How would I be able to access the audit-log-file
in a Trigger that is configured to use AWS EventBridge?
After reading your most recent comment, the mongodb-audit-log
file contents may not be necessary as it seems you are after a more immediate notification style alert rather than viewing / auditing the information in a log. Please correct me if I am wrong here. In any case, the trigger won’t be able to access the contents of the log file.
I really need to know if what I am trying to do is even possible from a MongoDB Atlas standpoint, that way I can look at other options of notifying the user.
Via triggers, you won’t be able to see the $addToSet
or $pull
operation in detail like what was shown in the log examples in my previous comment:
mongodb-audit-log example lines:
/// For db.testcollection.updateOne({a:1},{$addToSet:{colours:"red"}})
{ "atype" : "authCheck", "ts" : { "$date" : "2022-05-18T04:11:31.515+00:00" },..."param" : { "command" : "update", "ns" : "myFirstDatabase.testcollection", "args" : { "update" : "testcollection", "updates" : [ { "q" : { "a" : 1 }, "u" : { "$addToSet" : { "colours" : "red" } } } ],...
/// For db.testcollection.updateOne({a:1},{$pull:{colours:"red"}})
{ "atype" : "authCheck", "ts" : { "$date" : "2022-05-18T04:11:47.555+00:00" },..."param" : { "command" : "update", "ns" : "myFirstDatabase.testcollection", "args" : { "update" : "testcollection", "updates" : [ { "q" : { "a" : 1 }, "u" : { "$pull" : { "colours" : "red" } } } ],...
In saying so, perhaps usage of the triggers containing the contents of the fullDocument
and fullDocumentBeforeChange
. The following examples are log lines from an test trigger function:
/// Performed `db.arraycoll.update({j:1},{$addToSet:{colours:"grey"}})`
Logs:
[
"full document BEFORE change = {\"_id\":\"6285a86fbf866c9d2ca4b991\",\"j\":1,\"colours\":[\"blue\",\"green\"]}",
"full document AFTER change ={\"_id\":\"6285a86fbf866c9d2ca4b991\",\"j\":1,\"colours\":[\"blue\",\"green\",\"grey\"]}"
]
/// Performed `db.arraycoll.update({j:1},{$pull:{colours:"grey"}})`
Logs:
[
"full document BEFORE change = {\"_id\":\"6285a86fbf866c9d2ca4b991\",\"j\":1,\"colours\":[\"blue\",\"green\",\"grey\"]}",
"full document AFTER change ={\"_id\":\"6285a86fbf866c9d2ca4b991\",\"j\":1,\"colours\":[\"blue\",\"green\"]}"
]
In saying so, I feel like the functionality you need is perhaps easier to implement in the application, e.g. when a change is happening, send a notification to the user right away. My thinking is, if you employ triggers/auditing, wouldn’t you need a separate process to monitor such events and fire the notification as well? If this notification is implemented in the application, this monitoring wouldn’t be required - Let me know your thoughts here.
Regards,
Jason