Auditing for Administrators
Only the Full Administrators can configure auditing.
Auditing function is a security control necessary to comply with regulatory standards.
Audit records capture Who does What, When, and How
- Who refers to administrators performing an action. The Couchbase administrators authenticate using their account username, and the LDAP administrators authenticate using the LDAP user ID.
- What refers to the administrative action being performed.
- When refers to the UTC time stamp that corresponds to the action that has occurred.
- How refers to the state of the event. In this case, it can be a success or a failure.
Only Couchbase processes can write audit records, which are asynchronous by default and stored as JSON files.
Configuring Auditing with UI
Only the full Couchbase administrators can configure auditing using the Couchbase Web Console.
To configure auditing select::
- Enable auditing
- Use the check box to enable or disable auditing.
- Specify the target log directory
- Specify the target directory path for storing the audit records.
- Specify log rotation
- This is a log rotation time interval (in Days, Hours, or Minutes), after which the log gets rotated to the next file.
Configuring with CLI
The following CLI syntax is used to configure Couchbase auditing for administrators:
couchbase-cli setting-audit OPTIONS --audit-log-rotate-interval=[MINUTES] //log rotation interval --audit-log-path=[PATH] //target log directory --audit-enabled=[0|1] //enable auditing or not