| Steps To Reproduce: |
- Start mongod with auditing enabled
- Prepare a table with some dummy data
for (let i = 0; i < 100; i++) {
|
assert.writeOK(db.audit.insert({ _id: i }));
|
}
|
- Connect to mongod using console in legacy mode such as:
mongo 127.0.0.1:20000/admin --readMode=legacy --useLegacyWriteOps
|
let query = db.audit.find().batchSize(1);
|
query.next();
|
query.close();
|
- Observe that there is an event "atype=authCheck,command=find", followed by "atype=authCheck,command=endSessions". There is no "atype=authCheck,command=killCursors".
- Wireshark does demonstrate that there indeed is a killCursors operation:
|