Master MongoDB Config: System Log, Network, Security & More
This article provides a comprehensive overview of MongoDB's configuration file, detailing system log options, process management, network settings, security parameters, storage engine configurations, slow query profiling, replication, sharding, and mongos-specific settings, with explanations of each option and recommended defaults.
MongoDB Configuration File Explanation
System Log Configuration
<code>systemLog:
verbosity: <int>
quiet: <boolean>
traceAllExceptions: <boolean>
syslogFacility: <string>
path: <string>
logAppend: <boolean>
logRotate: <string>
destination: <string>
timeStampFormat: <string>
component:
accessControl:
verbosity: <int>
command:
verbosity: <int>
</code>verbosity : Log level, default 0, range 1‑5.
quiet : Suppress log output; not recommended for production.
traceAllExceptions : Print detailed exception information for troubleshooting.
syslogFacility : Default "user"; logs are sent to syslog facility; requires --syslog option.
path : Specifies log file location.
logAppend : When true, logs are appended after restart; default false creates new file each start.
logRotate : Log rotation method, default "rename". Can set "reopen" with logAppend=true.
destination : Output method, file or syslog.
timeStampFormat : Timestamp format, default local (iso8601-local); options iso8601-utc, ctime.
Process Management
<code>processManagement:
fork: <boolean>
pidFilePath: <string>
</code>fork : Run as daemon.
pidFilePath : Location of PID file.
Network Options
<code>net:
port: <int>
bindIp: <string>
maxIncomingConnections: <int>
wireObjectCheck: <boolean>
ipv6: <boolean>
unixDomainSocket:
enabled: <boolean>
pathPrefix: <string>
filePermissions: <int>
http:
enabled: <boolean>
JSONPEnabled: <boolean>
RESTInterfaceEnabled: <boolean>
ssl:
sslOnNormalPorts: <boolean> # deprecated since 2.6
mode: <string>
PEMKeyFile: <string>
PEMKeyPassword: <string>
clusterFile: <string>
clusterPassword: <string>
CAFile: <string>
CRLFile: <string>
allowConnectionsWithoutCertificates: <boolean>
allowInvalidCertificates: <boolean>
allowInvalidHostnames: <boolean>
disabledProtocols: <string>
FIPSMode: <boolean>
compression:
compressors: <string>
</code>net.port : Listening port.
net.bindIp : IP address to bind.
net.maxIncomingConnections : Maximum concurrent connections, default 65535.
net.wireObjectCheck : Validate incoming BSON, default true.
net.ipv6 : Enable IPv6, default false.
net.unixDomainSocket.enabled : Enable Unix domain socket, default true.
net.unixDomainSocket.pathPrefix : Socket file path, default /tmp.
net.unixDomainSocket.filePermissions : Permissions for socket file, default 0700.
net.http.enabled : HTTP interface, default false (deprecated since 3.2).
net.http.JSONPEnabled and net.http.RESTInterfaceEnabled : Deprecated JSONP and REST API options.
net.ssl : SSL configuration parameters.
net.compression.compressors : Enable network compression.
Security Settings
<code>security:
keyFile: <string>
clusterAuthMode: <string>
authorization: <string>
transitionToAuth: <boolean>
javascriptEnabled: <boolean>
redactClientLogData: <boolean>
sasl:
hostName: <string>
serviceName: <string>
saslauthdSocketPath: <string>
enableEncryption: <boolean>
encryptionCipherMode: <string>
encryptionKeyFile: <string>
kmip:
keyIdentifier: <string>
rotateMasterKey: <boolean>
serverName: <string>
port: <string>
clientCertificateFile: <string>
clientCertificatePassword: <string>
serverCAFile: <string>
ldap:
servers: <string>
bind:
method: <string>
saslMechanism: <string>
queryUser: <string>
queryPassword: <string>
useOSDefaults: <boolean>
transportSecurity: <string>
timeoutMS: <int>
userToDNMapping: <string>
authz:
queryTemplate: <string>
</code>security.authorization : Default "disable"; enables role‑based access control when set.
