Medium Description
Hi,
I have audit enabled in a cluster (3 nodes) running PSMDB 4.4.9-10.
Part of my mongod.conf:
systemLog: destination: file logAppend: true logRotate: reopen path: /var/log/mongodb/mongod.log auditLog: destination: file format: JSON path: /datadrive/mongodb/audit/audit.json filter: '{"$or": [{"users": [],"param.command": [{ $ne: "isMaster" }, { $ne: "ping" }] }, { "atype" : { $in: [ "authCheck", "authentication" ] }, "users.user" : /[a-zA-Z]+\\.[a-zA-Z]+/}]}'
I’m using /etc/logrotate.d/mongodb to rotate mongod.conf:
/var/log/mongodb/mongod.log { daily size 50M rotate 10 missingok compress delaycompress notifempty create 640 mongod mongod sharedscripts postrotate /bin/kill -SIGUSR1 $(cat /var/run/mongod.pid 2>/dev/null) >/dev/null 2>&1 endscript }
When MongoDB rotates the mongod.log, the audit log is also rotated.
If auditing is enabled, the logRotate command also rotates the audit log.
However, although I have logRotate: reopen specified in the mongod.conf and this mechanism is used to rotate mongod.log, for the audit log, files like audit.json.<YYYY><mm><DD>T<HH><MM><SS> are created, which suggests that MongoDB is using the rename mechanism to rotate the audit logs instead of using the same mechanism used to rotate mongod.log, the one specified in mongod.conf, as it is stated in the documentation:
If auditing is enabled, the logRotate command also rotates the audit log according to the above parameters. For example, if systemLog.logRotate is set to rename , the audit log will also be renamed.
https://docs.mongodb.com/v4.4/reference/configuration-options/#mongodb-setting-systemLog.logRotate
I opened a discussion with this same content in the Percona Community Forum and I was advised to create a ticket as this seems to be a bug https://forums.percona.com/t/audit-log-rotation-on-psmdb/13865. Can you please investigate?
Thanks in advance.
Kind regards,
João Soares