[SERVER-27489] Audit trail not captured old values while update operartion Created: 21/Dec/16  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Admin, Security
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: Major - P3
Reporter: RANJEET Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Assigned Teams:
Server Security
Participants:

 Description   

Hello All,

I have requirement to track update information like old values, new values, updated by, timestamp, collection, etc ..

I have enabled the audit for crud operation with parameter as below ....

--auditDestination file --auditFormat JSON --auditPath /data/db/auditLog.json --setParameter auditAuthorizationSuccess=true

old values :
==================

"statusCode" : "NOACTN"

==============
update statement :

MongoDB Enterprise > db.preauth_case.update(
...    { "createdByUserId" : -2 },
...    {
...       $set: {"statusCode" : "Update", }
...      }
... )
 
WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })

======================
Audit Trail : ==>

{ "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:19:45.416-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 65465 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "test", "args" : { "ping" : 1 } }, "result" : 0 }
{ "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:19:45.416-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 65506 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "ACMP_DEMO", "args" : { "ping" : 1 } }, "result" : 0 }
{ "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:08.977-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 63357 }, "users" : [], "roles" : [], "param" : { "command" : "update", "ns" : "ACMP_DEMO.preauth_case", "args" : { "update" : "preauth_case", "updates" : [ { "q" : { "createdByUserId" : -2 }, "u" : { "$set" : { "statusCode" : "Update" } }, "multi" : false, "upsert" : false } ], "ordered" : true } }, "result" : 0 }
{ "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:08.998-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 63357 }, "users" : [], "roles" : [], "param" : { "command" : "isMaster", "ns" : "ACMP_DEMO", "args" : { "isMaster" : 1, "forShell" : 1 } }, "result" : 0 }
{ "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.423-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 65467 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "admin", "args" : { "ping" : 1 } }, "result" : 0 }
{ "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.423-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 49201 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "admin", "args" : { "ping" : 1 } }, "result" : 0 }
{ "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.423-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 65464 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "admin", "args" : { "ping" : 1 } }, "result" : 0 }
{ "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.424-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 65505 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "admin", "args" : { "ping" : 1 } }, "result" : 0 }
{ "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.424-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 49195 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "admin", "args" : { "ping" : 1 } }, "result" : 0 }
{ "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.426-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 49202 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "ACMP_DEMO", "args" : { "ping" : 1 } }, "result" : 0 }
{ "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.427-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 65468 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "ACMP_DEMO", "args" : { "ping" : 1 } }, "result" : 0 }
{ "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.428-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 65465 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "test", "args" : { "ping" : 1 } }, "result" : 0 }
{ "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.428-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 49196 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "ACMP_DEMO", "args" : { "ping" : 1 } }, "result" : 0 }
{ "atype" : "authCheck", "ts" : { "$date" : "2016-12-20T22:20:45.428-0500" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 65506 }, "users" : [], "roles" : [], "param" : { "command" : "ping", "ns" : "ACMP_DEMO", "args" : { "ping" : 1 } }, "result" : 0 }

Manually formatted : >

{ "atype" : "authCheck", 
 
"ts" : { "$date" : "2016-12-20T22:20:08.977-0500" }, 
 
"local" : { "ip" : "127.0.0.1", "port" : 27017 }, 
 
"remote" : { "ip" : "127.0.0.1", "port" : 63357 },
 
 "users" : [], 
 
"roles" : [],
 
"param" : { "command" : "update", "ns" : "ACMP_DEMO.preauth_case", "args" : { "update" : "preauth_case", "updates" : [ { "q" : { "createdByUserId" : -2 }, "u" : { "$set" : { "statusCode" : "Update" } }, "multi" : false, "upsert" : false } ], "ordered" : true } }, 
 
"result" : 0 }

============

Question Here :

1 > Could be track the old values also from audit trail ?
2 > How could be collected all audit trail important information in a collection.

I would be appreciate if you guys have some input on above query.



 Comments   
Comment by Spencer Jackson [ 27/Dec/16 ]

ranjeetblore@gmail.com, the ability to store the audit log directly into a collection is not currently a supported feature, sorry. However, it looks like there is already an open ticket tracking a request to implement it: SERVER-12670. I encourage you to watch and vote for that issue, which will help us track demand and make scheduling decisions. Thanks!

Comment by RANJEET [ 27/Dec/16 ]

Thanks for update of first query.

With reference of second query , I would like to know , Is mongodb having any features to convert audit trail log in collection ?
So that end user can easily track all transaction history for audit purpose from collection itself .

Comment by Spencer Jackson [ 22/Dec/16 ]

Hi! It's not currently possible to audit the the old values which existed in a document before an update. This seems like a feature request, so we'll keep this ticket open to track it.
As for point 2, is there any collection information in particular are you interested in logging?

Generated at Thu Feb 08 04:15:18 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.