• API >
• API Resources >
• Auditing >
• Configure Auditing for a Project

Configure Auditing for a Project

Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.

Feature unavailable in Free and Shared-Tier Clusters

This feature is not available for M0 (Free Tier), M2, and M5 clusters. To learn more about which features are unavailable, see Atlas M0 (Free Tier), M2, and M5 Limitations.

The Atlas API uses HTTP Digest Authentication. Provide a programmatic API public key and corresponding private key as the username and password when constructing the HTTP request.

For complete documentation on configuring API access for an Atlas project, see Configure Atlas API Access.

Base URL: https://cloud.mongodb.com/api/atlas/v1.0

Syntax

copy

PATCH /groups/{GROUP-ID}/auditLog

Request Path Parameters

Path Element	Required/Optional	Description
GROUP-ID	Required.	The unique identifier for the project.

Request Query Parameters

Field	Required/Optional	Description
envelope	Optional.	A boolean that specifies whether or not to wrap the response in an envelope. Defaults to false.
pretty	Optional.	A boolean that specifies whether or not to return a “pretty-printed” JSON document. Defaults to false.

Request Body Parameters

Name	Type	Description
auditAuthorizationSuccess	boolean	Defaults to false Set to true to direct the auditing system to capture successful authentication attempts for audit filters using the "atype" : "authCheck" auditing event. For more information, see auditAuthorizationSuccess Warning Enabling Audit authorization successes can severely impact cluster performance. Enable this option with caution.
auditFilter	string	JSON-formatted auditing filter. You may need to escape the JSON string to remove characters that could prevent parsing, such as single or double-quotes. For complete documentation on custom auditing filters, see Configure Audit Filters.
enabled	boolean	Defaults to false Set to true to enable auditing for the project.

Response

Name	Type	Description
auditAuthorizationSuccess	boolean	Indicates whether the auditing system captures successful authentication attempts for audit filters using the "atype" : "authCheck" auditing event. For more information, see auditAuthorizationSuccess
auditFilter	string	JSON-formatted audit filter used by the project
configurationType	string	Denotes the configuration method for the audit filter. Possible values are: NONE - auditing not configured for the project. FILTER_BUILDER - auditing configured via Atlas UI filter builder FILTER_JSON - auditing configured via Atlas custom filter or API
enabled	boolean	Denotes whether or not the project associated with the {GROUP-ID} has database auditing enabled.

Example Request

copy

curl -u "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \
 --header "Accept: application/json" \
 --header "Content-Type: application/json" \
 --request PATCH "https://cloud.mongodb.com/api/atlas/v1.0/groups/{GROUP-ID}/auditLog" \
 --data '{
   "auditAuthorizationSuccess": false,
   "auditFilter": "{\"atype\" : \"authenticate\", \"param\" : {\"user\" : \"auditReadOnly\", \"db\" : \"admin\", \"mechanism\" : \"SCRAM-SHA-1\"} }",
   "enabled": true
   }'

Example Response

copy

{
   "auditAuthorizationSuccess": false,
   "auditFilter": "{\"atype\" : \"authenticate\", \"param\" : {\"user\" : \"auditReadOnly\", \"db\" : \"admin\", \"mechanism\" : \"SCRAM-SHA-1\"} }",
   "configurationType": "FILTER_JSON",
   "enabled": true
}

←   Get Auditing Configuration for a Project Encryption at Rest using Customer Key Management  →

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.