of the target instance, or click Manage in the Actions column for the instance.

  5. In the navigation pane on the left of the instance details page, click Data Security > Audit Logs.

  6. In the filter section of the Mongo audit log center page, set the filter conditions.

    The following table describes the filters.

    Filter

    Description

    Keyword

    Filters the audit log by a keyword, such as a client IP address, executed command, account, or extended information.

    • Keyword search requires an exact match. Fuzzy search is not supported. Examples:

      • To filter by a client IP address (IPv4), you must enter all four fields in dotted-decimal notation, such as 192.168.1.1, not 192.168 or 1.1.

      • To filter by an executed command, you must enter the full name of the command, such as AUTH or auth, not au.

    • If you need to use a keyword that contains a colon (:), enclose the keyword in double quotation marks (""), for example, "userId:1".

    Operation type

    Filters the audit log by operation type.

    Client IP Address

    Filters the audit log by the client IP address used to connect to the ApsaraDB for MongoDB instance. Examples:

    If an ECS instance connects to the ApsaraDB for MongoDB instance over the internet, enter the public IP address of the ECS instance.

    If an ECS instance connects to the ApsaraDB for MongoDB instance over a Virtual Private Cloud (VPC), enter the private IP address of the ECS instance.

    Database Name

    Filters the audit log by database name.

    Collection Name

    Filters the audit log by collection name.

    Username

    Filters the audit log by username.

Use the time picker

You can use the time picker to query the audit log for different time ranges.

  1. Log on to the MongoDB console.

  2. Based on the instance type, click Replica Set Instances or Sharded Cluster Instances in the navigation pane on the left.

  3. In the upper-left corner of the page, select the resource group and region where the instance is located.

  4. Click the ID of the target instance, or click Manage in the Actions column for the instance.

  5. In the navigation pane on the left of the instance details page, click Data Security > Audit Logs.

  6. On the Mongo audit log center page, click Select time range on the right.

  7. In the Select time range panel, select a time range.

    The following table describes the sections of the time picker.

    Section

    Description

    Time details

    When you hover over an option in the Relative time or Time frame section, this section displays the specific time range for that option.

    Relative time

    Selects a time period relative to the current time. When you hover over an option, you can view the corresponding time range in the Time details section.

    Time frame

    Selects a fixed time frame with a granularity of one minute or more. When you hover over an option, you can view the corresponding time range in the Time details section.

    Custom time

    Specifies a custom time range. After you enter a custom time range, you must click OK to apply it.

    Note

    The minimum query granularity is one minute. If you need second-level precision, log on to the Simple Log Service (SLS) console and use a query and analysis statement to retrieve audit log entries. For more information, see Quick start for log query and analysis.

Related APIs

API

Description

DescribeAuditRecords

Queries the audit log of an ApsaraDB for MongoDB instance.

FAQ

Q: Why can I query a maximum of only 2,000 audit log entries?

A: The Mongo audit log center page in the ApsaraDB for MongoDB console displays a maximum of 2,000 audit log entries. To query more audit log entries, log on to the Simple Log Service (SLS) console. For more information, see Quick start for log query and analysis.

Q: Why do I have very little audit log data?

A: After you enable the audit log feature, only the Admin and slow operation types are selected by default. If you want to change the audited operation types, see Change audited operation types.

Previous:Enable audit logsNext:Modify audit log settings