Ability to to turn on audit log compression/deletion
Ops Manager currently allows the ability to rotate audit logs based on the threshold settings in the Update MongoDB Log Settings modal but audit.logs do not compress/delete as the mongodb.logs do from the same modal. We would like the ability to either toggle compression/deletion of audit.log in that modal or a separate modal. We think a separate modal would be better since audit.logs may be used for security forensics and require a longer retention period.
We are pleased to announce that Cloud Manager and Ops Manger (5.0.8) now have the ability to set up a different configuration for rotation of MongoDB Log and MongoDB Audit Log Files. This does depend on a feature available in MongoDB Enterprise Server 5.0 and up.
Documentation:
OM: https://docs.opsmanager.mongodb.com/current/tutorial/view-logs/index.html#configure-log-rotation
CM: https://docs.cloudmanager.mongodb.com/tutorial/view-logs/#configure-log-rotation
-
Kushal commented
Audit Logs should be managed fully including compression
Even better to add feature to copy logs to external storage before purging old logs.
-
Gregory commented
The ability to manage audit logs should be included in the product. They should have the ability to be separately configured from the mongod logs as requirements are different. Please add this functionality.
-
Wanted to provide an update on this request. I've investigated this issue with multiple internal teams and the path forward we are following follows. First we will update the UX and docs to better explain why audit logs are rotated but not compressed/deleted when automation is managing mongoDB logs. It is currently confusing and can be greatly improved.
Second, we will be able to consider supporting the compression/deletion of audit logs with automation when the MongoDB server logrotate command can handle mongodb system logs and audit logs separately (https://jira.mongodb.org/browse/SERVER-19470)
Please feel free to reach out directly if you have any comments/questions you prefer to make privately, melissa.plunkett@mongodb.com
-
Alexey commented
_**What is the problem that needs to be solved?**_ MongoDB Agent (Automation Module) doesn't have ability to configure Automation logs compression.
_**Why is it a problem? (the pain)**_ Current behavior of MongoDB Agent (Automation Module) to not allow to compress its logs is sub-optimal since MongoDB Agent (Automation Module) logs takes more disk space if its logs are kept uncompressed.
-
Note - The current behavior is intended hence the suggestion to add compression and deletion of audit logs is indeed a feature request. When the rotation for audit logs was added a significant portion of input at the time was that the same process that then compresses and deletes server logs should not impact audit logs as their use and security scope are often significantly different. However the input provided here will help direct if having a similar capability, set for only audit logs, is needed.
-
Simon commented
audit logs gets rotated, but never compressed and deleted. So that is a bug; not a feature.