Master MongoDB Config: System Log, Network, Security & More
This article provides a comprehensive overview of MongoDB's configuration file, detailing system log options, process management, network settings, security parameters, storage engine configurations, slow query profiling, replication, sharding, and mongos-specific settings, with explanations of each option and recommended defaults.
MongoDB Configuration File Explanation
System Log Configuration
systemLog:
verbosity: <int>
quiet: <boolean>
traceAllExceptions: <boolean>
syslogFacility: <string>
path: <string>
logAppend: <boolean>
logRotate: <string>
destination: <string>
timeStampFormat: <string>
component:
accessControl:
verbosity: <int>
command:
verbosity: <int>verbosity : Log level, default 0, range 1‑5.
quiet : Suppress log output; not recommended for production.
traceAllExceptions : Print detailed exception information for troubleshooting.
syslogFacility : Default "user"; logs are sent to syslog facility; requires --syslog option.
path : Specifies log file location.
logAppend : When true, logs are appended after restart; default false creates new file each start.
logRotate : Log rotation method, default "rename". Can set "reopen" with logAppend=true.
destination : Output method, file or syslog.
timeStampFormat : Timestamp format, default local (iso8601-local); options iso8601-utc, ctime.
Process Management
processManagement:
fork: <boolean>
pidFilePath: <string>fork : Run as daemon.
pidFilePath : Location of PID file.
Network Options
net:
port: <int>
bindIp: <string>
maxIncomingConnections: <int>
wireObjectCheck: <boolean>
ipv6: <boolean>
unixDomainSocket:
enabled: <boolean>
pathPrefix: <string>
filePermissions: <int>
http:
enabled: <boolean>
JSONPEnabled: <boolean>
RESTInterfaceEnabled: <boolean>
ssl:
sslOnNormalPorts: <boolean> # deprecated since 2.6
mode: <string>
PEMKeyFile: <string>
PEMKeyPassword: <string>
clusterFile: <string>
clusterPassword: <string>
CAFile: <string>
CRLFile: <string>
allowConnectionsWithoutCertificates: <boolean>
allowInvalidCertificates: <boolean>
allowInvalidHostnames: <boolean>
disabledProtocols: <string>
FIPSMode: <boolean>
compression:
compressors: <string>net.port : Listening port.
net.bindIp : IP address to bind.
net.maxIncomingConnections : Maximum concurrent connections, default 65535.
net.wireObjectCheck : Validate incoming BSON, default true.
net.ipv6 : Enable IPv6, default false.
net.unixDomainSocket.enabled : Enable Unix domain socket, default true.
net.unixDomainSocket.pathPrefix : Socket file path, default /tmp.
net.unixDomainSocket.filePermissions : Permissions for socket file, default 0700.
net.http.enabled : HTTP interface, default false (deprecated since 3.2).
net.http.JSONPEnabled and net.http.RESTInterfaceEnabled : Deprecated JSONP and REST API options.
net.ssl : SSL configuration parameters.
net.compression.compressors : Enable network compression.
Security Settings
security:
keyFile: <string>
clusterAuthMode: <string>
authorization: <string>
transitionToAuth: <boolean>
javascriptEnabled: <boolean>
redactClientLogData: <boolean>
sasl:
hostName: <string>
serviceName: <string>
saslauthdSocketPath: <string>
enableEncryption: <boolean>
encryptionCipherMode: <string>
encryptionKeyFile: <string>
kmip:
keyIdentifier: <string>
rotateMasterKey: <boolean>
serverName: <string>
port: <string>
clientCertificateFile: <string>
clientCertificatePassword: <string>
serverCAFile: <string>
ldap:
servers: <string>
bind:
method: <string>
saslMechanism: <string>
queryUser: <string>
queryPassword: <string>
useOSDefaults: <boolean>
transportSecurity: <string>
timeoutMS: <int>
userToDNMapping: <string>
authz:
queryTemplate: <string>security.authorization : Default "disable"; enables role‑based access control when set.
