[SERVER-8876] DDL and Authentication Audit Logs Created: 06/Mar/13  Updated: 10/Dec/14  Resolved: 07/May/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: Major - P3
Reporter: Andy Schwerin Assignee: Andy Schwerin
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates SERVER-1891 Audit "DDL" operations Closed
Related
related to SERVER-8935 Provide a mechanism for mongos to tel... Closed
Participants:

 Description   

MongoDB should be able to direct information about the following types of events to a text file or other target, for customer use in auditing user activity:

  • DDL operations
    • Create/delete database
    • Create/delete collection
    • Create/delete index
    • Add/remove user
    • Alter user
    • Shard collection?
  • Authentication operations
    • Failed authentication
    • Successful authentication
    • Logout
  • Authorization Operations
    • Access denied for DDL operations
    • Access denied for CRUD operations?
    • Access denied for queries?

Audit log messages should include the user performing the successful action, a timestamp, and description of the action itself.



 Comments   
Comment by Andy Schwerin [ 06/Mar/13 ]

Open question, how should operations that span multiple mongo nodes leave audit trails on those nodes? Particularly if the operation is somehow lazy. For example, if a client sends an insert operation to a mongos and that triggers a collection to be created on a mongod, how shall that be logged to the audit logs on the mongos and mongod? What if the collection already exists as a sharded collection, but because no data was present on one of the shard servers previously, the collection must now be created on that shard? Does that get an audit entry? As the user that originally created the collection, the current user doing the write, the system user? Is it logged in the mongos's audit log, the shard server's audit log, or the config server's audit log?

For replication, should replicated operations be logged in every set members audit logs, only the primary's audit logs, or other?

Should audit information be written to local files at all, or should they be sent to an audit service (or database) instead?

Generated at Thu Feb 08 03:18:42 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.