Navigation

Configure Auditing for a Project

Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.

Note
Feature unavailable in Free and Shared-Tier Clusters

This feature is not available for M0 (Free Tier), M2, and M5 clusters. To learn more about which features are unavailable, see Atlas M0 (Free Tier), M2, and M5 Limitations.

The Atlas API authenticates using HTTP Digest Authentication. Provide a programmatic API public key and corresponding private key as the username and password when constructing the HTTP request.

To learn how to configure API access for an Atlas project, see Configure Atlas API Access.

https://cloud.mongodb.com/api/atlas/v1.0

PATCH /groups/{GROUP-ID}/auditLog
Path Element
Required/Optional
Description
GROUP-ID
Required.
The unique identifier for the project.

This endpoint might use any of the HTTP request query parameters available to all Atlas API resources. All of these are optional.

Name
Type
Necessity
Description
Default
pretty
boolean
Optional
Flag indicating whether the response body should be in a prettyprint format.
false
envelope
boolean
Optional

Flag indicating if Atlas should wrap the response in a JSON envelope.

This option may be needed for some API clients. These clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

For endpoints that return one result, the response body includes:

status
HTTP response code
envelope
Expected response body
false

Request Body Parameters

Name
Type
Description
auditAuthorizationSuccess
boolean

Defaults to false

Set to true to direct the auditing system to capture successful authentication attempts for audit filters using the "atype" : "authCheck" auditing event. For more information, see auditAuthorizationSuccess

Warning

Enabling Audit authorization successes can severely impact cluster performance. Enable this option with caution.

auditFilter
string

JSON-formatted auditing filter. You may need to escape the JSON string to remove characters that could prevent parsing, such as single or double-quotes.

For complete documentation on custom auditing filters, see Configure Audit Filters.

enabled
boolean

Defaults to false

Set to true to enable auditing for the project.

Name
Type
Description
auditAuthorizationSuccess
boolean
Indicates whether the auditing system captures successful authentication attempts for audit filters using the "atype" : "authCheck" auditing event. For more information, see auditAuthorizationSuccess
auditFilter
string
JSON-formatted audit filter used by the project
configurationType
string

Denotes the configuration method for the audit filter. Possible values are:

  • NONE - auditing not configured for the project.
  • FILTER_BUILDER - auditing configured via Atlas UI filter builder
  • FILTER_JSON - auditing configured via Atlas custom filter or API
enabled
boolean
Denotes whether or not the project associated with the {GROUP-ID} has database auditing enabled.
curl -u "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \
 --header "Accept: application/json" \
 --header "Content-Type: application/json" \
 --request PATCH "https://cloud.mongodb.com/api/atlas/v1.0/groups/{GROUP-ID}/auditLog" \
 --data '{
   "auditAuthorizationSuccess": false,
   "auditFilter": "{\"atype\" : \"authenticate\", \"param\" : {\"user\" : \"auditReadOnly\", \"db\" : \"admin\", \"mechanism\" : \"SCRAM-SHA-1\"} }",
   "enabled": true
   }'
{
   "auditAuthorizationSuccess": false,
   "auditFilter": "{\"atype\" : \"authenticate\", \"param\" : {\"user\" : \"auditReadOnly\", \"db\" : \"admin\", \"mechanism\" : \"SCRAM-SHA-1\"} }",
   "configurationType": "FILTER_JSON",
   "enabled": true
}

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.

Give Feedback