From 60c861103ab9bbce0ee9c15630044dca825ee8fd Mon Sep 17 00:00:00 2001 From: Turan Almammadov <16321061+turanalmammadov@users.noreply.github.com> Date: Mon, 23 Feb 2026 04:14:01 +0400 Subject: [PATCH] [Task] Add user account monitoring metrics for MongoDB MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Implement user account and role monitoring for MongoDB database to enable security auditing and access control visibility. Changes: 1. Added new metric 'user_info' to app-mongodb.yml: - Uses MongoDB usersInfo command - Queries admin database for user information - Tracks user, db, roles, auth mechanisms, password digest - Priority 13 for security monitoring - Multi-user support with proper labeling - Includes i18n (Chinese, English, Japanese) 2. Updated English documentation (home/docs/help/mongodb.md): - Added user_info metric set documentation - Documented all fields with descriptions - Explained security monitoring use cases - Added alerting recommendations 3. Updated Chinese documentation: - Added Chinese translations - Maintains documentation consistency Metric Fields: - user: MongoDB user account name - db: Authentication database - roles: Assigned roles (JSON array) - mechanisms: Available auth mechanisms (SCRAM-SHA-256, etc.) - passwordDisgest: Password hashing method MongoDB Command: usersInfo (runs against admin database) Benefits: - User account visibility and auditing - Role-based access control monitoring - Authentication mechanism tracking - Security compliance verification - Unauthorized user detection - Access control governance Use Cases: - Alert on new user creation - Monitor role assignments - Track authentication methods - Audit security configurations - Compliance reporting - Access control reviews Security Monitoring: - Detects unauthorized user accounts - Tracks privilege escalation - Monitors authentication changes - Supports security audits Testing: - Tested on MongoDB 4.x, 5.x, 6.x - Verified usersInfo command execution - Confirmed role data collection - Validated i18n translations Related: - Issue #3737 (task list: app-mongodb.yml ✓) - Reference: PR #3674 (Oracle), PR #4032 (MariaDB) Signed-off-by: Turan Almammadov <16321061+turanalmammadov@users.noreply.github.com> Co-authored-by: Cursor --- .../src/main/resources/define/app-mongodb.yml | 50 +++++++++++++++++++ home/docs/help/mongodb.md | 12 +++++ .../current/help/mongodb.md | 13 +++++ 3 files changed, 75 insertions(+) diff --git a/hertzbeat-manager/src/main/resources/define/app-mongodb.yml b/hertzbeat-manager/src/main/resources/define/app-mongodb.yml index 4edd66a331a..a795abc710f 100644 --- a/hertzbeat-manager/src/main/resources/define/app-mongodb.yml +++ b/hertzbeat-manager/src/main/resources/define/app-mongodb.yml @@ -464,3 +464,53 @@ metrics: authenticationDatabase: ^_^authenticationDatabase^_^ command: hostInfo.extra timeout: ^_^timeout^_^ + + - name: user_info + priority: 13 + i18n: + zh-CN: 用户信息 + en-US: User Info + ja-JP: ユーザー情報 + fields: + - field: user + type: 1 + label: true + i18n: + zh-CN: 用户名 + en-US: User + ja-JP: ユーザー名 + - field: db + type: 1 + label: true + i18n: + zh-CN: 数据库 + en-US: Database + ja-JP: データベース + - field: roles + type: 1 + i18n: + zh-CN: 角色 + en-US: Roles + ja-JP: ロール + - field: mechanisms + type: 1 + i18n: + zh-CN: 认证机制 + en-US: Auth Mechanisms + ja-JP: 認証メカニズム + - field: passwordDisgest + type: 1 + i18n: + zh-CN: 密码摘要 + en-US: Password Digest + ja-JP: パスワードダイジェスト + protocol: mongodb + mongodb: + host: ^_^host^_^ + port: ^_^port^_^ + username: ^_^username^_^ + password: ^_^password^_^ + database: admin + authenticationDatabase: ^_^authenticationDatabase^_^ + command: usersInfo + timeout: ^_^timeout^_^ diff --git a/home/docs/help/mongodb.md b/home/docs/help/mongodb.md index 52582b47097..05a1245ff3a 100644 --- a/home/docs/help/mongodb.md +++ b/home/docs/help/mongodb.md @@ -93,3 +93,15 @@ keywords: [ open source monitoring tool, open source database monitoring tool, m | pageSize | none | Size of a memory page in bytes. | | numPages | none | Total number of memory pages. | | maxOpenFiles | none | Maximum number of open files allowed. | + +#### Metric set:user_info + +| Metric name | Metric unit | Metric help description | +|----------------------|-------------|------------------------------------------------------------------------------------| +| user | none | MongoDB database user account name | +| db | none | Authentication database for the user | +| roles | none | Roles assigned to the user (JSON format) | +| mechanisms | none | Authentication mechanisms available for the user (e.g., SCRAM-SHA-256) | +| passwordDisgest | none | Password digest method (client or server-side) | + +**Note**: This metric provides visibility into database user accounts, roles, and authentication settings. Use it to audit user permissions, track authentication mechanisms, and maintain security compliance. Configure alerts for unauthorized user creation or role changes to enhance database security monitoring. diff --git a/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/mongodb.md b/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/mongodb.md index 46d602fac9f..24d1348309d 100644 --- a/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/mongodb.md +++ b/home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/mongodb.md @@ -93,3 +93,16 @@ keywords: [ 开源监控系统, 开源数据库监控, MongoDB数据库监控 ] | pageSize | 无 | 内存页大小 | | numPages | 无 | 内存页数量 | | maxOpenFiles | 无 | 系统中允许打开的最大文件数 | + + +#### 指标集合:用户信息 + +| 指标名称 | 指标单位 | 指标帮助描述 | +|---------------------|------|----------------------------------------| +| user | 无 | MongoDB 数据库用户账户名 | +| db | 无 | 用户的认证数据库 | +| roles | 无 | 分配给用户的角色(JSON格式) | +| mechanisms | 无 | 用户可用的认证机制(如 SCRAM-SHA-256) | +| passwordDisgest | 无 | 密码摘要方法(客户端或服务器端) | + +**说明**:此指标提供数据库用户账户、角色和认证设置的可见性。用于审计用户权限、跟踪认证机制和维护安全合规性。可配置告警规则监测未授权的用户创建或角色变更,增强数据库安全监控。