Docs Menu
Docs Home
MongoDB Manual
/ / /


On this page

  • Definition
  • Syntax
  • Behavior
  • Examples

New in version 5.0.

getAuditConfig is an administrative command that retrieves audit configurations from mongod and mongos server instances.

The command has the following syntax:

getAuditConfig: 1

Auditing must be enabled in order to use getAuditConfig.

Nodes that are not participating in a runtime audit configuration return their current configuration file settings for auditLog.filter and setParameter.auditAuthorizationSuccess.

Nodes that are participating in the runtime audit synthesize their current configuration from memory. Configuration updates are distributed via the oplog mechanism which means updates on mongod nodes are distributed to secondary nodes very quickly. However, the distribution mechanism is different on mongos nodes. mongos nodes have to poll the primary server at regular intervals for configuration updates. You may see stale data due to polling delay if you run setAuditConfig on the primary server and getAuditConfig on a shard before the shard has polled the primary server for updated configuration details.


If you are writing automated audit scripts, note that the quoting style and the types used to represent the cluster signature differ between mongosh and the legacy mongo shell. In mongosh the types are Binary and Long. The corresponding types in the legacy shell are BinData and NumberLong.

// mongosh
signature: {
hash: Binary(Buffer.from("0000000000000000000000000000000000000000", "hex"), 0),
keyId: Long("0")
// mongo
"signature" : {
"keyId" : NumberLong(0)

Run getAuditConfig on the admin database .

db.adminCommand({getAuditConfig: 1})

The example server is configured to audit read and write operations. It has a filter which captures the desired operations and the auditAuthorizationSuccess value has been set to true.

generation: ObjectId("60e73e74680a655705f16525"),
filter: {
atype: 'authCheck',
'param.command': {
'$in': [ 'find', 'insert', 'delete', 'update', 'findandmodify' ]
auditAuthorizationSuccess: true,
ok: 1,
'$clusterTime': {
clusterTime: Timestamp(1, 1625767540),
signature: {
hash: Binary(Buffer.from("0000000000000000000000000000000000000000", "hex"), 0),
keyId: Long("0")
operationTime: Timestamp(1, 1625767540)


See also:

← fsyncUnlock