Audit Events

Audit Events

Couchbase Server provides event-auditing, sending corresponding output to target files.

List of Audit Events

Events audited by Couchbase Server include successful and failed logins, events associated with cluster and bucket configuration, and the use of tools that require administrative privileges. Corresponding information is captured in output targets, which are files in JSON format.

Couchbase Server generates audit events whenever the following actions occur:

Table 1. Administrative Audit Events
Login succeeded or failed Audit configuration changed Auditing enabled or disabled
Node added to cluster Node removed from cluster Node failed over
Cluster rebalanced System started or shut down Bucket created
Bucket deleted Bucket flushed Bucket-settings modified
Disk or index path changed Remote cluster-reference established Remote cluster-reference updated
Remote cluster-reference deleted User added User removed
XDCR reference created XDCR reference updated XDCR reference deleted
XDCR replication paused or resumed XDCR replication-settings updated XDCR replication created
XDCR replication canceled Auto failover enabled Auto failover disabled
Auto failover-count reset Cluster alerts enabled Cluster alerts disabled
Index-node added or removed Server-group created Node added to server-group
Node removed from server-group Server-group deleted Password changed or reset
FTS index created or updated FTS index deleted FTS index control-command issued
FTS configuration refreshed FTS configuration replanned GC run triggered
CPU profiling started Memory profiling started Self-signed SSL certificate regenerated
LDAP authentication-settings modified Encryption key-rotation requested Compaction settings modified

Audit Output Examples

For examples of the output generated in correspondence with audited events, see the section Audit Targets.