Auditing

Auditing

Actions performed on Couchbase Server can be audited. This allows a full administrator to ensure that system-management tasks are being appropriately performed. This potentially facilitates compliance with regulatory standards.

Audit Records and their Content

The records created by the Couchbase Auditing facililty capture information on who has performed what action, when, and how successfully:

  • Who: The administrator performing actions. To access the system, each administrator has authenticated, either locally or by means of LDAP: and is therefore identifiable throughout their session.

  • What: The action performed. 30 different kinds of action are tracked by Couchbase Server.

  • When: The UTC time stamp that corresponds to each recorded action.

  • How: The success or failure of the action.

Audit records are created by Couchbase Server-processes, which run asynchronously. Each record is stored as a JSON file, which can be retrieved and inspected.

Audit Configuration

Only a Full Administrator can configure auditing. Configuration is performed by means of the Couchbase Web Console. Proceed as follows.

Access the Couchbase Web Console, and left-click on the Security tab, in the vertical navigation-bar, at the left-hand side of the Dashboard:

This brings up the Security screen, which appears as follows:

The initial, default view is for Users. To select auditing, left-click on the Audit tab, on the horizontal control-bar, near the top:

This brings up the Audit view:

To enable auditing, check the Enable Auditing checkbox:

This makes the default pathname within the Target Log Directory text-field editable. If you wish to modify the pathname, enter the appropriate content. Records will be saved to the directory you specify.

The Log Rotation Time Interval determines how often stored log files — referred to as targets — are rotated: this means that the current default file, to which records are being written, named audit.log is saved under a new name, which features an appended timestamp. For example: usermachinename.local-2017-03-16T15-42-18-audit.log.

The number of units is specified by changing the number 1, which appears in the interactive field by default. The unit-type is specified by means of the pull-down menu, at the right-hand side of the field:

Note that the value you establish must be in the range from 15 minutes to 7 days.

Configuring with CLI

The following CLI syntax is used to configure Couchbase auditing for administrators:

couchbase-cli 
          setting-audit  OPTIONS
          --audit-log-rotate-interval=[MINUTES]     //log rotation interval
          --audit-log-path=[PATH]                   //target log directory
          --audit-enabled=[0|1]                     //enable auditing or not

See setting-audit for details.

Understanding Audit Events

Audit events are defined by Couchbase, and are automatically generated when auditing is enabled, in correspondence with defined actions. Corresponding data is written to target-files. For a complete list of events, see the section Audit Events.