Export Logs to AWS S3 Buckets

In Atlas, go to the Project Settings page.

1. If it's not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

2. If it's not already displayed, select your desired project from the Projects menu in the navigation bar.

3. In the sidebar, click Project Settings.

The Project Settings page displays.

In Atlas, go to the Project Integrations page.

Click the Integrations tab.

The Project Integrations page displays.

Click Configure on the AWS S3 Log Monitoring card.

Grant Atlas access to your AWS account.

1. From the Authorize an AWS IAM Role dropdown, select your ARN. To add an ARN, see Set Up Unified AWS Access.

2. Click Next.

Connect Atlas to your AWS S3 bucket.

1. In the Bucket Name field, enter the name of your S3 bucket as it appears in your AWS account.

2. In the Prefix field, enter a directory name to organize the contents of your S3 bucket. For example, entering logs/ creates a logs directory in your S3 bucket to store the exported logs.

3. Under Log Type, select the types of logs you want to export.

   • MongoDB Logs (mongodb.gz) Diagnostic logs written by each mongod server process. They record server startup and shutdown, configuration, connections, slow queries, replication, sharding activity, and other operational events.

   • MongoDB Audit Logs (mongodb-audit-log.gz) Auditing logs emitted by mongod that track system event actions such as authentication attempts, authorization checks, role changes, and other security-relevant operations. These logs are separate from the main MongoDB log.

   • MongoDB Router Logs (mongos.gz) Diagnostic logs written by each mongos router process in a sharded cluster. They capture router-specific behavior such as routing of queries to shards, sharding metadata refreshes, and general process diagnostics.

   • MongoDB Router Audit Logs (mongos-audit-log.gz) Auditing logs emitted by mongos router processes, recording the same kinds of audited system events but from the router's perspective in a sharded deployment.

   To learn more, see View and Download MongoDB Logs.

4. (Optional) If you want to encrypt the logs in your S3 bucket, enter your AWS Key Management Service (KMS) key ARN in the KMS Key field. To learn more, see Manage Customer Keys with AWS KMS.

5. Click Next.

Assign an access policy to your AWS IAM role.

1. Click to copy the access policy generated by Atlas and save it locally with the file name: AtlasS3LogExportPolicy.

2. Click to copy the CLI command generated by Atlas, then run the command in your terminal to attach the access policy to your AWS IAM role.

3. Click Validate to confirm your configuration and credentials are correct before enabling the export.

Click Finish.

In Atlas, go to the Project Alerts page.

1. If it's not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

2. If it's not already displayed, select your desired project from the Projects menu in the navigation bar.

3. Click the Alerts icon in the navigation bar.

4. Click Alerts under the Project header.

The Project Alerts page displays.

Click Add New Alert.

Select the condition that triggers the alert.

In the Condition/Metric dropdown menu, select Log export is unable to export logs on this host.

Select the recipient, notification method, and frequency of the alert.

