Details
Track access and changes to database configurations and data. MongoDB Enterprise includes a system auditing facility that can record system events (e.g. user operations, connection events) on a MongoDB instance. These audit records permit forensic analysis and allow administrators to verify proper controls.
Rationale:
System level logs can be handy while troubleshooting an operational problem or handling a security incident.
Solution
Set the value of auditLog.destination to the appropriate value from the following options:
syslog
To enable auditing and print audit events to syslog
mongod –dbpath data/db –auditDestination syslog
console
To enable auditing and print audit events to standard output (i.e., stdout)
mongod –dbpath data/db –auditDestination console
Json File
To enable auditing and print audit events to a file in JSON format. Printing audit events to file in JSON format degrades server performance more than printing to a file in BSON format.
mongod –dbpath data/db –auditDestination file –auditFormat JSON –auditPath data/db/auditLog.json
Bson File
To enable auditing and print audit events to a file in BSON binary format
mongod –dbpath data/db –auditDestination file –auditFormat BSON –auditPath data/db/auditLog.bson
Default Value:
Not configured
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Windows.