This topic describes how to enable the audit log feature for an ApsaraDB for MongoDB instance. The audit log feature is integrated with Log Service and allows you to query, analyze online, and export the audit logs of the instance. The audit log feature also provides real-time insight into the security and performance of the instance.
Background information
Log Service is an all-in-one service that is developed by Alibaba Cloud based on extensive big data experience. You can use Log Service to collect, consume, deliver, query, and analyze log data without the need to write code. Log Service helps you improve O&M efficiency. Some features of Log Service are integrated with ApsaraDB for MongoDB. This allows ApsaraDB for MongoDB to provide the audit log feature that is stable, flexible, efficient, and easy to use.
Prerequisites
The instance is a general-purpose instance with local disks or a dedicated instance with local disks.
The AliyunLogFullAccess policy is attached to the RAM user that is used to enable the audit log feature. For more information, see Grant permissions to a RAM user.
Limits
In the free trial edition, audit logs can be retained for one day. The maximum amount of storage available for all instances that reside in the same region is 100 GB.
Starting from January 6, 2022, the official edition of the audit log feature has been launched in all regions, and new applications for the free trial edition have ended. For more information, see [Notice] On official launch of the pay-as-you-go audit log feature and no more application for the free trial edition.
Impacts
The free trial edition of the audit log feature slightly lowers the performance of an ApsaraDB for MongoDB instance.
After you enable the free trial edition of the audit log feature, Log Service logs all types of operations that are performed on the instance. The logs can be used to troubleshoot issues in the instance.
Procedure
Go to the Replica Set Instances or Sharded Cluster Instances page. In the top navigation bar, select the region in which the instance resides. Then, find the instance and click the ID of the instance.
In the left-side navigation pane of the instance details page, choose .
On the Latest Audit Logs page, click Enable Audit Logs.
In the Enable Audit Logs message, read the prompt and click OK.