Amazon DocumentDB will optionally record audit events for certain operations. In the last section you enabled audit logs along with the profiler. In this section you will explore the audit event data.
You can see the audit logs by going to the Amazon CloudWatch console, selecting
Logs -> Log groups in the navigation pane, and searching for the Log group
Click on the
audit log group and you will see a log stream for each database instance.
Click on a log stream to see the audit log contents.
Supported events include authentication and creating databases and collections, so you can try out a few sample commands and watch for the audit events to appear. For example, on Cloud 9, open a Mongo shell and insert a document into a new collection:
You will see an audit event corresponding to the creation of the new collection.
You can do simple log filtering by typing a search into into the
Log events search box. For example, to look only for events affecting the user
For more advanced analysis, you can use Amazon CloudWatch Logs Insights. Go to the
Insights part of the Amazon CloudWatch console.
/aws/docdb/ into the search box to filter the available log groups, and select the log group for your database’s audit events.
Enter this query to only look at
filter atype="createCollection" | sort millis desc | limit 10