[TOC]

MongoDB官方文档中文版
MongoDB用户手册
MongoDB简介
- 入门
- Create an Atlas Free Tier Cluster
- 数据库和集合
- 文档
- BSON类型
- MongoDB数据库的优点
- MongoDB特点
- MongoDB历史
安装 MongoDB
- 安装MongoDB社区版
- 安装MongoDB企业版
- 将社区版MongoDB升级到企业版MongoDB
- 验证MongoDB软件包的完整性
Mongo Shell
- 配置mongo Shell
- 使用 mongo Shell帮助
- 为mongo Shell编写脚本
- mongo Shell中的数据类型
- mongo Shell 快速参考
增删改查操作
- 插入文档
  - 插入方法
- 查询文档
- 更新文档
  - 聚合管道更新
  - 更新方法
- 删除文档
  - 删除方法
- 批量写入操作
- 可重试写入
- 可重试读取
- SQL到MongoDB的映射图表
- 文本搜索
- 地理空间查询
  - 用地理空间查询查找餐馆
  - GeoJSON对象
- 读关注
- 写关注
- MongoDB CRUD 概念
聚合
- 聚合管道
- Map-Reduce
- 聚合参考
数据模式
- 数据建模介绍
- 模式验证
- Data Modeling Concepts
  - Data Model Design
  - Operational Factors and Data Models
- Data Model Examples and Patterns
- Data Model Reference
  - Database References
事务
- Drivers API
- Production Considerations
- Production Considerations (Sharded Clusters)
- 事务操作
索引
- Single Field Indexes
- Compound Indexes
- Multikey Indexes
  - 多键索引范围
- Text Indexes
  - Specify a Language for Text Index
  - Specify Name for text Index
  - Control Search Results with Weights
  - Limit the Number of Entries Scanned
- Wildcard Indexes
  - 通配符索引限制
- 2dsphere Indexes
  - 查询一个2dsphere索引
- 2d Indexes
  - Create a 2d Index
  - 查询一个“2d”索引
  - 2d Index Internals
  - Calculate Distance Using Spherical Geometry
  - 2d索引内部
  - 使用球面几何计算距离
  - 创建一个2d索引
- geoHaystack Indexes
  - Create a Haystack Index
  - 查询Haystack索引
  - 创建Haystack索引
- Hashed Indexes
- 索引特性
  - TTL索引
  - 通过设置TTL使集合中的数据过期
  - Unique Indexes
  - Partial Indexes
  - Case Insensitive Indexes
  - Hidden Indexes
  - Sparse Indexes
  - 不分大小写索引
  - 部分索引
  - Sparse索引
  - 唯一索引
- Index Builds on Populated Collections
  - 在复制集上建立索引
  - 在分片群集上建立滚动索引
- 索引交集
- Manage Indexes
- 衡量索引使用
- Indexing Strategies
  - 创建索引来支持查询
  - Use Indexes to Sort Query Results
  - 确保索引适合RAM
  - 创建以确保选择性的查询
- Indexing Reference
- 2d索引
- 2dsphere索引
- 复合索引
- geoHaystack索引
- Hashed 索引
- 在填充的集合上建立索引
- 索引参考
- 索引策略
  - 使用索引对查询结果进行排序
- 管理索引
- 多键索引
- 单字段索引
- 文本索引
  - 用权重控制搜索结果
  - 限制扫描条目的数量
  - 为文本索引指定语言
  - 指定文本索引的名称
- 通配符索引
安全
- 安全检查列表
- Enable Access Control
- 身份验证
- Role-Based Access Control
- TLS/SSL (Transport Encryption)
- Encryption at Rest
  - Configure Encryption
  - Rotate Encryption Keys
- Client-Side Field Level Encryption
- 审计
- Network and Configuration Hardening
- Implement Field Level Redaction
- Security Reference
- Create a Vulnerability Report
- Appendix
- 附录
- 启用访问控制
- 网络和配置强化
- 安全参考
改变流
- 变更流生产建议
- Change Events
复制集
- 复制集成员
- 副本集日志
- Replica Set Data Synchronization
- 副本集部署架构
  - Three Member Replica Sets
  - Replica Sets Distributed Across Two or More Data Centers
- Replica Set High Availability
  - Replica Set Elections
  - Rollbacks During Replica Set Failover
- Replica Set Read and Write Semantics
- Replica Set Deployment Tutorials
- Member Configuration Tutorials
- Replica Set Maintenance Tutorials
- Replication Reference
- 副本集数据同步
分片
- 分片集群组成]
- 片键
- 哈希分片
- 范围分片
- 部署分片集群
- 区域
- Data Partitioning with Chunks
- Balancer
  - Manage Sharded Cluster Balancer
  - Migrate Chunks in a Sharded Cluster
- Administration
- Sharding Reference
- 分片键
- Zone
管理权限
- 产品说明
- Operations Checklist
- Development Checklist
- Performance
- 配置和维护
- Data Center Awareness
- MongoDB Backup Methods
- Monitoring for MongoDB
- 开发检查表
- MogoDB 备份方法
- 操作检查表
- MongoDB性能
存储
- storage-engines
- Journaling
  - Manage Journaling
- GridFS
- 常见问题解答:MongoDB 存储
常见问题
- 常见问题解答：MongoDB基础知识
- 常见问题解答：索引
- 常见问题解答：并发
- 常见问题解答：使用MongoDB分片
- FAQ: Replication and Replica Sets
- 常见问题解答：MongoDB存储
- 常见问题解答：MongoDB诊断
- 常见问题解答：复制和副本集
参考
- Operators
  - Query and Projection Operators
  - Comparison Query Operators
    - $eq
    - $gt
    - $gte
    - $in
