Audit Logging
Audit logging is a separate optional log file that allows you to track events associated with administrative, management, and end-user operations made in Couchbase Edge Server. These logs are presented as a JSON-lines formatted series of events.
Audit logs typically include:
-
A timestamp for each event.
-
The nature of each event, such as a login attempt.
-
The outcome of each event, such as success or failure.
-
The user or system component that initiated the event.
Logs are immutable and cannot be altered once recorded.
You can configure the following options for your audit log file as show in the configuration options table.
For more information, see Edge Server Configuration Schema.
Key |
Type |
Value |
|
String |
Filename of audit log. |
|
Boolean |
If true, audit events omit their |
|
Array or |
Array of audit events to enable, |
|
Array or |
Array of audit events to disable, |
If audit.omit_description is true in the audit configuration, the description field is not included.
|
Audit Events have four core components:
Key | Type | Value |
---|---|---|
|
Integer |
Identifies the audit event type. |
|
String |
An ISO-8601 timestamp. |
|
String |
Name of the Audit Event, based on its |
|
String |
A longer, more detailed description of the event type. |
The following table lists all Audit Log Events that can be captured in the Couchbase Edge Server audit log file.
If Enabled is true , the audit events are logged in the audit log file unless it’s within the audit.disabled array.
|
Audit Event ID | Description | Enabled? |
---|---|---|
|
Server Started. |
|
|
Server Stopped. |
|
|
Public HTTP request. |
|
|
User authenticated. |
|
|
User auth failed. |
|
|
Read database. |
|
|
Read all databases. |
|
|
Changes feed started. |
|
|
Changes feed ended. |
|
|
Replication client connect. |
|
|
Replication client disconnect. |
|
|
Inter-server replication start. |
|
|
Inter-server replication stop. |
|
|
Inter-server replication conflict. |
|
|
Create document. |
|
|
Read document. |
|
|
Update document. |
|
|
Delete document. |
|
|
Read document metadata. |
|
|
Query |
|