Atlas parses the MongoDB database logs to collect a list of authentication requests made against your clusters through the following methods:
Authentication requests made with API Keys through the Atlas Administration API are not logged.
Atlas logs the following information for each authentication request within the last 7 days:
The date and time of the authentication request.
The username associated with the database user who made the authentication request.
For LDAP usernames, the UI displays the resolved LDAP name. Hover over the name to see the full LDAP username.
The IP address of the machine that sent the authentication request.
The target server that processed the authentication request.
The database that the authentication request was made against.
The success or failure of the authentication request. A reason code is displayed for the failed authentication requests.
Authentication requests are pre-sorted by descending timestamp with 25 entries per page.
If a cluster experiences an activity spike and generates an extremely large quantity of log messages, Atlas may stop collecting and storing new logs for a period of time.
Log analysis rate limits apply only to the Performance Advisor UI, the Query Profiler UI, the Access Tracking UI, and the Atlas Search Query Analytics UI. Downloadable log files are always complete.
If authentication requests occur during a period when logs are not collected, they will not appear in the database access history.