    - $lt
    - $lte
    - $ne
    - $nin
  - Logical Query Operators
    - $and
    - $not
    - $nor
    - $or
  - Element Query Operators
    - $exists
    - $type
  - Evaluation Query Operators
    - $expr
    - $jsonSchema
    - $mod
    - $regex
    - $text
    - $where
  - Geospatial Query Operators
    - $geoIntersects
    - $geoWithin
    - $near
    - $nearSphere
    - $box
    - $center
    - $centerSphere
    - $geometry
    - $maxDistance
    - $minDistance
    - $polygon
    - $uniqueDocs
  - Array Query Operators
    - $all
    - $elemMatch (query)
    - $size
  - Bitwise Query Operators
    - $bitsAllClear
    - $bitsAllSet
    - $bitsAnyClear
    - $bitsAnySet
  - $comment
  - 查询与映射运算符
    - $ (projection)
    - $elemMatch (projection)
    - $slice (projection)
    - 数组查询运算符
    - 按位查询运算符
    - $comment
    - 比较查询运算符
      - $lt
      - $ne
    - 元素查询运算符
    - 评估查询运算符
    - 地理空间查询运算符
    - 逻辑查询运算符
      - $and
      - $nor
      - $not
      - $or
  - 更新运算符
  - Field Update Operators
    - $currentDate
    - $inc
    - $min
    - $max
    - $mul
    - $rename
    - $set
    - $setOnInsert
    - $unset
  - Array Update Operators
    - $ (update)
    - $[]
    - $[]
    - $addToSet
    - $pop
    - $pull
    - $push
    - $pullAll
    - $each
    - $position
    - $slice
    - $sort
  - Bitwise Update Operator
    - $bit
    - 数组更新运算符
    - 按位更新运算符
    - 字段更新运算符
  - Aggregation Pipeline Stages
  - $addFields (aggregation)
  - $bucket (aggregation)
  - $bucketAuto (aggregation)
  - $collStats (aggregation)
  - $count (aggregation)
  - $currentOp (aggregation)
  - $facet (aggregation)
  - $geoNear (aggregation)
  - $graphLookup (aggregation)
  - $group (aggregation)
  - $indexStats (aggregation)
  - $limit (aggregation)
  - $listLocalSessions
  - $listSessions
  - $lookup (aggregation)
  - $match (aggregation)
  - $merge (aggregation)
  - $out (aggregation)
  - $planCacheStats
  - $project (aggregation)
  - $redact (aggregation)
  - $replaceRoot (aggregation)
  - $replaceWith (aggregation)
  - $sample (aggregation)
  - $set (aggregation)
  - $skip (aggregation)
  - $sort (aggregation)
  - $sortByCount (aggregation)
  - $unionWith (aggregation)
  - $unset (aggregation)
  - $unwind (aggregation)
  - Aggregation Pipeline Operators
  - $sin (aggregation)
  - $abs (aggregation)
  - $slice (aggregation)
  - $accumulator (aggregation)
  - $split (aggregation)
  - $acos (aggregation)
  - $sqrt (aggregation)
  - $acosh (aggregation)
  - $add (aggregation)
  - $addToSet (aggregation)
  - $allElementsTrue (aggregation)
  - $and (aggregation)
  - $anyElementTrue (aggregation)
  - $arrayElemAt (aggregation)
  - $arrayToObject (aggregation)
  - $asin (aggregation)
  - $asinh (aggregation)
  - $sum (aggregation)
  - $atan (aggregation)
  - $atan2 (aggregation)
  - $tan (aggregation)
  - $atanh (aggregation)
  - $avg (aggregation)
  - $binarySize (aggregation)
  - $bsonSize (aggregation)
  - $ceil (aggregation)
  - $toInt (aggregation)
  - $cmp (aggregation)
  - $concat (aggregation)
  - $concatArrays (aggregation)
  - $cond (aggregation)
  - $convert (aggregation)
  - $cos (aggregation)
  - $dateFromParts (aggregation)
  - $dateToParts (aggregation)
  - $type (aggregation)
  - $dateFromString (aggregation)
  - $week (aggregation)
  - $dateToString (aggregation)
  - $year (aggregation)
  - $dayOfMonth (aggregation)
  - $zip (aggregation)
  - $dayOfWeek (aggregation)
  - $dayOfYear (aggregation)
  - $degreesToRadians (aggregation)
  - $divide (aggregation)
  - $eq (aggregation)
  - $exp (aggregation)
  - $filter (aggregation)
  - $first (aggregation accumulator)
  - $first (aggregation)
  - $floor (aggregation)
