3

I'm trying to find out if CosmosDB has any built-in functionality that can be used as an audit log, i.e. one of the existing Azure diagnostic/monitoring functionality logs out specific changes to the database, including the JSON data written.

Does this exist, or will I have to write my own?

The closest I have found so far is the diagnostic logging, which includes a lot of information but not what was actually written, changed or deleted.

dlanod
  • 8,664
  • 8
  • 54
  • 96

1 Answers1

2

Based on the official doc , Diagnostic logging in the azure cosmos db you mentioned could log DataPlaneRequests,MongoRequests,Metric Requests.However, there is no such information indicates specific changes to the database,collection,documents etc.

So,I suggest you to dig deeper into the change feed in azure cosmos db.It is built in inside Azure Cosmos DB, allowing us to catch all the changes that were done on our collection without taking into account what system have done the change.You could read the change feed in three different ways:

1.Using Azure Functions

Please create Azure Cosmos DB trigger in an Azure Functions app, you select the Azure Cosmos DB collection to connect to, and the function is triggered whenever a change to the collection is made.

enter image description here

2.Using the Azure Cosmos DB SDK

foreach (PartitionKeyRange pkRange in partitionKeyRanges){
    string continuation = null;
    checkpoints.TryGetValue(pkRange.Id, out continuation);
    IDocumentQuery<Document> query = client.CreateDocumentChangeFeedQuery(
        collectionUri,
        new ChangeFeedOptions
        {
            PartitionKeyRangeId = pkRange.Id,
            StartFromBeginning = true,
            RequestContinuation = continuation,
            MaxItemCount = -1,
            // Set reading time: only show change feed results modified since StartTime
            StartTime = DateTime.Now - TimeSpan.FromSeconds(30)
        });
    while (query.HasMoreResults)
        {
            FeedResponse<dynamic> readChangesResponse = query.ExecuteNextAsync<dynamic>().Result;

            foreach (dynamic changedDocument in readChangesResponse)
                {
                     Console.WriteLine("document: {0}", changedDocument);
                }
            checkpoints[pkRange.Id] = readChangesResponse.ResponseContinuation;
        }
}

3.Using the Azure Cosmos DB change feed processor library

Hope it helps you.

Jay Gong
  • 23,163
  • 2
  • 27
  • 32
  • But be careful as the change feed does not handle Delete request https://learn.microsoft.com/en-us/azure/cosmos-db/change-feed "You can read the change feed as far back as the origin of your container but if an item is deleted, it will be removed from the change feed." – Riccardo Jun 12 '20 at 08:41