Storage Configuration
<code>storage:
dbPath: <string>
indexBuildRetry: <boolean>
repairPath: <string>
journal:
enabled: <boolean>
commitIntervalMs: <num>
directoryPerDB: <boolean>
syncPeriodSecs: <int>
engine: <string>
mmapv1:
preallocDataFiles: <boolean>
nsSize: <int>
quota:
enforced: <boolean>
maxFilesPerDB: <int>
smallFiles: <boolean>
journal:
debugFlags: <int>
commitIntervalMs: <num>
wiredTiger:
engineConfig:
cacheSizeGB: <number>
journalCompressor: <string>
directoryForIndexes: <boolean>
collectionConfig:
blockCompressor: <string>
indexConfig:
prefixCompression: <boolean>
inMemory:
engineConfig:
inMemorySizeGB: <number>
</code>storage.dbPath : Path for data files.
storage.indexBuildRetry : Rebuild incomplete indexes on startup; default true.
storage.repairPath : Temporary path for --repair; removed after use.
storage.journal.enabled : Enable journaling; default true on 64‑bit.
storage.journal.commitIntervalMs : Max time between journal writes, default 100 ms.
storage.directoryPerDB : Store each database in its own directory when true.
storage.syncPeriodSecs : Interval for syncing data to disk; default 60 s, 0 disables syncing.
storage.engine : Storage engine, default "wiredTiger".
storage.mmapv1.preallocDataFiles : Pre‑allocate data files; default true.
storage.mmapv1.nsSize : Namespace file size, default 16 MB.
storage.mmapv1.quota.enforced : Enforce per‑database file count limit; default false.
storage.mmapv1.quota.maxFilesPerDB : Max data files per database; default 8.
storage.mmapv1.smallFiles : Use smaller default file size; default false.
storage.wiredTiger.engineConfig.cacheSizeGB : Maximum internal cache size; up to half of RAM minus 1 GB.
storage.wiredTiger.engineConfig.journalCompressor : Compression for WiredTiger journal (none, snappy, zlib).
storage.wiredTiger.directoryForIndexes : Store indexes in a separate directory when true.
storage.wiredTiger.collectionConfig.blockCompressor : Data compression format (none, snappy, zlib).
storage.wiredTiger.indexConfig.prefixCompression : Enable prefix compression for indexes; default true.
storage.inMemory.engineConfig.inMemorySizeGB : Max memory for in‑memory engine; default half of RAM minus 1 GB.
Slow Query Profiling
<code>operationProfiling:
slowOpThresholdMs: <int>
mode: <string>
</code>operationProfiling.slowOpThresholdMs : Threshold for slow operations, default 100 ms.
operationProfiling.mode : Profiling mode; "slowOp" records slow queries, "all" records all operations.
Replication Settings
<code>replication:
oplogSizeMB: <int>
replSetName: <string>
secondaryIndexPrefetch: <string>
enableMajorityReadConcern: <boolean>
</code>replication.oplogSizeMB : Maximum size of the oplog; default about 5 % of disk.
replication.replSetName : Name of the replica set.
replication.secondaryIndexPrefetch : For mmapv1 engine, default "all"; preloads indexes before applying oplog.
replication.enableMajorityReadConcern : Enable majority read concern; default false.
Sharding Configuration
<code>sharding:
clusterRole: <string>
archiveMovedChunks: <boolean>
</code>sharding.clusterRole : Role of the node, e.g., "configsvr" or "shardsvr".
sharding.archiveMovedChunks : Whether to archive chunks moved during migration; default false.
Mongos Parameters
<code>mongos:
replication:
localPingThresholdMs: <int>
sharding:
configDB: <string>
</code>mongos.replication.localPingThresholdMs : Default 15 ms; ping value updated every 10 s to route requests to low‑latency secondaries.
mongos.sharding.configDB : List of config servers for the cluster.
Raymond Ops
Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.