  - $function (aggregation)
  - $gt (aggregation)
  - $gte (aggregation)
  - $hour (aggregation)
  - $ifNull (aggregation)
  - $in (aggregation)
  - $indexOfArray (aggregation)
  - $indexOfBytes (aggregation)
  - $indexOfCP (aggregation)
  - $isArray (aggregation)
  - $isNumber (aggregation)
  - $isoDayOfWeek (aggregation)
  - $isoWeek (aggregation)
  - $isoWeekYear (aggregation)
  - $last (aggregation accumulator)
  - $last (aggregation)
  - $let (aggregation)
  - $literal (aggregation)
  - $ln (aggregation)
  - $log (aggregation)
  - $log10 (aggregation)
  - $lt (aggregation)
  - $lte (aggregation)
  - $trim (aggregation)
  - $map (aggregation)
  - $max (aggregation)
  - $mergeObjects (aggregation)
  - $meta
  - $min (aggregation)
  - $millisecond (aggregation)
  - $minute (aggregation)
  - $mod (aggregation)
  - $month (aggregation)
  - $multiply (aggregation)
  - $ne (aggregation)
  - $not (aggregation)
  - $objectToArray (aggregation)
  - $or (aggregation)
  - $pow (aggregation)
  - $push (aggregation)
  - $radiansToDegrees (aggregation)
  - $range (aggregation)
  - $reduce (aggregation)
  - $regexFind (aggregation)
  - $regexFindAll (aggregation)
  - $regexMatch (aggregation)
  - $replaceOne (aggregation)
  - $replaceAll (aggregation)
  - $reverseArray (aggregation)
  - $round (aggregation)
  - $rtrim (aggregation)
  - $second (aggregation)
  - $setDifference (aggregation)
  - $setEquals (aggregation)
  - $setIntersection (aggregation)
  - $setIsSubset (aggregation)
  - $setUnion (aggregation)
  - $size (aggregation)
  - $slice (aggregation)
  - $split (aggregation)
  - $sqrt (aggregation)
  - $stdDevPop (aggregation)
  - $stdDevSamp (aggregation)
  - $strcasecmp (aggregation)
  - $strLenBytes (aggregation)
  - $strLenCP (aggregation)
  - $substr (aggregation)
  - $substrBytes (aggregation)
  - $substrCP (aggregation)
  - $subtract (aggregation)
  - $sum (aggregation)
  - $switch (aggregation)
  - $tan (aggregation)
  - $toBool (aggregation)
  - $toDate (aggregation)
  - $toDecimal (aggregation)
  - $toDouble(aggregation)
  - $toInt (aggregation)
  - $toLong (aggregation)
  - $toObjectId (aggregation)
  - $toString (aggregation)
  - $toLower (aggregation)
  - $toUpper (aggregation)
  - $trim (aggregation)
  - $trunc (aggregation)
  - $type (aggregation)
  - $week (aggregation)
  - $year (aggregation)
  - $zip (aggregation)
  - 查询修饰符
  - $comment
  - $explain
  - $hint
  - $max
  - $maxTimeMS
  - $min
  - $orderby
  - $query
  - $returnKey
  - $showDiskLoc
  - $natural
  - 聚合管道操作符
  - $abs (aggregation)
  - $acos (aggregation)
  - $acosh (aggregation)
  - $add (aggregation)
  - $addToSet (aggregation)
  - $and (aggregation)
  - $anyElementTrue (aggregation)
  - $arrayElemAt (aggregation)
  - $arrayToObject (aggregation)
  - $asin (aggregation)
  - $asinh (aggregation)
  - $atan (aggregation)
  - $atan2 (aggregation)
  - $atanh (aggregation)
  - $avg (aggregation)
  - $ceil (aggregation)
  - $cmp (aggregation)
  - $concat (aggregation)
  - $concatArrays (aggregation)
  - $cond (aggregation)
  - $convert (aggregation)
  - $cos (aggregation)
  - $dateFromParts (aggregation)
  - $dateFromString (aggregation)
  - $dateToParts (aggregation)
  - $dateToString (aggregation)
  - $literal (aggregation)
  - 聚合管道阶段
- 数据库命令
  - Aggregation Commands
  - aggregate
  - count
  - distinct
  - mapReduce
  - Geospatial Commands
  - geoSearch
  - Query and Write Operation Commands
  - delete
  - find
  - findAndModify
  - getLastError
  - getMore
  - insert
  - resetError
  - update
  - 查询计划缓存命令
  - planCacheClear
  - planCacheClearFilters
  - planCacheListFilters
  - planCacheSetFilter
  - 认证命令
