Auditing for Administrators

Auditing for Administrators

Only the Full Administrators can configure auditing.

Auditing function is a security control necessary to comply with regulatory standards.

Audit records capture Who does What, When, and How

  • Who refers to administrators performing an action. The Couchbase administrators authenticate using their account username, and the LDAP administrators authenticate using the LDAP user ID.
  • What refers to the administrative action being performed.
  • When refers to the UTC time stamp that corresponds to the action that has occurred.
  • How refers to the state of the event. In this case, it can be a success or a failure.

Only Couchbase processes can write audit records, which are asynchronous by default and stored as JSON files.

Configuring Auditing with UI

Only the full Couchbase administrators can configure auditing using the Couchbase Web Console.

To configure auditing select: Security > Audit:

Specify the following fields:
Setting Description
Enable auditing Use the check box to enable or disable auditing.
Target log directory Specify the target directory path for storing the audit records.
Log rotation time interval Specify the time interval. This is a log rotation time interval (in Days, Hours, or Minutes), after which the log gets rotated to the next file.

Configuring with CLI

The following CLI syntax is used to configure Couchbase auditing for administrators:

couchbase-cli 
          setting-audit  OPTIONS
          --audit-log-rotate-interval=[MINUTES]     //log rotation interval
          --audit-log-path=[PATH]                   //target log directory
          --audit-enabled=[0|1]                     //enable auditing or not