mongod(1)



MONGOD(1)                       mongodb-manual                       MONGOD(1)

NAME
       mongod - MongoDB Server

SYNOPSIS
       mongod is the primary daemon process for the MongoDB system. It handles
       data requests, manages data format, and performs background  management
       operations.

       This  document provides a complete overview of all command line options
       for mongod. These options are primarily useful for testing purposes. In
       common  operation,  use  the  configuration file options to control the
       behavior of your database, which is fully  capable  of  all  operations
       described below.

OPTIONS
   Core Options
       mongod

       --help, -h
              Returns information on mongod options and usage.

       --version
              Returns the mongod release number.

       --config <filename>, -f
              Specifies   a   configuration  file  for  runtime  configuration
              options. The configuration file is the preferred method for run-
              time  configuration of mongod. The options are equivalent to the
              command-line   configuration   options.   See   http://docs.mon-
              godb.org/manual/reference/configuration-options  for more infor-
              mation.

              Ensure the configuration file uses ASCII encoding.  mongod  does
              not support configuration files with non-ASCII encoding, includ-
              ing UTF-8.

       --verbose, -v
              Increases the amount of internal reporting returned on  standard
              output  or in log files. Increase the verbosity with the -v form
              by including the option multiple times, (e.g. -vvvvv.)

       --quiet
              Runs mongod in a quiet mode that attempts to limit the amount of
              output. This option suppresses:

              o output from database commands

              o replication activity

              o connection accepted events

              o connection closed events

       --port <port>
              Specifies  the port number when the MongoDB instance is not run-
              ning on the standard port of 27017. You  may  also  specify  the
              port number using the --host option.

       --bind_ip <ip address>
              Specifies  the  IP  address that the mongod process binds to and
              listens for connections on. By default mongod listens  for  con-
              nections for all interfaces. You may attach mongod to any inter-
              face. When attaching mongod to a publicly accessible  interface,
              ensure that you have implemented proper authentication and fire-
              wall restrictions to protect the integrity of your database.

       --maxConns <number>
              Specifies the maximum number of  simultaneous  connections  that
              mongod  will  accept. This setting has no effect if it is higher
              than  your  operating  system's  configured  maximum  connection
              tracking threshold.

              Changed  in version 2.6: MongoDB removed the upward limit on the
              maxConns setting.

       --syslog
              Sends all logging output to the host's syslog system rather than
              to standard output or a log file as with --logpath.

              --syslog is not supported on Windows.

       --syslogFacility <string>
              Specifies  the facility level used when logging messages to sys-
              log. The default is user. The value you  specify  must  be  sup-
              ported  by  your operating system's implementation of syslog. To
              use this option, you must enable the --syslog option.

       --logpath <path>
              Specifies the path for the log file that  holds  all  diagnostic
              logging information.

              Unless  specified, mongod will output all log information to the
              standard output. Additionally, unless you also specify  --logap-
              pend, the logfile will be overwritten when the process restarts.

              NOTE:
                 The  behavior  of  the  logging system may change in the near
                 future in response to the SERVER-4499 case.

       --logappend
              Appends new entries to the end of the logfile  when  the  mongod
              restarts instead of overwriting the content of the log.

       --timeStampFormat <string>
              Specifies  the time format for timestamps in log messages. Spec-
              ify one of the following values:

                       +--------------+------------------------------+
                       |Value         | Description                  |
                       +--------------+------------------------------+
                       |ctime         | Displays timestamps as Wed   |
                       |              | Dec 31 18:17:54.811.         |
                       +--------------+------------------------------+
                       |iso8601-utc   | Displays   timestamps   in   |
                       |              | Coordinated Universal Time   |
                       |              | (UTC) in the ISO-8601 for-   |
                       |              | mat. For example, for  New   |
                       |              | York  at  the start of the   |
                       |              | Epoch:                       |
                       |              | 1970-01-01T00:00:00.000Z     |
                       +--------------+------------------------------+

                       |iso8601-local | Default   value.  Displays   |
                       |              | timestamps in  local  time   |
                       |              | in  the  ISO-8601  format.   |
                       |              | For example, for New  York   |
                       |              | at the start of the Epoch:   |
                       |              | 1969-12-31T19:00:00.000+0500 |
                       +--------------+------------------------------+

       --diaglog <value>
              Deprecated since version 2.6.