  - authenticate
  - getnonce
  - logout
  - User Management Commands
  - createUser
  - dropAllUsersFromDatabase
  - dropUser
  - grantRolesToUser
  - revokeRolesFromUser
  - updateUser
  - usersInfo
  - Role Management Commands
  - createRole
  - dropRole
  - dropAllRolesFromDatabase
  - grantPrivilegesToRole
  - grantRolesToRole
  - invalidateUserCache
  - revokePrivilegesFromRole
  - revokeRolesFromRole
  - rolesInfo
  - updateRole
  - Replication Commands
  - applyOps
  - isMaster
  - replSetAbortPrimaryCatchUp
  - replSetFreeze
  - replSetGetConfig
  - replSetGetStatus
  - replSetInitiate
  - replSetMaintenance
  - replSetReconfig
  - replSetResizeOplog
  - replSetStepDown
  - replSetSyncFrom
  - Sharding Commands
  - addShard
  - addShardToZone
  - balancerCollectionStatus
  - balancerStart
  - balancerStatus
  - balancerStop
  - checkShardingIndex
  - clearJumboFlag
  - cleanupOrphaned
  - enableSharding
  - flushRouterConfig
  - getShardMap
  - getShardVersion
  - isdbgrid
  - listShards
  - medianKey
  - moveChunk
  - movePrimary
  - mergeChunks
  - refineCollectionShardKey
  - removeShard
  - removeShardFromZone
  - setShardVersion
  - shardCollection
  - shardingState
  - split
  - splitChunk
  - splitVector
  - unsetSharding
  - updateZoneKeyRange
  - Sessions Commands
  - abortTransaction
  - commitTransaction
  - endSessions
  - killAllSessions
  - killAllSessionsByPattern
  - killSessions
  - refreshSessions
  - startSession
  - Administration Commands
  - cloneCollectionAsCapped
  - collMod
  - compact
  - connPoolSync
  - convertToCapped
  - create
  - createIndexes
  - currentOp
  - drop
  - dropDatabase
  - dropConnections
  - dropIndexes
  - filemd5
  - fsync
  - fsyncUnlock
  - getDefaultRWConcern
  - getParameter
  - killCursors
  - killOp
  - listCollections
  - listDatabases
  - listIndexes
  - logRotate
  - reIndex
  - renameCollection
  - setFeatureCompatibilityVersion
  - setIndexCommitQuorum
  - setParameter
  - setDefaultRWConcern
  - shutdown
  - Diagnostic Commands
  - availableQueryOptions
  - buildInfo
  - collStats
  - connPoolStats
  - connectionStatus
  - cursorInfo
  - dataSize
  - dbHash
  - dbStats
  - diagLogging
  - driverOIDTest
  - explain
  - features
  - getCmdLineOpts
  - getLog
  - hostInfo
  - isSelf
  - listCommands
  - lockInfo
  - netstat
  - ping
  - profile
  - serverStatus
  - shardConnPoolStats
  - top
  - validate
  - whatsmyuri
  - 免费监控命令
  - getFreeMonitoringStatus
  - setFreeMonitoring
  - 数据库命令
  - logApplicationMessage
  - 管理命令
  - 聚合命令
  - 诊断命令
  - 地理空间命令
  - 查询和写操作命令
  - 复制命令
  - 角色管理命令
  - 会话命令
  - 分片命令
  - 用户管理命令
- mongo Shell 方法
  - Collection Methods
  - db.collection.aggregate（）
  - db.collection.bulkWrite（）
  - db.collection.copyTo（）
  - db.collection.count（）
  - db.collection.countDocuments（）
  - db.collection.estimatedDocumentCount（）
  - db.collection.createIndex（）
  - db.collection.createIndexes（）
  - db.collection.dataSize（）
  - db.collection.deleteOne（）
  - db.collection.deleteMany（）
  - db.collection.distinct（）
  - db.collection.drop（）
  - db.collection.dropIndex（）
  - db.collection.dropIndexes（）
  - db.collection.ensureIndex（）
  - db.collection.explain（）
  - db.collection.find（）
  - db.collection.findAndModify（）
  - db.collection.findOne（）
  - db.collection.findOneAndDelete（）
  - db.collection.findOneAndReplace（）
  - db.collection.findOneAndUpdate（）
  - db.collection.getIndexes（）
  - db.collection.getShardDistribution（）
  - db.collection.getShardVersion（）
  - db.collection.hideIndex()
  - db.collection.insert（）
  - db.collection.insertOne（）
  - db.collection.insertMany（）
  - db.collection.isCapped（）
  - db.collection.latencyStats（）
