From MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide
Part of SRG-APP-000359-DB-000319
Associated with: CCI-001855
Organizations are required to use a central log management system, so, under normal conditions, the audit space allocated to MongoDB on its own server will not be an issue. However, space will still be required on MongoDB server for audit records in transit, and, under abnormal conditions, this could fill up. Since a requirement exists to halt processing upon audit failure, a service outage would result.
A MongoDB audit log that is configured to be stored in a file is identified in the MongoDB configuration file (default: /etc/mongod.conf) under the "auditLog:" key and subkey "destination:" where "destination" is "file". If this is the case then the "AuditLog:" subkey "path:" determines where (device/directory) that file will be located. View the mongodb configuration file (default location: /etc/mongod.conf) and identify how the "auditlog.destination" is configured. When the "auditlog.destination" is "file", this is a finding.
View the mongodb configuration file (default location: /etc/mongod.conf) and view the "auditlog.path" to identify the storage volume. Install MongoDB Ops Manager or other organization approved monitoring software. Configure the required alert in the monitoring software to send an alert where storage volume holding the auditLog file utilization reaches 75%.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer