MongoDB Logs

Overview

Evidence: MongoDB Logs Description: Collect MongoDB Logs Category: Applications Platform: linux Short Name: mngl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

MongoDB database logs on Linux record database operations, queries, connections, authentication attempts, and errors. These logs are essential for tracking NoSQL database activities and security events.

Data Collected

This collector gathers structured data about mongodb logs.

Collection Method

This collector gathers MongoDB logs from /var/log/mongodb, which contains operational logs including queries, connections, and administrative operations.

Forensic Value

MongoDB logs are valuable for investigating NoSQL injection attacks, unauthorized data access, data breaches, authentication failures, and database enumeration. They reveal query patterns and connection sources indicating compromise.