  - db.collection.mapReduce（）
  - db.collection.reIndex（）
  - db.collection.remove（）
  - db.collection.renameCollection（）
  - db.collection.replaceOne（）
  - db.collection.save（）
  - db.collection.stats（）
  - db.collection.storageSize（）
  - db.collection.totalIndexSize（）
  - db.collection.totalSize（）
  - db.collection.unhideIndex()
  - db.collection.update（）
  - db.collection.updateOne（）
  - db.collection.updateMany（）
  - db.collection.watch（）
  - db.collection.validate（）
  - Cursor Methods
  - cursor.addOption()
  - cursor.allowDiskUse()
  - cursor.allowPartialResults()
  - cursor.batchSize()
  - cursor.close()
  - cursor.isClosed()
  - cursor.collation()
  - cursor.comment()
  - cursor.count()
  - cursor.explain()
  - cursor.forEach()
  - cursor.hasNext()
  - cursor.hint()
  - cursor.isExhausted()
  - cursor.itcount()
  - cursor.limit()
  - cursor.map()
  - cursor.max()
  - cursor.maxTimeMS()
  - cursor.min()
  - cursor.next()
  - cursor.noCursorTimeout()
  - cursor.objsLeftInBatch()
  - cursor.pretty()
  - cursor.readConcern()
  - cursor.readPref()
  - cursor.returnKey()
  - cursor.showRecordId()
  - cursor.size()
  - cursor.skip()
  - cursor.sort()
  - cursor.tailable()
  - cursor.toArray()
  - Database Methods
  - db.adminCommand()
  - db.aggregate()
  - db.cloneDatabase()
  - db.commandHelp()
  - db.copyDatabase()
  - db.createCollection()
  - db.createView()
  - db.currentOp()
  - db.dropDatabase()
  - db.eval()
  - db.fsyncLock()
  - db.fsyncUnlock()
  - db.getCollection()
  - db.getCollectionInfos()
  - db.getCollectionNames()
  - db.getLastError()
  - db.getLastErrorObj()
  - db.getLogComponents()
  - db.getMongo()
  - db.getName()
  - db.getProfilingLevel()
  - db.getProfilingStatus()
  - db.getReplicationInfo()
  - db.getSiblingDB()
  - db.help()
  - db.hostInfo()
  - db.isMaster()
  - db.killOp()
  - db.listCommands()
  - db.logout()
  - db.printCollectionStats()
  - db.printReplicationInfo()
  - db.printShardingStatus()
  - db.printSlaveReplicationInfo()
  - db.resetError()
  - db.runCommand()
  - db.serverBuildInfo()
  - db.serverCmdLineOpts()
  - db.serverStatus()
  - db.setLogLevel()
  - db.setProfilingLevel()
  - db.shutdownServer()
  - db.stats()
  - db.version()
  - db.watch()
  - Query Plan Cache Methods
  - db.collection.getPlanCache()
  - PlanCache.clear()
  - PlanCache.clearPlansByQuery()
  - PlanCache.help()
  - PlanCache.list()
  - Bulk Operation Methods
  - db.collection.initializeOrderedBulkOp()
  - db.collection.initializeUnorderedBulkOp()
  - Bulk()
  - Bulk.execute()
  - Bulk.find()
  - Bulk.find.arrayFilters()
  - Bulk.find.collation()
  - Bulk.find.hint()
  - Bulk.find.remove()
  - Bulk.find.removeOne()
  - Bulk.find.replaceOne()
  - Bulk.find.updateOne()
  - Bulk.find.update()
  - Bulk.find.upsert()
  - Bulk.getOperations()
  - Bulk.insert()
  - Bulk.tojson()
  - Bulk.toString()
  - User Management Methods
  - db.auth()
  - db.changeUserPassword()
  - db.createUser()
  - db.dropUser()
  - db.dropAllUsers()
  - db.getUser()
  - db.getUsers()
  - db.grantRolesToUser()
  - db.removeUser()
  - db.revokeRolesFromUser()
  - db.updateUser()
  - passwordPrompt()
  - Role Management Methods
  - db.createRole()
  - db.dropRole()
  - db.dropAllRoles()
  - db.getRole()
  - db.getRoles()
  - db.grantPrivilegesToRole()
  - db.revokePrivilegesFromRole()
  - db.grantRolesToRole()
  - db.revokeRolesFromRole()
  - db.updateRole()
  - Replication Methods
  - rs.add()
  - rs.addArb()
  - rs.conf()
  - rs.freeze()
  - rs.help()
  - rs.initiate()
  - rs.printReplicationInfo()
  - rs.printSlaveReplicationInfo()
  - rs.reconfig()
  - rs.remove()
  - rs.status()
  - rs.stepDown()
