A newer version of this documentation is available.

View Latest

Audit Events

Couchbase Server provides event-auditing, sending corresponding output to target files.

List of Audit Events

Events audited by Couchbase Server include successful and failed logins, events associated with cluster and bucket configuration, and the use of tools that require administrative privileges. Corresponding information is captured in output targets, which are files in JSON format.

Couchbase Server generates audit events whenever the following actions occur:

Table 1. Administrative Audit Events

Login succeeded or failed

Audit configuration changed

Auditing enabled or disabled

Node added to cluster

Node removed from cluster

Node failed over

Cluster rebalanced

System started or shut down

Bucket created

Bucket deleted

Bucket flushed

Bucket-settings modified

Disk or index path changed

Remote cluster-reference established

Remote cluster-reference updated

Remote cluster-reference deleted

User added

User removed

XDCR reference created

XDCR reference updated

XDCR reference deleted

XDCR replication paused or resumed

XDCR replication-settings updated

XDCR replication created

XDCR replication canceled

Auto failover enabled

Auto failover disabled

Auto failover-count reset

Cluster alerts enabled

Cluster alerts disabled

Index-node added or removed

Server-group created

Node added to server-group

Node removed from server-group

Server-group deleted

Password changed or reset

FTS index created or updated

FTS index deleted

FTS index control-command issued

FTS configuration refreshed

FTS configuration replanned

GC run triggered

CPU profiling started

Memory profiling started

Self-signed SSL certificate regenerated

LDAP authentication-settings modified

Encryption key-rotation requested

Compaction settings modified

Bucket compression mode modified

Bucket TTL modified

Audit Output Examples

For examples of the output generated in correspondence with audited events, see the section Audit Targets.