Database Connector

MongoDB Connector

Connect DB Audit to your MongoDB databases for comprehensive activity monitoring, operation auditing, and compliance reporting. Zero performance impact with our lightweight collector.

Native Deep Integration

Zero Agent Architecture

No software to install on your database servers

Profiler & Audit Log

Leverages native MongoDB instrumentation

<1% Performance Impact

Lightweight read-only collection

What You Can Monitor

Real-Time Operation Monitoring

Capture every CRUD operation executed against your MongoDB database with millisecond precision timestamps.

User Activity Tracking

Track all user sessions, authentication events, role assignments, and privilege escalations.

Schema Change Detection

Detect and alert on collection creation, index modifications, and database structure changes.

Data Access Patterns

Analyze query patterns to identify unusual data access, aggregation pipelines, or potential data exfiltration.

Requirements

MongoDB Version 4.0 or higher (6.0+ recommended)

Network Access TCP port 27017 (or custom port)

Authentication SCRAM-SHA-256, X.509, or LDAP

Required Roles clusterMonitor, read on admin database

Configuration Reference

Basic Connection

Field	Type	Required	Description
`name`	string	Yes	A unique name to identify this connection
`host`	string	Yes	MongoDB server hostname or replica set URI
`port`	number	Yes	MongoDB server port
`database_name`	string	Yes	Authentication database (usually admin)
`username`	string	Yes	Database username for authentication
`password`	password	Yes	Database password (stored encrypted)

SSL/TLS Configuration

Field	Type	Default	Description
`ssl_enabled`	boolean	`false`	Enable TLS/SSL encryption
`ssl_ca_cert`	string	`-`	CA certificate for server verification
`ssl_client_cert`	string	`-`	Client certificate for X.509 auth
`ssl_client_key`	password	`-`	Client private key (stored encrypted)
`ssl_allow_invalid_certificates`	boolean	`false`	Allow self-signed certificates

Log Collection

Field	Type	Default	Description
`log_collection_type`	select	`native_audit`	Method for collecting audit logs
`profiler_level`	select	`1`	Profiler level (0=off, 1=slow, 2=all)
`slow_op_threshold_ms`	number	`100`	Threshold for slow operation logging (ms)
`polling_interval`	number	`5`	Seconds between log collection polls

Log Collection Methods

DB Audit collects audit data from MongoDB using native instrumentation.

Native Audit (Profiler)

Recommended

Direct integration with MongoDB profiler and system.profile collection for comprehensive operation logging.

Real-time operation capture

Full query document logging

Aggregation pipeline tracking

Index usage analysis

Create Audit User

Create a dedicated read-only user for DB Audit. This user only needs access to read system collections and profiler data.

// Connect to MongoDB as admin
use admin

// Create a dedicated audit user with minimal privileges
db.createUser({
  user: "dbaudit_reader",
  pwd: "your_secure_password",
  roles: [
    { role: "clusterMonitor", db: "admin" },
    { role: "read", db: "admin" },
    { role: "read", db: "local" }
  ]
})

// Grant read access to each database you want to audit
use your_database
db.grantRolesToUser("dbaudit_reader", [
  { role: "read", db: "your_database" }
])

Security Best Practice

Use a strong, unique password and store it in environment variables or a secrets manager. For production, use X.509 certificate authentication.

Enable Database Profiler

The MongoDB profiler captures operations for auditing. Use level 1 for production (slow operations only) or level 2 for comprehensive logging.

Level 0

Profiler off

Level 1

Slow operations

Recommended

Level 2

All operations

// Enable profiler on each database to audit
use your_database

// Level 1: Log slow operations only (recommended for production)
db.setProfilingLevel(1, { slowms: 100 })

// Level 2: Log all operations (use with caution in production)
db.setProfilingLevel(2)

// Verify profiler status
db.getProfilingStatus()

// View recent profiled operations
db.system.profile.find().sort({ ts: -1 }).limit(10)

Note

Level 2 profiling can impact performance on high-throughput databases. Start with level 1 and a slow operation threshold of 100ms.

Configure DB Audit Collector

Add your MongoDB connection to the DB Audit configuration file. Store sensitive credentials in environment variables.

databases:
  - name: production-mongodb
    type: mongodb
    host: mongodb.example.com
    port: 27017
    database: admin  # Auth database
    username: dbaudit_reader
    password: ${MONGODB_PASSWORD}

    # SSL/TLS Configuration (recommended for production)
    ssl: true
    ssl_ca_cert: /etc/dbaudit/certs/ca.pem
    ssl_allow_invalid_hostnames: false

    # Replica Set (if applicable)
    replica_set: rs0

    # Connection settings
    connect_timeout: 10000
    server_selection_timeout: 30000

    # Monitoring options
    options:
      profiler_level: 1
      slow_op_threshold_ms: 100
      track_queries: true
      track_connections: true
      track_indexes: true

Test Connection

Verify your configuration before deploying. The collector includes built-in connection testing.

# Test connection with mongosh
mongosh "mongodb://dbaudit_reader:your_password@mongodb.example.com:27017/admin"

# Test with TLS
mongosh "mongodb://dbaudit_reader:your_password@mongodb.example.com:27017/admin" --tls --tlsCAFile ca.pem

# Verify permissions
db.runCommand({ connectionStatus: 1, showPrivileges: true })

# Verify DB Audit collector can connect
dbaudit-collector test-connections --config /etc/dbaudit/config.yaml

MongoDB Atlas Support

DB Audit fully supports MongoDB Atlas with the same connector. Use your Atlas connection string and enable database auditing in Atlas.

Atlas M10+ Clusters

Full audit log access with configurable filters. Enable "Database Auditing" in Atlas Security settings.

Atlas Serverless

Profiler-based auditing available. Use connection string with appName for identification.

Compliance Support

DB Audit's MongoDB connector helps you meet audit requirements for major compliance frameworks.

SOC 2

Access logging

HIPAA

PHI access audit

PCI DSS

Cardholder data

GDPR

Data access rights

Troubleshooting

Connection refused

Verify MongoDB is running and accepting connections. Check that the host is correct and firewall rules allow connections on port 27017.

Authentication failed

Verify username, password, and authentication database. For SCRAM-SHA-256, ensure the user was created with the correct mechanism.

TLS handshake error

Ensure the CA certificate is correct and the server certificate is valid. For self-signed certs, set ssl_allow_invalid_certificates: true.

Missing profiler data

Verify the profiler is enabled with db.getProfilingStatus(). Ensure the audit user has read access to system.profile.

Next Steps

Configure Alerts & Rules

View All Database Connectors

Forward to Your SIEM

Ready to Audit Your MongoDB Database?

Start monitoring your MongoDB databases in minutes. No agents to install on your database servers.

Start Free Trial Contact Sales