  - rs.syncFrom()
  - Sharding Methods
  - sh.addShard()
  - sh.addShardTag()
  - sh.addShardToZone()
  - sh.addTagRange()
  - sh.balancerCollectionStatus()
  - sh.disableBalancing()
  - sh.enableBalancing()
  - sh.disableAutoSplit
  - sh.enableAutoSplit
  - sh.enableSharding()
  - sh.getBalancerHost()
  - sh.getBalancerState()
  - sh.removeTagRange()
  - sh.removeRangeFromZone()
  - sh.help()
  - sh.isBalancerRunning()
  - sh.moveChunk()
  - sh.removeShardTag()
  - sh.removeShardFromZone()
  - sh.setBalancerState()
  - sh.shardCollection()
  - sh.splitAt()
  - sh.splitFind()
  - sh.startBalancer()
  - sh.status()
  - sh.stopBalancer()
  - sh.waitForBalancer()
  - sh.waitForBalancerOff()
  - sh.waitForPingChange()
  - sh.updateZoneKeyRange()
  - convertShardKeyToHashed
  - Free Monitoring Methods
  - db.disableFreeMonitoring()
  - db.enableFreeMonitoring()
  - db.getFreeMonitoringStatus
  - Object Constructors and Methods
  - BulkWriteResult()
  - Date()
  - ObjectId
  - ObjectId.getTimestamp()
  - ObjectId.toString()
  - ObjectId.valueOf()
  - UUID()
  - WriteResult()
  - WriteResult.hasWriteError()
  - WriteResult.hasWriteConcernError()
  - Connection Methods
  - connect()
  - Mongo()
  - Mongo.getDB()
  - Mongo.getReadPrefMode()
  - Mongo.getReadPrefTagSet()
  - Mongo.isCausalConsistency()
  - Mongo.setCausalConsistency()
  - Mongo.setReadPref()
  - Mongo.startSession()
  - Mongo.watch()
  - Session
    - Session.abortTransaction()
    - Session.commitTransaction()
    - Session.startTransaction()
  - SessionOptions
  - Native Methods
  - cat()
  - cd()
  - copyDbpath()
  - getHostName()
  - getMemInfo()
  - hostname()
  - isInteractive()
  - listFiles()
  - load()
  - ls()
  - md5sumFile()
  - mkdir()
  - pwd()
  - quit()
  - removeFile()
  - resetDbpath()
  - sleep()
  - setVerboseShell()
  - version()
  - _isWindows()
  - _rand()
  - Client-Side Field Level Encryption Methods
  - getKeyVault()
  - KeyVault.createKey()
  - KeyVault.deleteKey()
  - KeyVault.getKey()
  - KeyVault.getKeys()
  - KeyVault.addKeyAlternateName()
  - KeyVault.removeKeyAlternateName()
  - KeyVault.getKeyByAltName()
  - getClientEncryption()
  - ClientEncryption.encrypt()
  - ClientEncryption.decrypt()
  - mongo Shell 方法
- MongoDB Package Components
  - mongod
  - mongos
  - mongo
  - mongod.exe
  - mongos.exe
  - mongodump
  - mongorestore
  - bsondump
  - mongoimport
  - mongoexport
  - mongostat
  - mongotop
  - mongoreplay
  - mongoldap
  - mongokerberos
  - mongofiles
  - install_compass
- Configuration File Options
  - Externally Sourced Configuration File Values
  - Convert Command-Line Options to YAML
  - Configuration File Settings and Command-Line Options Mapping
  - Externally Sourced Configuration File Values
- MongoDB Server Parameters
- MongoDB Limits and Thresholds
- Explain Results
- System Collections
- 连接字符串URI格式
- 排序
  - 排序区域和默认参数
- MongoDB的Wire协议
- 日志消息
- Exit Codes and Statuses
- 词汇表
- 默认的MongoDB端口
- Default MongoDB Read Concerns/Write Concerns
- 服务器会话
- Configuration File Options
- 默认的MongoDB读/写关注
- 退出代码和状态
- MongoDB Limits and Thresholds
更新说明
- Release Notes for MongoDB 4.4
- Release Notes for MongoDB 4.2
- Release Notes for MongoDB 4.0
- Release Notes for MongoDB 3.6
- Release Notes for MongoDB 3.4
- Release Notes for MongoDB 3.2
- Release Notes for MongoDB 3.0
- Release Notes for MongoDB 2.6
- Release Notes for MongoDB 2.4
- Release Notes for MongoDB 2.2
- Release Notes for MongoDB 2.0
- Release Notes for MongoDB 1.8
- Release Notes for MongoDB 1.6
- Release Notes for MongoDB 1.4
- Release Notes for MongoDB 1.2.x
- MongoDB Versioning
技术支持
- MongoDB的Scala驱动
开始使用MongoDB开发
联系我们
更多资料
本书使用 GitBook 发布

