Audit Events

Audit Events

Couchbase Server provides rich administrative auditing for over 25 administrative events and captures them in output target files.

Couchbase Server captures administrative events such as successful and failed logins, events associated with cluster and bucket configuration and with the use of tools that require administrative privileges. These auditable events are captured in the output targets, which are files in JSON format.

Couchbase Server generates audit events for the following admin actions and performed by the administrators that belong to specified administrative roles:

Table 1. Administrative Audit Events
Administrator Audit Event
Success/Failure logins for administrators
Audit configuration changes
Enable/Disable audit
Add a node to the cluster
Remove a node from the cluster
Fail over a node
Rebalance the cluster
Shutdown/Startup of the system by the administrator
Create a bucket
Delete a bucket
Flush a bucket
Modify bucket settings
Change the configured disk and index path
Add the Read-only Administrator
Remove the Read-only Administrator
Add an administrator
Remove an administrator
Setup a remote cluster reference
Delete a remote cluster reference
Changes to XDCR
Creating/deleting the XDCR profile
Pause-resume the XDCR stream
Changing XDCR filter rules
Add/remove a query node
Add/remove an index node
Create a server group
Add a node to the server group
Remove a node from the server group
Delete the server group
Administrative password changes/resets