              --diaglog is for internal use and not intended for most users.

              Creates  a  very verbose, diagnostic log for troubleshooting and
              recording various errors. MongoDB writes these log files in  the
              dbpath directory in a series of files that begin with the string
              diaglog and end with the initiation time of the logging as a hex
              string.

              The  specified value configures the level of verbosity. Possible
              values, and their impact are as follows.

                            +------+----------------------------+
                            |Value | Setting                    |
                            +------+----------------------------+
                            |0     | off. No logging.           |
                            +------+----------------------------+
                            |1     | Log write operations.      |
                            +------+----------------------------+
                            |2     | Log read operations.       |
                            +------+----------------------------+
                            |3     | Log both  read  and  write |
                            |      | operations.                |
                            +------+----------------------------+
                            |7     | Log  write  and  some read |
                            |      | operations.                |
                            +------+----------------------------+

              You can use the mongosniff tool to replay this output for inves-
              tigation. Given a typical diaglog file, located at /data/db/dia-
              glog.4f76a58c, you might use a command in the following form  to
              read these files:

                 mongosniff --source DIAGLOG /data/db/diaglog.4f76a58c

              WARNING:
                 Setting  the  diagnostic level to 0 will cause mongod to stop
                 writing data to the diagnostic log file. However, the  mongod
                 instance  will  continue to keep the file open, even if it is
                 no longer writing data to the file.  If you want  to  rename,
                 move, or delete the diagnostic log you must cleanly shut down
                 the mongod instance before doing so.

       --traceExceptions
              For internal diagnostic use only.

       --pidfilepath <path>
              Specifies a file location to hold the "PID" or process ID of the
              mongod process. Useful for tracking the mongod process in combi-
              nation with the --fork option.

              Without a specified --pidfilepath option, mongod creates no  PID
              file.

       --keyFile <file>
              Specifies  the path to a key file to store authentication infor-
              mation. This option  is  used  for  interprocess  authentication
              among  the  mongos  and mongod instances of a sharded cluster or
              replica set.

       --setParameter <options>
              New in version 2.4.

              Specifies an option to configure on  startup.  Specify  multiple
              options    with    multiple    --setParameter    options.    See
              http://docs.mongodb.org/manual/reference/parameters   for   full
              documentation  of  these  parameters.  The setParameter database
              command provides access to many of these parameters. --setParam-
              eter supports the following options:

              o enableLocalhostAuthBypass

              o enableTestCommands

              o journalCommitInterval

              o logLevel

              o logUserIds

              o notablescan

              o quiet

              o replApplyBatchSize

              o replIndexPrefetch

              o supportCompatibilityFormPrivilegeDocuments

              o syncdelay

              o textSearchEnabled

              o traceExceptions

              o saslauthdPath

              o authenticationMechanisms

              o sslMode

              o clusterAuthMode

       --httpinterface
              New in version 2.6.

              Enables  the HTTP interface. Enabling the interface can increase
              network exposure.

              Leave the HTTP interface disabled for production deployments. If
              you  do  enable  this  interface,  you should only allow trusted
              clients to access this port. See security-firewalls.

              NOTE:
                 In MongoDB Enterprise, the HTTP Console does not support Ker-
                 beros Authentication.

       --nohttpinterface
              Deprecated  since  version 2.6: MongoDB disables the HTTP inter-
              face by default.

              Disables the HTTP interface.

              Do not use in conjunction with --rest or --jsonp.

              NOTE:
                 In MongoDB Enterprise, the HTTP Console does not support Ker-
                 beros Authentication.

       --clusterAuthMode <option>
              New in version 2.6.

