Amazon DocumentDB will optionally record audit events for certain operations. In the last section we enabled audit logs along with the profiler. In this section we’ll explore the audit event data.
You can see the audit logs by going to the Amazon CloudWatch console, selecting
Logs -> Log groups in the navigation pane, and searching for the Log group
Click on the log group and you’ll see a log stream for the affected database instance(s).
Click on the log stream and you’ll see example log output.
Supported events include authentication and creating databases and collections, so you can try out a few sample commands and watch for the audit events to appear. For example, on Cloud 9, open a Mongo shell, and try:
You should see an audit event for the new collection creation.
You can do simple log filtering by typing a search into into the
Log events search box. For example, to look only for events affecting the user
For more advanced analysis, you can use Amazon CloudWatch Logs Insights
For example, let’s go to the
Insights part of the Amazon CloudWatch console.
/aws/docdb/ into the search box to start filtering the available log groups, and select the log group for your database’s audit events.
Enter this query to only look at
filter atype="createCollection" | sort millis desc | limit 10