配置审计过滤器

配置审计过滤器¶

在本页

MongoDB Atlas 中的审计

MongoDB Atlas支持对所有M10和更大的集群进行审计。

Atlas支持在配置审计过滤器中指定JSON格式的审计过滤器，并使用Atlas审计过滤器构建器来简化审计配置。

要了解更多信息，请参阅Atlas文档中的设置数据库审计和配置自定义审计过滤器。

MongoDB 企业版支持审计各种操作。

启用审计功能会默认的记录所有可审计的操作，如审计事件操作，详细信息和结果。

为了能指定那些事件需要被记录，审计功能包含--auditFilter选项。

注意

从mongoDB 3.6开始，mongod and mongos默认绑定localhost。

如果你部署的实例运行在不同的主机上或者如果你希望远程客户端连接到部署实例，你必须指定--bind_ip or net.bindIp.

更多信息，请查看Localhost 绑定兼容性更改。

绑定到其他IP地址之前，请考虑启用访问控制和“安全性检查表”中的列出的其他安全措施，以防止未经授权的访问。

--auditFilter 选项¶

—auditFilter`选项采用以下查询文档的字符串的表示形式：

复制

{ <field1>: <expression1>, ... }

可以是审计消息中的任何字段，包括param文档中返回的字段。
是一个查询条件表达式。

指定一个审计过滤器，可以将过滤器文档括在单引号中使其转成字符串。

在配置文件中指定审计过滤器，必须使用配置文件的YAML格式。

例子¶

多种操作类型的过滤器¶

以下示例通过使用过滤器仅审计 createCollection 和 dropCollection操作：

复制

{ atype: { $in: ["createCollection", "dropCollection"] } }

指定一个审计过滤器，可以将过滤器文档括在单引号中使其转成字符串。

复制

mongod --dbpath data/db --auditDestination file --auditFilter '{ atype: { $in: [ "createCollection", "dropCollection" ] } }' --auditFormat BSON --auditPath data/db/auditLog.bson

包括配置所需的其他选项。例如，如果您希望远程客户端连接到您的部署，或者您的部署成员在不同的主机上运行，请指定—bind_ip参数。更多信息，请参见Localhost绑定兼容性更改。

在配置文件中指定审计过滤器，必须使用配置文件的YAML格式。

复制

storage:
   dbPath: data/db
auditLog:
   destination: file
   format: BSON
   path: data/db/auditLog.bson
   filter: '{ atype: { $in: [ "createCollection", "dropCollection" ] } }'

筛选单个数据库上的身份验证操作¶

可以包含审计消息中的任何字段。对于身份认证操作(即，atype: "authenticate")，审计消息中的 param 文档中包含 db 字段。

以下示例使用过滤器仅审计针对test数据库的身份验证操作。

复制

{ atype: "authenticate", "param.db": "test" }

指定一个审计过滤器，可以将过滤器文档括在单引号中使其转成字符串。

复制

mongod --dbpath data/db --auth --auditDestination file --auditFilter '{ atype: "authenticate", "param.db": "test" }' --auditFormat BSON --auditPath data/db/auditLog.bson

在配置文件中指定审计过滤器，必须使用配置文件的YAML格式。

复制

storage:
   dbPath: data/db
security:
   authorization: enabled
auditLog:
   destination: file
   format: BSON
   path: data/db/auditLog.bson
   filter: '{ atype: "authenticate", "param.db": "test" }'

要过滤数据库中的所有身份验证操作，请使用过滤器{ atype: "authenticate" }。

筛选单个数据库的集合创建和删除操作¶

可以包含审计消息中的任何字段。对于集合创建和删除操作(即，atype: "createCollection"和atype: "dropCollection")，审计消息中的 param 文档中包含ns 字段。

以下示例使用过滤器仅审计针对test数据库的创建集合和删除集合操作。

注意

正则表达式需要两个反斜杠(\)才能转义(.)