              Enables  internal  x.509  authentication  for  membership to the
              cluster or replica set. The --clusterAuthMode  option  can  have
              one of the following values:

                         +------------+----------------------------+
                         |Value       | Description                |
                         +------------+----------------------------+
                         |keyFile     | Default value. Use keyfile |
                         |            | for authentication.        |
                         +------------+----------------------------+
                         |sendKeyFile | For rolling  upgrade  pur- |
                         |            | poses.  Send  the  keyfile |
                         |            | for authentication but can |
                         |            | accept  either  keyfile or |
                         |            | x.509 certificate.         |
                         +------------+----------------------------+
                         |sendX509    | For rolling  upgrade  pur- |
                         |            | poses. Send the x.509 cer- |
                         |            | tificate  for  authentica- |
                         |            | tion but can accept either |
                         |            | keyfile or x.509  certifi- |
                         |            | cate.                      |
                         +------------+----------------------------+
                         |x509        | Recommended.    Send   the |
                         |            | x.509   certificate    for |
                         |            | authentication  and accept |
                         |            | only x.509 certificate.    |
                         +------------+----------------------------+

              The default distribution of MongoDB does not contain support for
              SSL.    For   more   information   on   MongoDB   and  SSL,  see
              http://docs.mongodb.org/manual/tutorial/configure-ssl.

       --nounixsocket
              Disables listening on the UNIX socket. mongod always listens  on
              the  UNIX  socket, unless either: --nounixsocket is set, bind_ip
              is not set, or bind_ip does not specify 127.0.0.1.

              New in version 2.6: mongod installed from official .deb and .rpm
              packages  have  the  bind_ip  configuration  set to 127.0.0.1 by
              default.

       --unixSocketPrefix <path>
              Specifies a path for the UNIX socket.  If  this  option  has  no
              value, mongod creates a socket with /tmp as a prefix.

              MongoDB  will  always create and listen on a UNIX socket, unless
              --nounixsocket is set, bind_ip is not set, or bind_ip  does  not
              specify 127.0.0.1.

       --fork Enables  a  daemon  mode for mongod that runs the process in the
              background. This is the normal mode of operation  in  production
              and  production-like  environments  but may not be desirable for
              testing.

       --auth Enables database authentication for users connecting from remote
              hosts.  Configure  users via the mongo shell. If no users exist,
              the localhost interface will continue  to  have  access  to  the
              database until the you create the first user.

              See Security and Authentication for more information.

       --noauth
              Disables  authentication.  Currently  the  default.  Exists  for
              future compatibility and clarity.

       --ipv6 Enables IPv6 support, which allows mongod to connect to the Mon-
              goDB  instance  using  an IPv6 network. All MongoDB programs and
              processes, including mongod, disable IPv6 support by default.

       --jsonp
              Permits JSONP access via an HTTP interface. Consider  the  secu-
              rity implications of allowing this activity before enabling this
              option. If the HTTP interface  is  disabled,  the  --jsonp  also
              enables the HTTP interface.

              SEE ALSO:
                 --httpinterface

       --rest Enables  the simple REST API. Consider the security implications
              of allowing this activity before enabling this option.

              If the HTTP interface  is  disabled,  the  --rest  setting  also
              enables the HTTP interface.

              SEE ALSO:
                 --httpinterface to enable the HTTP interface.

       --slowms <value>
              Defines the value of "slow," for the --profile option. The data-
              base logs all slow queries to the log, even when the profiler is
              not turned on. When the database profiler is on, mongod the pro-
              filer writes to the system.profile collection. See  the  profile
              command for more information on the database profiler.

       --profile <level>
              Changes  the level of database profiling, which inserts informa-
              tion about operation performance into output of  mongod  or  the
              log file. The following levels are available:

                            +------+----------------------------+
                            |Level | Setting                    |
                            +------+----------------------------+
                            |0     | Off. No profiling.         |
                            +------+----------------------------+
                            |1     | On.   Only  includes  slow |
                            |      | operations.                |
                            +------+----------------------------+
                            |2     | On.  Includes  all  opera- |
                            |      | tions.                     |
                            +------+----------------------------+

              Profiling is off by default. Database profiling can impact data-
              base performance. Enable this option only after careful  consid-
              eration.

       --cpu  Forces  mongod  to  report  the  percentage of CPU time in write
              lock. mongod generates output every four seconds. MongoDB writes
              this data to standard output or the logfile if using the logpath
              option.

       --sysinfo
              Returns diagnostic system information and then exits. The infor-
              mation provides the page size, the number of physical pages, and
              the number of available physical pages.

       --dbpath <path>
              Specifies the directory where the  mongod  instance  stores  its
              data.  Typical locations include: /srv/mongodb, /var/lib/mongodb
              or /opt/mongodb

              Unless specified, mongod will look for data files in the default
              /data/db  directory.  (Windows  systems  use the \data\db direc-
              tory.) If you installed using a package management system. Check
              the  /etc/mongodb.conf file provided by your packages to see the
              configuration of the --dbpath.

