1. Specify the filter in mongodB cofiguration file.
filter: '{ atype:
{ $in: [ "createCollection", "dropCollection" ] }
}'
2.Open a session, watch for any audit log change:
tail -f auditLog.bson
3.Open another session and login as root
mongo admin -u admin -p 123456
4. Add a new database test
MongoDB Enterprise > use test
switched to db test
5. Create a collection, as you can see, the audit log will have the relevant entry.
MongoDB Enterprise > db.t1.insert({name:'david'})
WriteResult({ "nInserted" : 1 })
6. Drop a collection, the audit filter also works well.
db.t1.drop()
true
7. Create the collection again
MongoDB Enterprise > db.t1.insert({name:'david'})
WriteResult({ "nInserted" : 1 })
8.Show Collections
MongoDB Enterprise > show collections
t1
9. Drop database test
MongoDB Enterprise > db.dropDatabase()
{ "dropped" : "test", "ok" : 1 }
10.
MongoDB Enterprise > db.getName()
test
11.Show Collections
MongoDB Enterprise > show collections
As you can see, after dropping the database, the collection is removed cascadingly without leave any audit entry.