A newer version of this documentation is available.

View Latest


    Actions performed on Couchbase Server can be audited. This allows a full administrator to ensure that system-management tasks are being appropriately performed. This potentially facilitates compliance with regulatory standards.

    Audit Records and their Content

    The records created by the Couchbase Auditing facililty capture information on who has performed what action, when, and how successfully:

    • Who: The administrator performing actions. To access the system, each administrator has authenticated, either locally or by means of LDAP: and is therefore identifiable throughout their session.

    • What: The action performed. 30 different kinds of action are tracked by Couchbase Server.

    • When: The UTC time stamp that corresponds to each recorded action.

    • How: The success or failure of the action.

    Audit records are created by Couchbase Server-processes, which run asynchronously. Each record is stored as a JSON file, which can be retrieved and inspected.

    Note that event-auditing occurs on a per node basis: each node captures its own events only. If a cluster-wide record is needed, the individual per node records must be manually consolidated by the administrator.

    Audit Configuration

    Only a Full Administrator can configure auditing. Configuration is performed by means of the Couchbase Web Console. Proceed as follows.

    Access the Couchbase Web Console, and left-click on the Security tab, in the vertical navigation-bar, at the left-hand side of the Dashboard:


    This brings up the Security screen, which appears as follows:


    The initial, default view is for Users. To select auditing, left-click on the Audit tab, on the horizontal control-bar, near the top:


    This brings up the Audit view:


    To enable auditing, check the Enable Auditing checkbox:


    This makes the default pathname within the Target Log Directory text-field editable. If you wish to modify the pathname, enter the appropriate content. Records will be saved to the directory you specify.

    The Log Rotation Time Interval determines how often stored log files — referred to as targets — are rotated: this means that the current default file, to which records are being written, named audit.log is saved under a new name, which features an appended timestamp. For example: usermachinename`.local-2017-03-16T15-42-18-audit.log`.

    The number of units is specified by changing the number 1, which appears in the interactive field by default. The unit-type is specified by means of the pull-down menu, at the right-hand side of the field:


    Note that the value you establish must be in the range from 15 minutes to 7 days.

    Configuring with CLI

    The following CLI syntax is used to configure Couchbase auditing for administrators:

              setting-audit  OPTIONS
              --audit-log-rotate-interval=[MINUTES]     //log rotation interval
              --audit-log-path=[PATH]                   //target log directory
              --audit-enabled=[0|1]                     //enable auditing or not

    See setting-audit for details.

    Understanding Audit Events

    Audit events are defined by Couchbase, and are automatically generated when auditing is enabled, in correspondence with defined actions. Corresponding data is written to target-files. For a complete list of events, see the section Audit Events.