Audit Targets

Audit Targets

The target of a Couchbase Server audit is a JSON file, which is rotated after a configured time interval and whose location path is configurable.

Audit Log Targets

Auditable events are captured in JSON files that contain detailed audit fields.

For the output JSON files, Couchbase administrators can configure:

  • Target file paths.The default path for the security audit logs is /opt/couchbase/var/lib/couchbase/logs.
  • Time based log rotation.

An audit record for a successful login is shown:

{
  "timestamp":"2015-02-20T08:48:49.408-08:00", 
  "id":8192, 
   "name":"login success", 
   "description":"Successful login to couchbase cluster",                              
   "role":"admin", 
   "real_userid": {
                                "source":"ns_server",
                                "user":"bjones"
                              },
   "sessionid":"0fd0b5305d1561ca2b10f9d795819b2e", 
   "remote":{"ip":"172.23.107.165", "port":59383}
}
In this example, a user named bjones has successfully logged into a Couchbase cluster using the domain IP address 172.23.107.165.
Note: When an audit log reaches its maximum size (20MB), the log rollover is triggered automatically and doesn't have to be set up in advance. The log file name will be same as with the time based rollover.