Storage Configuration
storage:
dbPath: <string>
indexBuildRetry: <boolean>
repairPath: <string>
journal:
enabled: <boolean>
commitIntervalMs: <num>
directoryPerDB: <boolean>
syncPeriodSecs: <int>
engine: <string>
mmapv1:
preallocDataFiles: <boolean>
nsSize: <int>
quota:
enforced: <boolean>
maxFilesPerDB: <int>
smallFiles: <boolean>
journal:
debugFlags: <int>
commitIntervalMs: <num>
wiredTiger:
engineConfig:
cacheSizeGB: <number>
journalCompressor: <string>
directoryForIndexes: <boolean>
collectionConfig:
blockCompressor: <string>
indexConfig:
prefixCompression: <boolean>
inMemory:
engineConfig:
inMemorySizeGB: <number>storage.dbPath : Path for data files.
storage.indexBuildRetry : Rebuild incomplete indexes on startup; default true.
storage.repairPath : Temporary path for --repair; removed after use.
storage.journal.enabled : Enable journaling; default true on 64‑bit.
storage.journal.commitIntervalMs : Max time between journal writes, default 100 ms.
storage.directoryPerDB : Store each database in its own directory when true.
storage.syncPeriodSecs : Interval for syncing data to disk; default 60 s, 0 disables syncing.
storage.engine : Storage engine, default "wiredTiger".
storage.mmapv1.preallocDataFiles : Pre‑allocate data files; default true.
storage.mmapv1.nsSize : Namespace file size, default 16 MB.
storage.mmapv1.quota.enforced : Enforce per‑database file count limit; default false.
storage.mmapv1.quota.maxFilesPerDB : Max data files per database; default 8.
storage.mmapv1.smallFiles : Use smaller default file size; default false.
storage.wiredTiger.engineConfig.cacheSizeGB : Maximum internal cache size; up to half of RAM minus 1 GB.
storage.wiredTiger.engineConfig.journalCompressor : Compression for WiredTiger journal (none, snappy, zlib).
storage.wiredTiger.directoryForIndexes : Store indexes in a separate directory when true.
storage.wiredTiger.collectionConfig.blockCompressor : Data compression format (none, snappy, zlib).
storage.wiredTiger.indexConfig.prefixCompression : Enable prefix compression for indexes; default true.
storage.inMemory.engineConfig.inMemorySizeGB : Max memory for in‑memory engine; default half of RAM minus 1 GB.
Slow Query Profiling
operationProfiling:
slowOpThresholdMs: <int>
mode: <string>operationProfiling.slowOpThresholdMs : Threshold for slow operations, default 100 ms.
operationProfiling.mode : Profiling mode; "slowOp" records slow queries, "all" records all operations.
Replication Settings
replication:
oplogSizeMB: <int>
replSetName: <string>
secondaryIndexPrefetch: <string>
enableMajorityReadConcern: <boolean>replication.oplogSizeMB : Maximum size of the oplog; default about 5 % of disk.
replication.replSetName : Name of the replica set.
replication.secondaryIndexPrefetch : For mmapv1 engine, default "all"; preloads indexes before applying oplog.
replication.enableMajorityReadConcern : Enable majority read concern; default false.
Sharding Configuration
sharding:
clusterRole: <string>
archiveMovedChunks: <boolean>sharding.clusterRole : Role of the node, e.g., "configsvr" or "shardsvr".
sharding.archiveMovedChunks : Whether to archive chunks moved during migration; default false.
Mongos Parameters
mongos:
replication:
localPingThresholdMs: <int>
sharding:
configDB: <string>mongos.replication.localPingThresholdMs : Default 15 ms; ping value updated every 10 s to route requests to low‑latency secondaries.
mongos.sharding.configDB : List of config servers for the cluster.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Raymond Ops
Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.