Audit Events

Audit Events

Couchbase Server provides rich administrative auditing for over 25 administrative events and captures them in output target files.

Couchbase Server captures administrative events such as successful and failed logins, events associated with cluster and bucket configuration and with the use of tools that require administrative privileges. These auditable events are captured in the output targets, which are files in JSON format.

Couchbase Server generates audit events for the following admin actions and performed by the administrators that belong to specified administrative roles:

Administrative Audit Events:
  • Success/Failure logins for administrators
  • Audit configuration changes
  • Enable/Disable audit
  • Add a node to the cluster
  • Remove a node from the cluster
  • Fail over a node
  • Rebalance the cluster
  • Shutdown/Startup of the system by the administrator
  • Create a bucket
  • Delete a bucket
  • Flush a bucket
  • Modify bucket settings
  • Change the configured disk and index path
  • Add the Read-only Administrator
  • Remove the Read-only Administrator
  • Add an administrator
  • Remove an administrator
  • Setup a remote cluster reference
  • Delete a remote cluster reference
  • Changes to XDCR
  • Creating/deleting the XDCR profile
  • Pause-resume the XDCR stream
  • Changing XDCR filter rules
  • Add/remove a query node
  • Add/remove an index node
  • Create a server group
  • Add a node to the server group
  • Remove a node from the server group
  • Delete the server group
  • Administrative password changes/resets