       --directoryperdb
              Alters the storage pattern of the data directory to  store  each
              database's  files  in a distinct folder. This option will create
              directories within the --dbpath named for each directory.

              Use this option in conjunction with your file system and  device
              configuration  so  that  MongoDB  will store data on a number of
              distinct disk devices  to  increase  write  throughput  or  disk
              capacity.

              WARNING:
                 If  you  have an existing mongod instance and dbpath, and you
                 want to enable --directoryperdb, you must migrate your exist-
                 ing  databases to directories before setting --directoryperdb
                 to access those databases.

   Example
       Given a dbpath directory with the following items:

          journal
          mongod.lock
          local.0
          local.1
          local.ns
          test.0
          test.1
          test.ns

       To enable --directoryperdb you would  need  to  modify  the  dbpath  to
       resemble the following:

          journal
          mongod.lock
          local/local.0
          local/local.1
          local/local.ns
          test/test.0
          test/test.1
          test/test.ns

       --noIndexBuildRetry
              Stops  mongod from rebuilding indexes on the next start-up after
              the program had shut down or stopped in the middle of  an  index
              build.

       --noprealloc
              Disables  the  preallocation  of  data  files. This shortens the
              start up time in some cases and can  cause  significant  perfor-
              mance penalties during normal operations.

       --nssize <value>
              Specifies  the  default size for namespace files (i.e .ns). This
              option has no impact on the size of  existing  namespace  files.
              The maximum size is 2047 megabytes.

              The  default  value is 16 megabytes, which provides for approxi-
              mately 24,000 namespaces.  Each  collection,  as  well  as  each
              index, counts as a namespace.

       --quota
              Enables  a maximum limit for the number data files each database
              can have. When running with --quota, there are a  maximum  of  8
              data  files per database. Adjust the quota with the --quotaFiles
              option.

       --quotaFiles <number>
              Modifies the limit on the number of  data  files  per  database.
              This  option requires the --quota setting. The default value for
              --quotaFiles is 8.

       --smallfiles
              Enables a mode where MongoDB uses a smaller default  file  size.
              Specifically,  --smallfiles  reduces  the  initial size for data
              files and  limits  them  to  512  megabytes.  --smallfiles  also
              reduces  the  size  of each journal files from 1 gigabyte to 128
              megabytes.

              Use --smallfiles if you have a large number  of  databases  that
              each  holds a small quantity of data. --smallfiles can lead your
              mongod to create a large number of files, which may affect  per-
              formance for larger databases.

       --syncdelay <value>
              Controls  how  much time can pass before MongoDB flushes data to
              the data files via an fsync operation. Do not set this value  on
              production systems. In almost every situation you should not set
              this value and use the default setting.

              WARNING:
                 If you set --syncdelay to 0, MongoDB will not sync the memory
                 mapped files to disk.

              mongod writes data very quickly to the journal and lazily to the
              data  files.  The  default  syncdelay  setting  is  60  seconds.
              syncdelay has no effect on the journal files or journaling.

              The  serverStatus  command reports the background flush thread's
              status via the backgroundFlushing field.

       --upgrade
              Upgrades the on-disk data format of the files specified  by  the
              --dbpath to the latest version, if needed.

              This  option  only  affects  the operation of mongod if the data
              files are in an old format.

              In most cases you should not set this value, so you can exercise
              the  most  control  over  your  upgrade process. See the MongoDB
              release notes (on the download page) for more information  about
              the upgrade process.

       --repair
              Runs  a  repair  routine on all databases. This is equivalent to
              shutting down and running the repairDatabase database command on
              all databases.

              WARNING:
                 During normal operations, only use the repairDatabase command
                 and wrappers including db.repairDatabase() in the mongo shell
                 and mongod --repair, to compact database files and/or reclaim
                 disk space. Be aware that these operations remove and do  not
                 save any corrupt data during the repair process.

                 If  you  are  trying  to repair a replica set member, and you
                 have access to an intact copy of your  data  (e.g.  a  recent
                 backup  or  an  intact member of the replica set), you should
                 restore from that intact copy, and not use repairDatabase.

