Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-12551

Audit DML/CRUD operations

      For auditing and regulatory compliance most organizations require that all user-based Data Manipulation Language ("DML") and/or Create, Read, Update and Delete ("CRUD") operations performed against production databases be logged. This request extends the MongoDB auditing framework, introduced in version 2.6, to include logging of all user queries and DML/CRUD operations including:

      • query/read - any operation that returns data
      • insert – any operation that adds data to a database
      • update – any operation that changes data on a database
      • delete – any operation that removes data from a database

      Requirements for logging of these operations include:
      same format, data elements, output options used for DDL and system level auditing
      capture complete query, command with variable substitution (non-masked values)
      return result of query, command (success, failure, row count, rows affected, etc)
      provide option to log to a separate file for manageability
      option to log queried or returned data – feasibility TBD

      With this enhancement, we should also extend the current auditing functionality to provide high-level configuration options that allow users to set the “verbosity” of audit logging for a given server. Options to include:

      • system – enables the logging of only DDL or system level operations (2.6 implementation)
      • queries – enables the logging of only DML/CRUD operations
      • all - (default) enables the logging of all operations

            amalia.hawkins@10gen.com Amalia Hawkins
            rob.young@10gen.com Rob Young (Inactive)
            2 Vote for this issue
            15 Start watching this issue