This topic describes how to view audit logs on ApsaraDB for MongoDB.
Prerequisites
The audit log feature is enabled. For more information, see Enable the audit log feature.
View audit logs
Log on to the ApsaraDB for MongoDB console.
In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances based on the instance type.
In the upper-left corner of the page, select the resource group and region to which the instance belongs.
Click the ID of an instance, or click in the Actions column corresponding to the instance and select Manage.
In the left-side navigation pane of the instance details page, choose .
On the Mongo audit log center page, query the details of audit logs. By default, the audit logs of 15 minutes (relative) are displayed.
You can click Refresh in the upper-right corner of the Mongo audit log center page to set the refresh frequency of audit logs.
Once
Specifies to immediately refresh audit logs.
Auto Refresh
Specifies to refresh audit logs every 15 seconds, 60 seconds, 5 minutes, or 15 minutes.
NoteIf you do not want to use the auto-refresh interval specified by this parameter, choose
to clear the current parameter setting, and then reset this parameter.
Filter the audit logs of an instance
You can view the audit logs that meet specified filter conditions.
Log on to the ApsaraDB for MongoDB console.
In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances based on the instance type.
In the upper-left corner of the page, select the resource group and region to which the instance belongs.
Click the ID of an instance, or click in the Actions column corresponding to the instance and select Manage.
In the left-side navigation pane of the instance details page, choose .
On the Mongo audit log center page, specify the filter conditions.
Filter conditions
Filter condition
Description
Keyword
The keyword that is included in the audit logs you want to view. A keyword can be a client IP address, a command, a username, or other extended information.
The Keyword field supports exact match. You must enter complete information in the Keyword field. Examples:
If you want to specify an IP address as a keyword, you must enter a complete IP address such as 192.168.1.1, not a partial IP address such as 192.168 or 1.1.
If you want to specify a command as a keyword, you must enter a complete command such as AUTH or auth. Do not enter au.
If a keyword contains a colon (:), enclose the keyword in a pair of double quotation marks (""). Example: "userId:1".
Operation Type
The type of the operation.
Client IP Address
The client IP address used to connect to the ApsaraDB for MongoDB instance. Example:
If the ECS instance is connected to the ApsaraDB for MongoDB instance over the Internet, enter the public IP address of the ECS instance.
If the ECS instance is connected to the ApsaraDB for MongoDB instance by using a VPC connection, enter the private IP address of the ECS instance.
Database Name
The name of the database.
Set Name
The name of the collection.
Username
The username used to connect to the ApsaraDB for MongoDB instance.
View the audit logs of an instance over a specified time range
You can use the time picker to specify a time range.
Log on to the ApsaraDB for MongoDB console.
In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances based on the instance type.
In the upper-left corner of the page, select the resource group and region to which the instance belongs.
Click the ID of an instance, or click in the Actions column corresponding to the instance and select Manage.
In the left-side navigation pane of the instance details page, choose .
On the Mongo audit log center page, click Time Range.
In the Time panel, select a time range.
Time pane
Section
Description
Time details
When you move the pointer over a time option in the Relative section or Time Frame section, the time details section displays the time range that matches the selected time option.
Relative
Select a time range relative to the current point in time. When you move the pointer over a time option in this section, the time details section displays the time range that maps the selected time option.
Time Frame
Select a time range that is accurate to the minute, hour, week, or day. When you move the pointer over a time option in this section, the time details section displays the time range that maps the selected time option.
Custom
Specify a custom time range. After you click OK, the custom time range is applied.
NoteThe minimum query time is minute. To query audit logs accurate to seconds, log on to the Log Service console and enter a query or analytic statement. For more information about how to query audit logs within seconds, see Query and analyze logs.
Related API operations
Operation | Description |
Queries the audit logs of an ApsaraDB for MongoDB instance. |
FAQ
Why do I view only 2,000 audit log entries?
The Mongo audit log center page of the ApsaraDB for MongoDB console displays a maximum of 2,000 audit log entries. To view more audit log entries, log on to the Log Service console. For more information, see Query and analyze logs.