              When using journaling, there is almost never  any  need  to  run
              repairDatabase.  In the event of an unclean shutdown, the server
              will be able restore the data files to a pristine state automat-
              ically.

              Changed in version 2.1.2.

              If  you  run  the repair option and have data in a journal file,
              mongod refuses to start. In these cases you should start  mongod
              without the --repair option to allow mongod to recover data from
              the journal. This completes more quickly and is more  likely  to
              produce  valid  data  files.  To  continue  the repair operation
              despite the journal files, shut down mongod cleanly and  restart
              with the --repair option.

              --repair  copies  data  from the source data files into new data
              files in the repairpath, and then  replaces  the  original  data
              files with the repaired data files. If repairpath is on the same
              device as dbpath, you may interrupt a  mongod  running  --repair
              without affecting the integrity of the data set.

       --repairpath <path>
              Specifies  the  root  directory containing MongoDB data files to
              use for the --repair operation. Defaults  to  a  _tmp  directory
              within the dbpath.

       --objcheck
              Forces  the  mongod  to  validate all requests from clients upon
              receipt to ensure that clients never  insert  invalid  documents
              into  the  database. For objects with a high degree of sub-docu-
              ment nesting, --objcheck can have a small impact on performance.
              You can set --noobjcheck to disable object checking at runtime.

              Changed  in  version 2.4: MongoDB enables --objcheck by default,
              to prevent any client from inserting malformed or  invalid  BSON
              into a MongoDB database.

       --noobjcheck
              New in version 2.4.

              Disables  the  default document validation that MongoDB performs
              on all incoming BSON documents.

       --noscripting
              Disables the scripting engine.

       --notablescan
              Forbids operations that require a table scan.

       --journal
              Enables operation journaling to ensure write durability and data
              file  validity.  mongod  enables journaling by default on 64-bit
              builds of versions after 2.0.

       --nojournal
              Disables the durability journaling. By default,  mongod  enables
              journaling in 64-bit versions after v2.0.

       --journalOptions <arguments>
              Provides  functionality  for  testing.  Not for general use, and
              will affect data file integrity in the case of  abnormal  system
              shutdown.

       --journalCommitInterval <value>
              Specifies the maximum amount of time for mongod to allow between
              journal operations. Possible values are between 2 and  300  mil-
              liseconds.  Lower values increase the durability of the journal,
              at the expense of disk performance.

              The default journal commit interval is  100  milliseconds  if  a
              single  block  device (e.g. physical volume, RAID device, or LVM
              volume) contains both the journal and the data files.

              If the journal is on a different  block  device  than  the  data
              files the default journal commit interval is 30 milliseconds.

              To  force  mongod  to commit to the journal more frequently, you
              can specify j:true. When a write operation with j:true is  pend-
              ing,  mongod will reduce journalCommitInterval to a third of the
              set value.

       --shutdown
              Used in control scripts, the --shutdown cleanly and safely  ter-
              minates  the  mongod  process.  When  invoking  mongod with this
              option you must set the --dbpath option either  directly  or  by
              way of the configuration file and the --config option.

              The --shutdown option is available only on Linux systems.

   Replication Options
       --replSet <setname>
              Configures  replication.  Specify a replica set name as an argu-
              ment to this set. All hosts in the replica  set  must  have  the
              same set name.

              IMPORTANT:
                 If  your  application  connects to more than one replica set,
                 each set should have a  distinct  name.  Some  drivers  group
                 replica set connections by replica set name.

       --oplogSize <value>
              Specifies a maximum size in megabytes for the replication opera-
              tion log (e.g. oplog.) By mongod creates an oplog based  on  the
              maximum  amount  of  space available. For 64-bit systems, the op
              log is typically 5% of available disk space. Once the mongod has
              created  the oplog for the first time, changing --oplogSize will
              not affect the size of the oplog.

       --replIndexPrefetch
              New in version 2.2.

              You must use --replIndexPrefetch in  conjunction  with  replSet.
              The default value is all and available options are:

              o none

              o all

              o _id_only

              By  default  secondary  members  of  a replica set will load all
              indexes related to an  operation  into  memory  before  applying
              operations  from the oplog. You can modify this behavior so that
              the secondaries will only load the _id index.  Specify  _id_only
              or  none  to prevent the mongod from loading any index into mem-
              ory.

