Auditing new/changed collections, Indexes, Release Automation,

Hi,

In administering multiple environments in other persistence layers, we normally rely on tools such as schema compare (found in redgate, quest, modeling tools, or could be done by querying metadata directly) to look for “drift” across various environments in the schema definition (DEV <-> TST <-> UAT <-> PRD).

I’m wondering if something similar exists in MongoDB or is offered by a 3rd party tool, to facilitate keeping the various environments or databases in synch and ensure they have consistent definitions and if not, whether it’s due to an in-flight release, or an unintended difference that needs to be reconciled.

A second part of the question is whether there are dates associated with collections. This question arises in the context of trying to better understand the origin of objects that come up on a difference report (see prior paragraph), and being unsure who created them, when, or why, and whether they are meant to be deployed further or not. Per the documentation, it looks like collection create date is not a part of the metadata. If so, is there auditing that could be enabled that would trigger a write to a new “audit” type collection perhaps – with the change, who made it, and the date – and whether a library for this already exists, and what the possible performance overhead may be with this?

Thanks
Eugene

Hello @GenePHL, welcome to the MongoDB Community forum.

This is some basic information.

The server logs (Log Messages) have the information about all the actions on a server. Logs have timestamps and log components specifying the functional categorization of the messages. I see that the mtools (a tool which is used to study logs, apply filters, format, etc.) can be used to get relevant information, for example the authentication / access by a particular user on a particular date/time.

The user authentication and authorization (MongoDB Security) when enabled and configured will provide who did what and when information in the logs. Security can also control which individual or groups can do what - in an organized and centralized manner.

Also see Security Auditing and a related post: Update auditLog configuration without restart.

1 Like