A newer version of this documentation is available.

View Latest

Auditing for Couchbase administrators

Auditing allows Couchbase administrators to track Couchbase Server’s activity by recording their actions.
In the current version, Couchbase Server provides auditing function for administrators.

Auditing function is a security control necessary to comply with regulatory standards.

Audit records capture Who does What, When, and How

  • Who refers to administrators performing an action. The Couchbase administrators authenticate using their account username, and the LDAP administrators authenticate using the LDAP user ID.

  • What refers to the administrative action being performed.

  • When refers to the UTC time stamp that corresponds to the action that has occurred.

  • How refers to the state of the event. In this case, it can be a success or a failure.

Only Couchbase processes can write audit records, which are asynchronous by default and stored as JSON files.

Configuring auditing with UI

Couchbase administrators with full privileges can configure auditing using the Couchbase Web Console.

To configure auditing, select Settings  Audit:

settings auditing
Enable auditing

Use the check box to enable or disable auditing.

Specify the directory

Specify the target directory path for storing the audit records.

Specify log rotation

This is a log rotation time interval (in Days, Hours, or Minutes), after which the log gets rotated to the next file.

Configuring with CLI

The following CLI syntax is used to configure Couchbase auditing for administrators:

couchbase-cli
          setting-audit  OPTIONS
          --audit-log-rotate-interval=[MINUTES]     //log rotation interval
          --audit-log-path=[PATH]                   //target log directory
          --audit-enabled=[0|1]                     //enable auditing or not