# MongoDB Logs

## Overview

**Evidence:** MongoDB Logs\
**Description:** Collect MongoDB Logs\
**Category:** Applications\
**Platform:** linux\
**Short Name:** mngl\
**Is Parsed:** No\
**Sent to Investigation Hub:** No\
**Collect File(s):** Yes

## Background

MongoDB database logs on Linux record database operations, queries, connections, authentication attempts, and errors. These logs are essential for tracking NoSQL database activities and security events.

## Data Collected

This collector gathers structured data about mongodb logs.

## Collection Method

This collector gathers MongoDB logs from /var/log/mongodb, which contains operational logs including queries, connections, and administrative operations.

## Forensic Value

MongoDB logs are valuable for investigating NoSQL injection attacks, unauthorized data access, data breaches, authentication failures, and database enumeration. They reveal query patterns and connection sources indicating compromise.