Audit Events
Couchbase Server provides event-auditing, sending corresponding output to target files.
List of Audit Events
Events audited by Couchbase Server include successful and failed logins, events associated with cluster and bucket configuration, and the use of tools that require administrative privileges. Corresponding information is captured in output targets, which are files in JSON format.
Couchbase Server generates audit events whenever the following actions occur:
Login succeeded or failed |
Audit configuration changed |
Auditing enabled or disabled |
Node added to cluster |
Node removed from cluster |
Node failed over |
Cluster rebalanced |
System started or shut down |
Bucket created |
Bucket deleted |
Bucket flushed |
Bucket-settings modified |
Disk or index path changed |
Remote cluster-reference established |
Remote cluster-reference updated |
Remote cluster-reference deleted |
User added |
User removed |
XDCR reference created |
XDCR reference updated |
XDCR reference deleted |
XDCR replication paused or resumed |
XDCR replication-settings updated |
XDCR replication created |
XDCR replication canceled |
Auto failover enabled |
Auto failover disabled |
Auto failover-count reset |
Cluster alerts enabled |
Cluster alerts disabled |
Index-node added or removed |
Server-group created |
Node added to server-group |
Node removed from server-group |
Server-group deleted |
Password changed or reset |
FTS index created or updated |
FTS index deleted |
FTS index control-command issued |
FTS configuration refreshed |
FTS configuration replanned |
GC run triggered |
CPU profiling started |
Memory profiling started |
Self-signed SSL certificate regenerated |
LDAP authentication-settings modified |
Encryption key-rotation requested |
Compaction settings modified |
Audit Output Examples
For examples of the output generated in correspondence with audited events, see the section Audit Targets.