Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-27489

Audit trail not captured old values while update operartion

    XMLWordPrintable

Details

    • New Feature
    • Status: Backlog
    • Major - P3
    • Resolution: Unresolved
    • None
    • None
    • Admin, Security
    • None

    Description

      Hello All,

      I have requirement to track update information like old values, new values, updated by, timestamp, collection, etc ..

      I have enabled the audit for crud operation with parameter as below ....

      --auditDestination file --auditFormat JSON --auditPath /data/db/auditLog.json --setParameter auditAuthorizationSuccess=true
      

      old values :
      ==================

      "statusCode" : "NOACTN"

      ==============
      update statement :

      MongoDB Enterprise > db.preauth_case.update(
      ...    { "createdByUserId" : -2 },
      ...    {
      ...       $set: {"statusCode" : "Update", }
      ...      }
      ... )
       
      WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })
      

      ======================
      Audit Trail : ==>

      { "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:19:45.416-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 65465 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "test", "args" : { "ping" : 1 } }, "result" : 0 }
      { "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:19:45.416-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 65506 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "ACMP_DEMO", "args" : { "ping" : 1 } }, "result" : 0 }
      { "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:08.977-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 63357 }, "users" : [], "roles" : [], "param" : { "command" : "update", "ns" : "ACMP_DEMO.preauth_case", "args" : { "update" : "preauth_case", "updates" : [ { "q" : { "createdByUserId" : -2 }, "u" : { "$set" : { "statusCode" : "Update" } }, "multi" : false, "upsert" : false } ], "ordered" : true } }, "result" : 0 }
      { "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:08.998-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 63357 }, "users" : [], "roles" : [], "param" : { "command" : "isMaster", "ns" : "ACMP_DEMO", "args" : { "isMaster" : 1, "forShell" : 1 } }, "result" : 0 }
      { "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.423-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 65467 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "admin", "args" : { "ping" : 1 } }, "result" : 0 }
      { "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.423-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 49201 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "admin", "args" : { "ping" : 1 } }, "result" : 0 }
      { "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.423-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 65464 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "admin", "args" : { "ping" : 1 } }, "result" : 0 }
      { "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.424-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 65505 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "admin", "args" : { "ping" : 1 } }, "result" : 0 }
      { "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.424-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 49195 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "admin", "args" : { "ping" : 1 } }, "result" : 0 }
      { "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.426-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 49202 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "ACMP_DEMO", "args" : { "ping" : 1 } }, "result" : 0 }
      { "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.427-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 65468 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "ACMP_DEMO", "args" : { "ping" : 1 } }, "result" : 0 }
      { "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.428-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 65465 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "test", "args" : { "ping" : 1 } }, "result" : 0 }
      { "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.428-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 49196 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "ACMP_DEMO", "args" : { "ping" : 1 } }, "result" : 0 }
      { "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.428-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 65506 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "ACMP_DEMO", "args" : { "ping" : 1 } }, "result" : 0 }
      

      Manually formatted : >

      { "atype" : "authCheck", 
       
      "ts" : { "$date" : "2016-12-20T22:20:08.977-0500" }, 
       
      "local" : { "ip" : "127.0.0.1", "port" : 27017 }, 
       
      "remote" : { "ip" : "127.0.0.1", "port" : 63357 },
       
       "users" : [], 
       
      "roles" : [],
       
      "param" : { "command" : "update", "ns" : "ACMP_DEMO.preauth_case", "args" : { "update" : "preauth_case", "updates" : [ { "q" : { "createdByUserId" : -2 }, "u" : { "$set" : { "statusCode" : "Update" } }, "multi" : false, "upsert" : false } ], "ordered" : true } }, 
       
      "result" : 0 }
      

      ============

      Question Here :

      1 > Could be track the old values also from audit trail ?
      2 > How could be collected all audit trail important information in a collection.

      I would be appreciate if you guys have some input on above query.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            ranjeetblore@gmail.com RANJEET
            Votes:
            1 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated: