Configure Auditing for a Project¶

Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.

Note

Feature unavailable in Free and Shared-Tier Clusters

This feature is not available for M0 (Free Tier), M2, and M5 clusters. To learn more about which features are unavailable, see Atlas M0 (Free Tier), M2, and M5 Limitations.

The Atlas API authenticates using HTTP Digest Authentication. Provide a programmatic API public key and corresponding private key as the username and password when constructing the HTTP request.

To learn how to configure API access for an Atlas project, see Configure Atlas API Access.

https://cloud.mongodb.com/api/atlas/v1.0

Syntax¶

PATCH /groups/{GROUP-ID}/auditLog

Request Path Parameters¶

Path Element	Required/Optional	Description
`GROUP-ID`	Required.	The unique identifier for the project.

Request Query Parameters¶

Field Required/Optional Description

envelope

Optional.

A boolean that specifies whether or not to wrap the response in an envelope.

Defaults to false.

pretty

Optional.

A boolean that specifies whether or not to return a "pretty-printed" JSON document.

Defaults to false.

Request Body Parameters¶

Name Type Description

auditAuthorizationSuccess

boolean

Defaults to false

Set to true to direct the auditing system to capture successful authentication attempts for audit filters using the "atype" : "authCheck" auditing event. For more information, see auditAuthorizationSuccess

Warning

Enabling Audit authorization successes can severely impact cluster performance. Enable this option with caution.

auditFilter

string

JSON-formatted auditing filter. You may need to escape the JSON string to remove characters that could prevent parsing, such as single or double-quotes.

For complete documentation on custom auditing filters, see Configure Audit Filters.

enabled

boolean

Defaults to false

Set to true to enable auditing for the project.

Response¶

Name	Type	Description
`auditAuthorizationSuccess`	boolean	Indicates whether the auditing system captures successful authentication attempts for audit filters using the `"atype" : "authCheck"` auditing event. For more information, see auditAuthorizationSuccess
`auditFilter`	string	JSON-formatted audit filter used by the project
`configurationType`	string	Denotes the configuration method for the audit filter. Possible values are: `NONE` - auditing not configured for the project. `FILTER_BUILDER` - auditing configured via Atlas UI filter builder `FILTER_JSON` - auditing configured via Atlas custom filter or API
`enabled`	boolean	Denotes whether or not the project associated with the `{GROUP-ID}` has database auditing enabled.

Example Request¶

curl -u "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \
 --header "Accept: application/json" \
 --header "Content-Type: application/json" \
 --request PATCH "https://cloud.mongodb.com/api/atlas/v1.0/groups/{GROUP-ID}/auditLog" \
 --data '{
   "auditAuthorizationSuccess": false,
   "auditFilter": "{\"atype\" : \"authenticate\", \"param\" : {\"user\" : \"auditReadOnly\", \"db\" : \"admin\", \"mechanism\" : \"SCRAM-SHA-1\"} }",
   "enabled": true
   }'

Example Response¶

{
   "auditAuthorizationSuccess": false,
   "auditFilter": "{\"atype\" : \"authenticate\", \"param\" : {\"user\" : \"auditReadOnly\", \"db\" : \"admin\", \"mechanism\" : \"SCRAM-SHA-1\"} }",
   "configurationType": "FILTER_JSON",
   "enabled": true
}

Give Feedback

← Get Auditing Configuration for a Project Encryption at Rest using Customer Key Management →