复制

{ atype: { $in: [ "createCollection", "dropCollection" ] }, "param.ns": /^test\\./ } }

将过滤器文档括在单引号中使其转成字符串来指定一个审计过滤器。

复制

mongod --dbpath data/db --auth --auditDestination file --auditFilter '{ atype: { $in: [ "createCollection", "dropCollection" ] }, "param.ns": /^test\\./ } }' --auditFormat BSON --auditPath data/db/auditLog.bson

包括配置所需的其他选项。例如，如果您希望远程客户端连接到您的部署，或者您的部署成员在不同的主机上运行，请指定 --bind_ip参数。更多信息，请参见Localhost绑定兼容性更改。

在配置文件中指定审计过滤器，必须使用配置文件的YAML格式。

复制

storage:
   dbPath: data/db
security:
   authorization: enabled
auditLog:
   destination: file
   format: BSON
   path: data/db/auditLog.bson
   filter: '{ atype: { $in: [ "createCollection", "dropCollection" ] }, "param.ns": /^test\\./ } }'

通过授权角色进行筛选¶

以下示例通过使用过滤器来审计test数据库上具有 readWrite角色的用户的操作，包括具有从[readWrite]继承的角色的用户：

复制

{ roles: { role: "readWrite", db: "test" } }

指定一个审计过滤器，可以将过滤器文档括在单引号中使其转成字符串。

复制

mongod --dbpath data/db --auth --auditDestination file --auditFilter '{ roles: { role: "readWrite", db: "test" } }' --auditFormat BSON --auditPath data/db/auditLog.bson

在配置文件中指定审计过滤器，必须使用配置文件的YAML格式。

复制

storage:
   dbPath: data/db
security:
   authorization: enabled
auditLog:
   destination: file
   format: BSON
   path: data/db/auditLog.bson
   filter: '{ roles: { role: "readWrite", db: "test" } }'

读写操作中的过滤器¶

要在审计中进行捕获读和写操作，必须设置审计参数使审计系统记录身份验证成功。1

注意

启用审计授权成功与仅记录授权失败相比会使性能下降更多。

下面的例子用来审计find(), insert(), remove(), update(), save()和 findAndModify()这些操作，过滤器如下：

复制

{ atype: "authCheck", "param.command": { $in: [ "find", "insert", "delete", "update", "findandmodify" ] } }

指定一个审计过滤器，可以将过滤器文档括在单引号中使其转成字符串。

复制

mongod --dbpath data/db --auth --setParameter auditAuthorizationSuccess=true --auditDestination file --auditFilter '{ atype: "authCheck", "param.command": { $in: [ "find", "insert", "delete", "update", "findandmodify"] } }' --auditFormat BSON --auditPath data/db/auditLog.bson

在配置文件中指定审计过滤器，必须使用配置文件的YAML格式。

复制

storage:
   dbPath: data/db
security:
   authorization: enabled
auditLog:
   destination: file
   format: BSON
   path: data/db/auditLog.bson
   filter: '{ atype: "authCheck", "param.command": { $in: [ "find", "insert", "delete", "update", "findandmodify" ] } }'
setParameter: { auditAuthorizationSuccess: true }

过滤集合的读写操作¶

要在审计中进行捕获读和写操作，还必须使用 auditAuthorizationSuccess 参数使审计系统能够记录授权成功。 1

注意

启用审计授权成功与仅记录授权失败相比，启用会使性能下降更多。

下面的例子用来审计在test数据库的orders集合上的find(), insert(), remove(), update(), save(), and findAndModify()操作，过滤器如下：

复制

{ atype: "authCheck", "param.ns": "test.orders", "param.command": { $in: [ "find", "insert", "delete", "update", "findandmodify" ] } }

指定一个审计过滤器，可以将过滤器文档括在单引号中使其转成字符串。

复制

mongod --dbpath data/db --auth --setParameter auditAuthorizationSuccess=true --auditDestination file --auditFilter '{ atype: "authCheck", "param.ns": "test.orders", "param.command": { $in: [ "find", "insert", "delete", "update", "findandmodify" ] } }' --auditFormat BSON --auditPath data/db/auditLog.bson

包括配置所需的其他选项。例如，如果您希望远程客户端连接到您的部署，或者您的部署成员在不同的主机上运行，请指定 --bind_ip参数。有关更多信息，请参见Localhost绑定兼容性更改。

在配置文件中指定审计过滤器，必须使用配置文件的YAML格式。

复制

storage:
   dbPath: data/db
security:
   authorization: enabled
auditLog:
   destination: file
   format: BSON
   path: data/db/auditLog.bson
   filter: '{ atype: "authCheck", "param.ns": "test.orders", "param.command": { $in: [ "find", "insert", "delete", "update", "findandmodify" ] } }'
setParameter: { auditAuthorizationSuccess: true }

也可以看看

配置审计, 审计, 系统事件审计消息

[1]（1，2）可以启用审计授权成功参数不启用 --auth; 但是所有操作将返回成功以进行授权检查。

原文链接：https://docs.mongodb.com/manual/tutorial/configure-audit-filters/

译者：谢伟成

参见

原文 - Configure Audit Filters

MongoDB 中文文档帮助手册

配置审计过滤器

配置审计过滤器

results matching ""

No results matching ""