MongoDB.live, free & fully virtual. June 9th - 10th. Register Now

Get remote hostname and operating system

Hi,
In the audit-message page I see that the JSON includes only remote ip and remote port.

Is there any way to configure mongodb audit logs to include remote hostname and remote os as well?
Or any other way to get these details?

Thanks

Remote O/S and hostname are not part of the current audit information and may be less deterministic than other audit details. Reliable identification of the remote O/S relies on information provided by the client, and hostname resolution from the MongoDB server’s point of view may differ from the source’s canonical hostname.

Assuming your applications are connecting with modern drivers (updated for MongoDB 3.4+), you can find information about the remote O/S in the client metadata logged when a driver/client establishes a connection to MongoDB.

For example, a connection from the mongo shell would be logged similar to:

2020-02-27T10:03:37.510+1100 I NETWORK [conn1] received client metadata from 127.0.0.1:50319 conn2: { application: { name: “MongoDB Shell” }, driver: { name: “MongoDB Internal Client”, version: “4.2.3” }, os: { type: “Darwin”, name: “Mac OS X”, architecture: “x86_64”, version: “18.7.0” } }

If modifying your application code is a possibility, you could include hostname and other details as part of the application.name in the client metadata.

Since extracting information from logs probably isn’t ideal, I suggest you create a feature suggestion describing the desired auditing improvements on the MongoDB Feedback site. If you do submit a suggestion, please comment on this thread with a link so others can upvote & watch for updates.

Regards,
Stennie

1 Like