   Master-Slave Replication
       These options provide  access  to  conventional  master-slave  database
       replication.  While  this  functionality remains accessible in MongoDB,
       replica sets are the preferred configuration for database replication.

       --master
              Configures mongod to run as a replication master.

       --slave
              Configures mongod to run as a replication slave.

       --source <host><:port>
              For use with the --slave option, the --source option  designates
              the server that this instance will replicate.

       --only <arg>
              For  use  with  the  --slave option, the --only option specifies
              only a single database to replicate.

       --slavedelay <value>
              For use with the --slave option, the --slavedelay option config-
              ures a "delay" in seconds, for this slave to wait to apply oper-
              ations from the master node.

       --autoresync
              For use with the --slave option. When set,  --autoresync  option
              allows  this slave to automatically resync if it is more than 10
              seconds behind the master. This setting may  be  problematic  if
              the --oplogSize specifies a too small oplog.

              If  the  oplog  is  not  large enough to store the difference in
              changes between the master's current state and the state of  the
              slave,  this instance will forcibly resync itself unnecessarily.
              When you set the autoresync option to false, the slave will  not
              attempt  an  automatic  resync  more  than  once in a ten minute
              period.

       --fastsync
              In the context of replica set replication, set  this  option  if
              you  have  seeded  this  member with a snapshot of the dbpath of
              another member of the set. Otherwise the mongod will attempt  to
              perform an initial sync, as though the member were a new member.

              In  the  context  of replica set replication, set this option if
              you have seeded this member with a snapshot  of  the  dbpath  of
              another  member of the set. Otherwise the mongod will attempt to
              perform an initial sync, as though the member were a new member.

              WARNING:
                 If the data is not perfectly synchronized and  mongod  starts
                 with  fastsync,  then  the  secondary or slave will be perma-
                 nently out of sync with the primary, which may cause signifi-
                 cant consistency problems.

   Sharded Cluster Options
       --configsvr
              Declares that this mongod instance serves as the config database
              of a sharded cluster. When running  with  this  option,  clients
              will not be able to write data to any database other than config
              and admin. The default port for a mongod  with  this  option  is
              27019  and  the  default  --dbpath  directory is /data/configdb,
              unless specified.

              Changed in version 2.2: --configsvr also sets --smallfiles.

              Changed in version 2.4: --configsvr creates a local oplog.

              Do not use --configsvr  with  --replSet  or  --shardsvr.  Config
              servers cannot be a shard server or part of a replica set.

       --shardsvr
              Configures  this  mongod  instance  as  a shard in a partitioned
              cluster. The default port for these  instances  is  27018.   The
              only effect of --shardsvr is to change the port number.

       --moveParanoia
              New in version 2.4.

              During   chunk  migrations,  --moveParanoia  forces  the  mongod
              instances to save all documents migrated from this shard in  the
              moveChunk  directory of the dbpath. MongoDB does not delete data
              from this directory.

              Prior to 2.4, --moveParanoia was the default  behavior  of  Mon-
              goDB.

   SSL Options
   See
       http://docs.mongodb.org/manual/tutorial/configure-ssl for full documen-
       tation of MongoDB's support.

       --ssl  New in version 2.6.

              Enables connection to a mongod or mongos that  has  SSL  support
              enabled.

              The default distribution of MongoDB does not contain support for
              SSL.   For  more   information   on   MongoDB   and   SSL,   see
              http://docs.mongodb.org/manual/tutorial/configure-ssl.

       --sslMode <mode>
              New in version 2.6.

              Enables  SSL  or  mixed  SSL  on  a  port.  The  argument to the
              --sslMode option can be one of the following:

                         +-----------+----------------------------+
                         |Value      | Description                |
                         +-----------+----------------------------+
                         |disabled   | The server  does  not  use |
                         |           | SSL.                       |
                         +-----------+----------------------------+
                         |allowSSL   | Connections        between |
                         |           | servers do  not  use  SSL. |
                         |           | For  incoming connections, |
                         |           | the  server  accepts  both |
                         |           | SSL and non-SSL.           |
                         +-----------+----------------------------+
                         |preferSSL  | Connections        between |
                         |           | servers   use   SSL.   For |
                         |           | incoming  connections, the |
                         |           | server  accepts  both  SSL |
                         |           | and non-SSL.               |
                         +-----------+----------------------------+
                         |requireSSL | The    server   uses   and |
                         |           | accepts only SSL encrypted |
                         |           | connections.               |
                         +-----------+----------------------------+

              The default distribution of MongoDB does not contain support for
              SSL.   For  more   information   on   MongoDB   and   SSL,   see
              http://docs.mongodb.org/manual/tutorial/configure-ssl.

