[DOCS-13679] [OM] Ops manager API doesn't provide Remote Address and Remote Port information for all DATA_EXPLORER_CRUD events Created: 31/May/20  Updated: 29/Oct/23  Resolved: 29/Jun/20

Status: Closed
Project: Documentation
Component/s: Ops Manager
Affects Version/s: 4.2.6
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: omer cohen Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:
Days since reply: 3 years, 32 weeks, 2 days ago
Epic Link: DOCSP-7540

 Description   

Description

while find command event audit from Ops Manager Public API shows the RemoteAddress field, the following commands do not include it:

  • updateDocument
  • insertDocument
  • deleteDocument

in addition, neither for the commands supported by public API provides the RemotePort.

when activating the mongod/mongos native audit, is shows that the source IP and source Port fields do exists in a mongo event.

 

is it possible to fix and provide the RemoteAddress in all Ops Manager events?

and is it possible to provide the RemotePort as well?

 

thanks.

Scope of changes

Impact to Other Docs

MVP (Work and Date)

Resources (Scope or Design Docs, Invision, etc.)



 Comments   
Comment by John Williams [ 29/Jun/20 ]

Hi omer.cohen@imperva.com, thank you for filing this. It appears as if this is a feature request for Ops Manager. Can you please request this functionality using the MongoDB Feedback Engine?

I'm closing this ticket as it isn't a documentation bug. Thanks again!

Comment by omer cohen [ 17/Jun/20 ]

Hi,

I don't seen to have the ability to edit the Description so i'll add more info here:

API used is REST API on the Public API found in the documentation for Collecting Ops Manager Global Events:

https://docs.opsmanager.mongodb.com/current/reference/api/global-events/#global-events

Ops Manager Version used:

4.2.6

example of audit event on find command that includes the "remote address" field:

 

{
"collection":"testData",
"created":"2020-05-20T08:52:50Z",
"database":"mydb",
"eventTypeName":"DATA_EXPLORER",
"groupId":"5ec389bb8bebaa24eb2a7c73",
"hostId":"129c713056db1cde864fbb7d97062dc8",
"id":"5ec4efe28bebaa24eb31f78a",
"isGlobalAdmin":true,
"links": [{ "href":"http://<OpsManagerIP:Port>/api/public/v1.0/globalEvent/5ec4efe28bebaa24eb31f78,
"rel":"self" }],
"opType":"find",
"remoteAddress":"198.168.0.46",
"userId":"5ec389bb8bebaa24eb2a7c6b",
"username":"myUser"
}

example of audit event on delete command that doesn't include the "remote address" field:

 

{
"collection": "testData",
"created": "2020-05-25T13:49:43Z",
"database": "mydb",
"eventTypeName": "DATA_EXPLORER_CRUD",
"groupId": "5ec389bb8bebaa24eb2a7c73",
"hostId": "129c713056db1cde864fbb7d97062dc8",
"id": "5ecbccf78bebaa24eb5ce77d",
"isGlobalAdmin": true,
"links": [{"href": "http://<OpsManagerIP:Port>/api/public/v1.0/globalEvents/5ecbccf78bebaa24eb5ce77d",
"rel": "self" }],
"opType": "deleteDocument",
"userId": "5ec389bb8bebaa24eb2a7c6b",
"username": "myUser"
}

 

 

 

Generated at Thu Feb 08 08:08:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.