Configure Auditing for a Project
On this page
Groups and projects are synonymous terms. Your {GROUP-ID} is the
same as your project ID. For existing groups, your group/project ID
remains the same. The resource and corresponding endpoints use the
term groups.
This feature is not available for M0 free clusters, M2, and
M5 clusters. To learn more about which features are unavailable,
see Atlas M0 (Free Cluster), M2, and M5 Limitations.
The Atlas Administration API authenticates using HTTP Digest Authentication. Provide a programmatic API public key and corresponding private key as the username and password when constructing the HTTP request. To learn how to configure API access for an Atlas project, see Get Started with the Atlas Administration API.
https://cloud.mongodb.com/api/atlas/v1.0
Syntax
PATCH /groups/{GROUP-ID}/auditLog
Request Path Parameters
Path Element | Required/Optional | Description |
|---|---|---|
GROUP-ID | Required. | The unique identifier for the project. |
Request Query Parameters
This endpoint might use any of the HTTP request query parameters available to all Atlas Administration API resources. All of these are optional.
Name | Type | Necessity | Description | Default | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
pretty | boolean | Optional | Flag indicating whether the response body should be in a
prettyprint format. | false | ||||||
envelope | boolean | Optional | Flag indicating if Atlas should wrap the response in a JSON envelope. This option may be needed for some API clients. These clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. For endpoints that return one result, the response body includes:
| false |
Request Body Parameters
Name | Type | Description |
|---|---|---|
auditAuthorizationSuccess | boolean | Defaults to Set to Warning Enabling Audit authorization successes can severely impact cluster performance. Enable this option with caution. |
auditFilter | string | JSON-formatted auditing filter. You may need to escape the JSON string to remove characters that could prevent parsing, such as single or double-quotes. For complete documentation on custom auditing filters, see Configure Audit Filters. |
enabled | boolean | Defaults to Set to |
Response
Name | Type | Description |
|---|---|---|
auditAuthorizationSuccess | boolean | Indicates whether the auditing system captures
successful authentication attempts for
audit filters using the "atype" : "authCheck" auditing
event. For more information,
see auditAuthorizationSuccess |
auditFilter | string | JSON-formatted audit filter used by the project |
configurationType | string | Denotes the configuration method for the audit filter. Possible values are:
|
enabled | boolean | Denotes whether or not the project associated with the {GROUP-ID} has
database auditing enabled. |
Example Request
curl -u "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \ --header "Accept: application/json" \ --header "Content-Type: application/json" \ --request PATCH "https://cloud.mongodb.com/api/atlas/v1.0/groups/{GROUP-ID}/auditLog" \ --data '{ "auditAuthorizationSuccess": false, "auditFilter": "{\"atype\" : \"authenticate\", \"param\" : {\"user\" : \"auditReadOnly\", \"db\" : \"admin\", \"mechanism\" : \"SCRAM-SHA-1\"} }", "enabled": true }'
Example Response
{ "auditAuthorizationSuccess": false, "auditFilter": "{\"atype\" : \"authenticate\", \"param\" : {\"user\" : \"auditReadOnly\", \"db\" : \"admin\", \"mechanism\" : \"SCRAM-SHA-1\"} }", "configurationType": "FILTER_JSON", "enabled": true }