MongoDB Logs
Overview
Section titled “Overview”Evidence: MongoDB Logs
Description: Collect MongoDB Logs
Category: Applications
Platform: linux
Short Name: mngl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”MongoDB database logs on Linux record database operations, queries, connections, authentication attempts, and errors. These logs are essential for tracking NoSQL database activities and security events.
Data Collected
Section titled “Data Collected”This collector gathers structured data about mongodb logs.
Collection Method
Section titled “Collection Method”This collector gathers MongoDB logs from /var/log/mongodb, which contains operational logs including queries, connections, and administrative operations.
Forensic Value
Section titled “Forensic Value”MongoDB logs are valuable for investigating NoSQL injection attacks, unauthorized data access, data breaches, authentication failures, and database enumeration. They reveal query patterns and connection sources indicating compromise.