Couchbase Connector
Connect DB Audit to your Couchbase clusters for comprehensive N1QL query monitoring, authentication tracking, and compliance reporting with native audit event integration.
Audit Log Native
Direct integration with Couchbase audit
Cluster Aware
Monitors all nodes automatically
<1% Performance Impact
Async log collection
What You Can Monitor
N1QL Query Monitoring
Track all N1QL queries with full query text, execution plans, and timing information.
Authentication Events
Monitor all authentication attempts, RBAC changes, and session management across nodes.
Bucket Operations
Detect and alert on bucket creation, configuration changes, and document operations.
Cluster Activity
Monitor administrative operations, rebalancing, failover, and cluster configuration changes.
Requirements
Configuration Reference
Basic Connection
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | A unique name to identify this connection |
hosts | array | Yes | List of Couchbase node hostnames or IPs |
port | number | Yes | Couchbase REST API port |
bucket | string | No | Default bucket to connect to |
username | string | Yes | Couchbase username for authentication |
password | password | Yes | Couchbase password (stored encrypted) |
TLS Configuration
| Field | Type | Default | Description |
|---|---|---|---|
ssl_enabled | boolean | true | Enable TLS encryption |
ssl_ca_cert | string | - | CA certificate for server verification |
ssl_verify | boolean | true | Verify server certificate |
Log Collection
| Field | Type | Default | Description |
|---|---|---|---|
log_collection_type | select | native_audit | Method for collecting audit logs |
audit_log_path | string | - | Path to audit log files (if using file-based collection) |
polling_interval | number | 10 | Seconds between log collection polls |
Log Collection Methods
DB Audit supports multiple methods for collecting audit data from Couchbase.
Native Audit Events
RecommendedCollect events from Couchbase's built-in audit logging system for comprehensive activity tracking.
REST API Polling
Poll Couchbase REST APIs for cluster statistics and operational metrics.
Create Audit User
Create a dedicated read-only user for DB Audit with minimal RBAC permissions.
# Create a dedicated audit user via Couchbase CLI
# Connect to the cluster admin interface
# Create the audit reader user with minimal permissions
couchbase-cli user-manage \
--cluster couchbase://localhost \
--username admin \
--password admin_password \
--set \
--rbac-username dbaudit_reader \
--rbac-password your_secure_password \
--roles ro_admin,external_stats_reader \
--auth-domain local
# Or via REST API:
curl -X PUT -u admin:admin_password \
http://localhost:8091/settings/rbac/users/local/dbaudit_reader \
-d password=your_secure_password \
-d roles=ro_admin,external_stats_reader
# Verify user was created
couchbase-cli user-manage \
--cluster couchbase://localhost \
--username admin \
--password admin_password \
--listEnable Audit Logging
Configure Couchbase's built-in audit logging to capture security and operational events.
# Enable audit logging via REST API
curl -X POST -u admin:admin_password \
http://localhost:8091/settings/audit \
-d auditdEnabled=true \
-d rotateInterval=86400 \
-d rotateSize=20971520
# Configure which events to audit
curl -X POST -u admin:admin_password \
http://localhost:8091/settings/audit \
-d 'disabled=' \
-d 'descriptors=8243,8255,8257,20480,20481,20482,20483,20484,20485,20489,20490,20491'
# Event categories to enable:
# 8243 - Login success
# 8255 - Login failure
# 8257 - Audit configuration changes
# 20480 - Bucket select
# 20481 - Bucket create
# 20482 - Bucket delete
# 20483 - Bucket flush
# 20484 - Bucket settings
# 20485 - Bucket item read
# 20489 - N1QL SELECT
# 20490 - N1QL DML
# 20491 - N1QL DDL
# Check audit status
curl -u admin:admin_password \
http://localhost:8091/settings/auditConfigure DB Audit Collector
Add your Couchbase cluster to the DB Audit configuration.
databases:
- name: production-couchbase
type: couchbase
hosts:
- cb-node1.example.com
- cb-node2.example.com
- cb-node3.example.com
port: 8091
username: dbaudit_reader
password: ${COUCHBASE_PASSWORD}
# TLS Configuration
ssl:
enabled: true
ca_cert: /etc/dbaudit/certs/ca.pem
verify: true
# Connection settings
connect_timeout: 10
request_timeout: 30
# Monitoring options
options:
track_queries: true
track_auth_events: true
track_bucket_ops: true
track_admin_events: trueTest Connection
Verify your configuration before deploying.
# Test connection with Couchbase CLI
couchbase-cli server-info \
--cluster couchbase://cb-node1.example.com \
--username dbaudit_reader \
--password your_password
# Test REST API access
curl -u dbaudit_reader:your_password \
http://cb-node1.example.com:8091/pools/default
# Check audit log settings
curl -u dbaudit_reader:your_password \
http://cb-node1.example.com:8091/settings/audit
# View recent audit events (if audit log is accessible)
tail -f /opt/couchbase/var/lib/couchbase/logs/audit.log
# Verify DB Audit collector can connect
dbaudit-collector test-connections --config /etc/dbaudit/config.yamlCompliance Support
DB Audit's Couchbase connector helps you meet audit requirements for major compliance frameworks.
Troubleshooting
Authentication failed
Verify username and password are correct. Ensure the user exists in the local auth domain and has the required roles.
Permission denied
Check that the audit user has ro_admin and external_stats_reader roles assigned.
Cannot connect to cluster
Verify that port 8091 is accessible and not blocked by firewalls. Check cluster health and ensure at least one node is reachable.
Ready to Audit Your Couchbase Cluster?
Start monitoring your Couchbase databases in minutes with native audit logging integration.