1. In the Add Notification Method section, select from the list of roles.

2. In the Add Notifier dropdown menu, select from the options described in the following table.

   Notification Option	Description
   Atlas Project	Sends the alert by email or text message to users with specific roles in the Project. Atlas Project is the default alert recipient. You can configure the roles the alert is sent to and how it's delivered. You can't add a second Atlas Project as the recipient. Atlas Project is available as an option in the Add list only if it is not currently in the recipients list. Select the Project roles that should receive the alerts from the Select Role(s) check boxes or select All Roles for all users in the Project to receive the alert. Select SMS to send these alerts to the mobile number configured for each Atlas Project user in their Account page. Select Email to send these alerts to the email address configured for each Atlas Project user in their Account page. Email is checked by default.
   Atlas Organization	Sends the alert by email or text message to users with specific roles in the Organization. Select the Organization roles that should receive the alerts from the Select Role(s) check boxes or select All Roles for all users in the Organization to receive the alert. Select SMS to send these alerts to the mobile number configured for each Atlas Organization user in Account page. Select Email to send these alerts to the email address configured for each Atlas Organization user in Account page. Email is checked by default.
   Atlas User	Sends the alert by email or text message to a specified Atlas user. Select SMS to send these alerts to the mobile number configured for the Atlas user in their Account page. Select Email to send these alerts to the email address configured for the Atlas user in their Account page. Email is checked by default.
   Email	Sends the alert to an email address.
   SMS	Sends the alert to a mobile number. Atlas removes all punctuation and letters and uses only the digits. If you are outside of the United States or Canada, include 011 and the country code because Atlas uses the U.S.-based Twilio to send text messages. As an alternative to your non-U.S. telephone number, use a Google Voice telephone number. For example, enter 01164 before the phone number to send the alert to a New Zealand mobile number.
   Slack	Sends the alert to a Slack channel. Enter the channel name and either an API token or a Bot token. To create an API token, see the https://api.slack.com/web page in your Slack account. To learn more about Bot users in Slack, see https://api.slack.com/bot-users. After you create a notification which requires an API or integration key, the key appears partially redacted when you: View or edit the alert through the Atlas UI. Query the alert for the notification through the Atlas Administration API.
   PagerDuty	Sends the alert to a PagerDuty account. Enter only the PagerDuty service key. Define escalation rules and alert assignments directly in PagerDuty. Users can acknowledge PagerDuty alerts only from the PagerDuty dashboard. All new PagerDuty keys use their Events API v2. If you have an Events API v1 key, you can continue to use that key with Atlas. After you create a notification which requires an API or integration key, the key appears partially redacted when you: View or edit the alert through the Atlas UI. Query the alert for the notification through the Atlas Administration API.
   Datadog	Sends the alert to a Datadog account as a Datadog event. When the alert is first opened, Atlas sends the alert as an "error" event. Subsequent updates are sent as "info" events. When the alert is closed, Atlas sends a "success" event. Enter your DataDog API key under API Key and click Validate Datadog API Key. Enter your API region. Atlas supports the following Datadog regions in the Atlas UI: US1 US3 US5 EU1 AP1 Datadog uses US1 by default. To learn more about Datadog's regions, see Datadog Sites. After you create a notification which requires an API or integration key, the key appears partially redacted when you: View or edit the alert through the Atlas UI. Query the alert for the notification through the Atlas Administration API. (Optional) To enable database metrics tracking, toggle Send Database Metrics to On. (Optional) To enable collection latency metrics tracking, toggle Send Collection Latency Metrics to On. (Optional) To enable query shape metrics tracking, toggle Send Query Shape Metrics to On. Click Save.
   VictorOps	Sends the alert to a VictorOps account. Enter the alphanumeric API key from VictorOps to integrate the VictorOps endpoint for alerts. Add dashes to the API key so it matches the format xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. For example, 489f7he7-790b-9896-a8cf-j4757def1161. Enter an optional routing key to route alerts to a specific VictorOps group. Click Post Test Alert to test the VictorOps configuration. Define escalation and routing rules directly in VictorOps. This option is available only for alerts that require acknowledgement. You can receive informational alerts from this third-party monitoring service in Atlas. However, you must resolve these alerts within the external service. Acknowledge VictorOps alerts from the VictorOps dashboard. After you create a notification which requires an API or integration key, the key appears partially redacted when you: View or edit the alert through the Atlas UI. Query the alert for the notification through the Atlas Administration API.
   Opsgenie	Sends the alert to an Opsgenie account. Enter only the Opsgenie API key. Define escalation rules and alert assignments directly in Opsgenie. This option is available only for alerts that require acknowledgement. You can receive informational alerts from this third-party monitoring service in Atlas. However, you must resolve these alerts within the external service. Acknowledge Opsgenie alerts from the Opsgenie dashboard. After you create a notification which requires an API or integration key, the key appears partially redacted when you: View or edit the alert through the Atlas UI. Query the alert for the notification through the Atlas Administration API.
   Microsoft Teams	Sends the alert to a Microsoft Teams channel as an Adaptive Card. To send alert notifications to a Microsoft Teams channel, you must create a Microsoft Teams incoming webhook. After creating the webhook, you can use the automatically generated URL to configure your Microsoft Teams integration in Atlas. To setup the integration, see Integrate with Microsoft Teams. When you view or edit the alert for a Microsoft Teams notification, the URL appears partially redacted.
   Webhook	Sends an HTTP POST request to an endpoint for programmatic processing. The request body contains a JSON document that uses the same format as the Atlas Administration API Alerts resource. This option is available only if you have configured Webhook settings on the Integrations page. When you view or edit the alert for a webhook notification, the URL appears partially redacted, and the secret appears completely redacted. In the Webhook URL field, specify the target URL for webhook-based alerts. (Optional) If you set up your Webhook integration with a secret, in the Webhook Secret field, specify the authentication secret for webhook-based alerts.

3. In the Recurrence section, set the alert to trigger when the log export failure condition lasts longer than 60 minutes and to resend every 10080 minutes (7 days) until the issue is resolved.

   This way, you will be notified if log export failures persist for an extended period, while avoiding excessive notifications for transient issues.

Click Save.

For more details on configuring alerts, see Configure an Alert.