mongodb分为社区版和企业版,只有企业版才有审计功能。
mongodb的企业版下载链接:
https://www.mongodb.com/try/download/enterprise
安装mongodb的rpm包时会提示缺少依赖包,可通过yum的方式安装所需的依赖包
yum install net-snmp cyrus-sasl cyrus-sasl-plain cyrus-sasl-gssapi
安装完成后默认的配置文件为/etc/mongod.conf
vi mongod.conf …… auditLog: destination: file format: BSON path: /var/lib/mongo/auditLog.bson filter: '{ atype: "authenticate" }' ……
按照以上配置可打开mongod的登录日志。
使用mongo命令可登录mongodb的数据库,mongodb安装完成后,默认没有开启认证,可使用--auth的方式开启认证,进入数据库后,可使用如下命令为数据库添加test的账号
MongoDB Enterprise > use admin switched to db admin MongoDB Enterprise > db.createUser( ... { ... user:"test", ... pwd:"test1234", ... roles:[{role:"userAdminAnyDatabase",db:"admin"}] ... } ... ) Successfully added user: { "user" : "test", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] } MongoDB Enterprise > exit bye
测试如下:
mongo -port 27017 -u "test" -p "test1234" --authenticationDatabase "admin"
退出登录后,在/var/lib/mongo/auditLog.bson中会记录本次登录日志,该日志为bson格式,可使用mongodb提供的bsondump命令查看:
# ./bsondump /var/lib/mongo/auditLog.bson {"atype":"authenticate","ts":{"$date":{"$numberLong":"1599459319718"}},"local":{"ip":"127.0.0.1","port":{"$numberInt":"27017"}},"remote":{"ip":"127.0.0.1","port":{"$numberInt":"50458"}},"users":[{"user":"test","db":"admin"}],"roles":[{"role":"userAdminAnyDatabase","db":"admin"}],"param":{"user":"test","db":"admin","mechanism":"SCRAM-SHA-256"},"result":{"$numberInt":"0"}} 2020-09-07T15:31:48.051+0800 1 objects found
bsondump工具的下载链接:
https://www.mongodb.com/try/download/database-tools