Audit Logging

      +

      Audit logging is a separate optional log file that allows you to track events associated with administrative, management, and end-user operations made in Couchbase Edge Server. These logs are presented as a JSON-lines formatted series of events.

      Audit logs typically include:

      • A timestamp for each event.

      • The nature of each event, such as a login attempt.

      • The outcome of each event, such as success or failure.

      • The user or system component that initiated the event.

      Logs are immutable and cannot be altered once recorded.

      You can configure the following options for your audit log file as show in the configuration options table.

      For more information, see Edge Server Configuration Schema.

      Table 1. Audit Log Configuration Options

      Key

      Type

      Value

      audit.file

      String

      Filename of audit log.

      audit.omit_description

      Boolean

      If true, audit events omit their description.

      audit.enable

      Array or "*"

      Array of audit events to enable, "*" enables all events.

      audit.disable

      Array or "*"

      Array of audit events to disable, "*" disables all events.

      If audit.omit_description is true in the audit configuration, the description field is not included.

      Audit Events have four core components:

      Table 2. Audit Log Event Breakdown
      Key Type Value

      id

      Integer

      Identifies the audit event type.

      timestamp

      String

      An ISO-8601 timestamp.

      name

      String

      Name of the Audit Event, based on its id.

      description

      String

      A longer, more detailed description of the event type.

      The following table lists all Audit Log Events that can be captured in the Couchbase Edge Server audit log file.

      If Enabled is true, the audit events are logged in the audit log file unless it’s within the audit.disabled array.
      Table 3. Audit Log Events
      Audit Event ID Description Enabled?

      57344

      Server Started.

      true

      57345

      Server Stopped.

      true

      57346

      Public HTTP request.

      false

      57347

      User authenticated.

      true

      57348

      User auth failed.

      true

      57349

      Read database.

      false

      57350

      Read all databases.

      true

      57351

      Changes feed started.

      true

      57352

      Changes feed ended.

      true

      57353

      Replication client connect.

      true

      57354

      Replication client disconnect.

      true

      57355

      Inter-server replication start.

      true

      57356

      Inter-server replication stop.

      true

      57357

      Inter-server replication conflict.

      true

      57358

      Create document.

      false

      57359

      Read document.

      false

      57360

      Update document.

      false

      57361

      Delete document.

      false

      57362

      Read document metadata.

      false

      57363

      Query

      true