MongoDBquery~30 mins

Audit logging basics in MongoDB - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Audit logging basics

📖 Scenario: You are a database administrator setting up audit logging in MongoDB to track important actions for security and compliance.

🎯 Goal: Learn how to enable audit logging in MongoDB by creating the initial audit configuration, setting audit filters, and verifying audit logs.

📋 What You'll Learn

Create an audit configuration file with specific settings

Add a filter to log only authentication events

Enable audit logging in MongoDB using the configuration file

Verify audit logs contain expected entries

💡 Why This Matters

🌍 Real World

Audit logging helps track who accessed or changed data in MongoDB, which is important for security and compliance in real companies.

💼 Career

Database administrators and DevOps engineers use audit logging to monitor database activity and meet regulatory requirements.

Progress0 / 4 steps

Create audit configuration file

Create a file named auditConfig.json with the following JSON content exactly: {"auditLog": {"destination": "file", "format": "JSON", "path": "/var/log/mongodb/auditLog.json"}}

MongoDB

# Create the file auditConfig.json with the exact JSON content
# Your code here

Need a hint?

Use a text editor to create auditConfig.json with the exact JSON structure shown.

Add audit filter for authentication events

Add a new key filter inside auditLog in auditConfig.json with the value {"atype": {"$in": ["authCheck", "authenticate"]}} to log only authentication events.

MongoDB

{"auditLog": {"destination": "file", "format": "JSON", "path": "/var/log/mongodb/auditLog.json"}}
# Add the filter key inside auditLog to log only authCheck and authenticate events
# Your code here

Need a hint?

Insert the filter key inside the auditLog object with the exact JSON filter value.

Enable audit logging in MongoDB

Start MongoDB with the audit configuration file by running the command

mongod --auditDestination file --auditFormat JSON --auditPath /var/log/mongodb/auditLog.json --auditFilter '{"atype": {"$in": ["authCheck", "authenticate"]}}'

in the terminal.

MongoDB

{"auditLog": {"destination": "file", "format": "JSON", "path": "/var/log/mongodb/auditLog.json", "filter": {"atype": {"$in": ["authCheck", "authenticate"]}}}}
# Run the mongod command below to start MongoDB with audit logging enabled
# Your code here

Need a hint?

Use the mongod command with the exact flags and values to enable audit logging.

Verify audit log entries

Run cat /var/log/mongodb/auditLog.json in the terminal to display the audit log file contents and confirm it contains entries with "atype": "authCheck" or "atype": "authenticate".

MongoDB

{"auditLog": {"destination": "file", "format": "JSON", "path": "/var/log/mongodb/auditLog.json", "filter": {"atype": {"$in": ["authCheck", "authenticate"]}}}}
mongod --auditDestination file --auditFormat JSON --auditPath /var/log/mongodb/auditLog.json --auditFilter '{"atype": {"$in": ["authCheck", "authenticate"]}}'
# Run the command below to display the audit log contents
# Your code here

Need a hint?

Use cat to read the audit log file and check for authentication event entries.