[SERVER-12453] Support logging/auditing to the Windows Event Log Created: 23/Jan/14  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Logging
Affects Version/s: 2.5.4
Fix Version/s: None

Type: New Feature Priority: Major - P3
Reporter: Andreas Nilsson Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 3
Labels: Auditing, Windows, community-team, platforms-re-triaged
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Windows


Issue Links:
Related
Assigned Teams:
Server Security
Backwards Compatibility: Fully Compatible
Participants:

 Description   

There is currently no support for sending logs to the Windows Event Log.

Windows Event Log is the standard way of logging on Windows so it's a long-term "should have" feature. This should include normal logs as well as audit logs.

Implementation steps:
1. Determine how our logs fits into the different event log categories/labeling system.
2. During install register MongoDB as a logging application in the event log manager using the Win32 API.
3. Implement a log facility for the event log in the server using Win32 API and forward logs and audit logs to it.



 Comments   
Comment by Mike Button [ 22/Sep/14 ]

Alert monitoring is handled by our Data Management Centre.
Alerting by Mongo DB instances by writing to the Windows event log & MMS gathering these alerts will provide the ability for our DM staff to pick up & inform the relevant team of issues.

Comment by Mark Benvenuto [ 23/Jan/14 ]

We also need to evaluate how this will integrate with our ETW story. We will need to decide what log content goes to each and under which verbosity level. Windows Event Log is not designed for a high volume of logs while ETW is. Windows Event Log is easier to alert for administrators.

Generated at Thu Feb 08 03:28:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.