Modifies audit log settings (EE only)
couchbase-cli setting-audit [--cluster <url>] [--username <user>]
[--password <password>] [--list-filterable-events] [--get-settings]
[--set] [--audit-enabled <1|0>] [--audit-log-path <path>]
[--audit-log-rotate-interval <seconds>] [--audit-log-rotate-size <bytes>]
[--disabled-users <user-list>] [--disable-events <event-list>]
Some of these options are only available in Couchbase Server 6.5.1 and later. Refer to OPTIONS for details.
Auditing is used to observe the action of users in the cluster. It is usually turned on for security purposes to ensure that those without permission to access information do not access it. By default auditing is disabled in Couchbase. The setting-audit command can be used to enable and disable auditing, set the auditing log path, and change the auditing log rotation interval; in Couchbase Server 6.5.1 and later, the command can also be used to retrieve the current auditing configuration, retrieve the auditable events and descriptions, and disable auditing for certain users and events.
- --list-filterable-events
-
(Couchbase Server 6.5.1 and later.) Returns a table or a JSON list (if --output json used) with all the event IDs with their descriptions.
- --get-settings
-
(Couchbase Server 6.5.1 and later.) Returns the current audit settings including which events are disabled and which are enabled.
- --set
-
(Couchbase Server 6.5.1 and later.) Sets the cluster audit settings.
- --audit-enabled <num>
-
Specifies whether or not auditing is enabled. To enabled auditing set this option to "1". To disable auditing set this option to "0".
- --audit-log-path <path>
-
Specifies the auditing log path. This should be a path to a folder where the auditing log is kept. The folder must exist on all servers in the cluster.
- --audit-log-rotate-interval <seconds>
-
Specifies the audit log rotate interval. This is the interval in which the current audit log will be replaced with a new empty audit log file. The log file is rotated to ensure that the audit log does not consume too much disk space. The minimum audit log rotate interval is 15 minutes (900 seconds).
- --audit-log-rotate-size <bytes>
-
Specifies the audit log rotate size. This is the size at which the current audit log will be replaced with a new empty audit log file. The log file is rotated to ensure that the audit log does not consume too much disk space. The minimum audit log rotate size is 0 bytes and maximum is 524,288,000 (500MB). When it is set to 0 the log will not be rotated based on size.
- --disabled-users <user-list>
-
(Couchbase Server 6.5.1 and later.) A comma separated list of users to ignore events from.
- --disable-events <events-list>
-
(Couchbase Server 6.5.1 and later.) A comma separated list of events IDs to disable auditing for (e.g 8243,8255,8257). To retrieve information of what event ID maps to what event use the --list-filterable-events to retrieve a list of IDs with descriptions.
(Unless otherwise specified, the examples below are only applicable to Couchbase Server 6.5.1 and later.)
To get the current audit settings run the command below.
$ couchbase-cli setting-audit -c 192.168.1.5:8091 --username Administrator \ --password password --get-settings
If auditing is disabled the expected output will be of the form (all the
commands can return json if --output json is provided):
Audit enabled: False UUID: 44726500 Log path: /opt/couchbase/var/lib/couchbase/logs Rotate interval: 86400 Rotate size: 20971520 Disabled users: []
To retrieve the list of events that can be audited use the command:
$ couchbase-cli setting-audit -c 192.168.1.5:8091 --username Administrator \ --password password --list-filterable-events
ID | Module | Name | Description ------------------------------------------------------------------------------------- 36865 | analytics | Service configuration change | A successful service configuration change was made. 36866 | analytics | Node configuration change | A successful node configuration change was made. 32768 | eventing | Create Function | Eventing function definition was created or updated .... 40961 | view_engine | Delete Design Doc | Design Doc is Deleted 40962 | view_engine | Query DDoc Meta Data | Design Doc Meta Data Query Request 40963 | view_engine | View Query | View Query Request 40964 | view_engine | Update Design Doc | Design Doc is Updated
To enable auditing on a cluster and set the audit log to the default logs folder on a Linux installation with a log rotate interval of 7 days, run the command below.
Couchbase Server 6.5:
$ couchbase-cli setting-audit -c 192.168.1.5:8091 --username Administrator \ --password password --audit-enabled 1 --audit-log-rotate-interval 604800 \ --audit-log-path /opt/couchbase/var/lib/couchbase/logs
Couchbase Server 6.5.1 and later:
$ couchbase-cli setting-audit -c 192.168.1.5:8091 --username Administrator \ --password password --set --audit-enabled 1 --audit-log-rotate-interval 604800 \ --audit-log-path /opt/couchbase/var/lib/couchbase/logs
To enable auditing on a cluster and set the audit log to the default logs folder on a Linux installation with a log rotate size of 20MB, run the command below.
Couchbase Server 6.5:
$ couchbase-cli setting-audit -c 192.168.1.5:8091 --username Administrator \ --password password --audit-enabled 1 --audit-log-rotate-size 20971520 \ --audit-log-path /opt/couchbase/var/lib/couchbase/logs
Couchbase Server 6.5.1 and later:
$ couchbase-cli setting-audit -c 192.168.1.5:8091 --username Administrator \ --password password --set --audit-enabled 1 --audit-log-rotate-size 20971520 \ --audit-log-path /opt/couchbase/var/lib/couchbase/logs
To enable auditing on a cluster, set the audit log to the default logs folder on a Linux installation with a log rotate size of 20MB, disable auditing for users backup and restore, and disable auditing for event 40964 and 40963, run the command below.
$ couchbase-cli setting-audit -c 192.168.1.5:8091 --username Administrator \ --password password --set --audit-enabled 1 --audit-log-rotate-size 20971520 \ --audit-log-path /opt/couchbase/var/lib/couchbase/logs \ --disabled-users backup,restore --disable-events 40964,40963
To disable auditing run the following command.
Couchbase Server 6.5:
$ couchbase-cli setting-audit -c 192.168.1.5:8091 --username Administrator \ --password password --audit-enabled 0
Couchbase Server 6.5.1 and later:
$ couchbase-cli setting-audit -c 192.168.1.5:8091 --username Administrator \ --password password --set --audit-enabled 0
man:couchbase-cli-admin-role-manage[1], man:couchbase-cli-ssl-manage[1]