A newer version of this documentation is available.

View Latest

Audit Events

Couchbase Server provides rich administrative auditing for over 25 administrative events and captures them in output target files.

Couchbase Server captures administrative events such as successful and failed logins, events associated with cluster and bucket configuration and with the use of tools that require administrative privileges. These auditable events are captured in the output targets, which are files in JSON format.

Couchbase Server generates audit events for the following admin actions and performed by the administrators that belong to specified administrative roles:

Table 1. Administrative Audit Events
Administrator Audit Event

Success/Failure logins for administrators

Audit configuration changes

Enable/Disable audit

Add a node to the cluster

Remove a node from the cluster

Fail over a node

Rebalance the cluster

Shutdown/Startup of the system by the administrator

Create a bucket

Delete a bucket

Flush a bucket

Modify bucket settings

Change the configured disk and index path

Add the Read-only Administrator

Remove the Read-only Administrator

Add an administrator

Remove an administrator

Setup a remote cluster reference

Delete a remote cluster reference

Changes to XDCR

Creating/deleting the XDCR profile

Pause-resume the XDCR stream

Changing XDCR filter rules

Add/remove a query node

Add/remove an index node

Create a server group

Add a node to the server group

Remove a node from the server group

Delete the server group

Administrative password changes/resets