[SERVER-12543] Audit options allowed in legacy config file format Created: 30/Jan/14  Updated: 14/Jul/17  Resolved: 14/Jul/17

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Kay Kim (Inactive) Assignee: DO NOT USE - Backlog - Platform Team
Resolution: Won't Fix Votes: 0
Labels: Auditing
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Participants:

 Description   

using the old conf file format:

dbpath=data/db
auth=true
auditDestination=file
auditFormat=JSON
auditPath=data/db/auditLog.json
auditFilter={ atype: "authenticate", "param.db": "test" }

I get the following error because of the auditFilter

~/mongodb-build/mongo(master) $ ./mongod -f audit.conf
Error parsing YAML config file: yaml-cpp: error at line 6, column 20: illegal map value
try './mongod --help' for more information

Same error with

dbpath=data/db
auth=true
auditDestination=file
auditFormat=JSON
auditPath=data/db/auditLog.json
auditFilter="{ 'atype': 'authenticate', 'param.db': 'test' }"

and

dbpath=data/db
auditDestination=file
auditFormat=JSON
auditPath=data/db/auditLog.json
auditFilter='{ atype: { $in: [ "createCollection", "dropCollection" ] } }'

Also, using the commandline option, single quoting the filter works:

./mongod --dbpath data/db --auditDestination file --auditFilter '{ atype: { $in: [ "createCollection", "dropCollection" ] } }' --auditFormat JSON --auditPath data/db/auditLog.json
 

But double quoting the filter tries to substitute for $in and throws an error:

./mongod --dbpath data/db --auditDestination file --auditFilter "{ atype: { $in: [ 'createCollection', 'dropCollection' ] } }" --auditFormat JSON --auditPath data/db/auditLog.json
2014-01-29T21:16:43.424-0500 SEVERE: Failed global initialization: BadValue bad auditFilter:code FailedToParse: FailedToParse: First character in field must be [A-Za-z$_]: offset:11 of:{ atype: { : [ 'createCollection', 'dropCollection' ] } }



 Comments   
Comment by Mira Carey [ 14/Jul/17 ]

Several years later, I encourage all users to take advantage of the new config file format and all of it's new options and features

Comment by Shaun Verch [ 30/Jan/14 ]

I think the issue here is that the audit options are technically allowed to be in the config file in the current version of the code, so this is something to fix.

Comment by Eric Milkie [ 30/Jan/14 ]

The auditing options are not available/supported in the old config file format – and going forward, any other new command line parameters that we add will not be supported there either. The old config file is only supported to allow people to upgrade without touching the config file. Once you want to start using new features, you'll need to convert your config file to the new format.

Also note that quoting in the command line is different between a typical Unix shell and the command processor on Windows (in various tricky ways). While the auditing options are technically available via the command line, we expect that most users will want to use the new YAML config file to specify them, specifically to avoid the quoting issues that you illustrated above.

Generated at Thu Feb 08 03:28:49 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.