       --sslPEMKeyFile <filename>
              New in version 2.6.

              Specifies  the  .pem file that contains both the SSL certificate
              and key. Specify the file name of the .pem file  using  relative
              or absolute paths.

              This  option  is required when using the --ssl option to connect
              to a  mongod  or  mongos  that  has  sslCAFile  enabled  without
              sslWeakCertificateValidation.

              The default distribution of MongoDB does not contain support for
              SSL.   For  more   information   on   MongoDB   and   SSL,   see
              http://docs.mongodb.org/manual/tutorial/configure-ssl.

       --sslPEMKeyPassword <value>
              New in version 2.6.

              Specifies  the  password  to  de-crypt  the certificate-key file
              (i.e.  --sslPEMKeyFile). Use  --sslPEMKeyPassword  only  if  the
              certificate-key  file  is  encrypted.  In all cases, mongod will
              redact the password from all logging and reporting output.

              If the private key in the PEM file is encrypted and you  do  not
              specify   --sslPEMKeyPassword,   mongod   will   prompt   for  a
              passphrase.  See ssl-certificate-password.

              The default distribution of MongoDB does not contain support for
              SSL.    For   more   information   on   MongoDB   and  SSL,  see
              http://docs.mongodb.org/manual/tutorial/configure-ssl.

       --sslClusterFile <filename>
              New in version 2.6.

              Specifies the .pem file that contains the x.509  certificate-key
              file  for  membership  authentication for the cluster or replica
              set.

              The default distribution of MongoDB does not contain support for
              SSL.    For   more   information   on   MongoDB   and  SSL,  see
              http://docs.mongodb.org/manual/tutorial/configure-ssl.

       --sslClusterPassword <value>
              New in version 2.6.

              Specifies the password to  de-crypt  the  x.509  certificate-key
              file  specified  with --sslClusterFile. Use --sslClusterPassword
              only if the certificate-key file is  encrypted.  In  all  cases,
              mongod  will  redact the password from all logging and reporting
              output.

              Changed in version 2.6: If the x.509 key file is  encrypted  and
              you  do not specify --sslClusterPassword, mongod will prompt for
              a passphrase. See ssl-certificate-password.

              The default distribution of MongoDB does not contain support for
              SSL.    For   more   information   on   MongoDB   and  SSL,  see
              http://docs.mongodb.org/manual/tutorial/configure-ssl.

       --sslCAFile <filename>
              New in version 2.6.

              Specifies the .pem file that contains the root certificate chain
              from  the  Certificate  Authority.  Specify the file name of the
              .pem file using relative or absolute paths.

              The default distribution of MongoDB does not contain support for
              SSL.    For   more   information   on   MongoDB   and  SSL,  see
              http://docs.mongodb.org/manual/tutorial/configure-ssl.

       --sslCRLFile <filename>
              New in version 2.6.

              Specifies the .pem file that contains the Certificate Revocation
              List.  Specify  the file name of the .pem file using relative or
              absolute paths.

              The default distribution of MongoDB does not contain support for
              SSL.    For   more   information   on   MongoDB   and  SSL,  see
              http://docs.mongodb.org/manual/tutorial/configure-ssl.

       --sslAllowInvalidCertificates
              New in version 2.6.

              Bypasses the  validation  checks  for  server  certificates  and
              allows the use of invalid certificates. When using the sslAllow-
              InvalidCertificates setting, MongoDB logs as a warning  the  use
              of the invalid certificate.

              The default distribution of MongoDB does not contain support for
              SSL.   For  more   information   on   MongoDB   and   SSL,   see
              http://docs.mongodb.org/manual/tutorial/configure-ssl.

       --sslWeakCertificateValidation
              New in version 2.4.

              Disables  the  requirement  for  SSL certificate validation that
              --sslCAFile enables. With --sslWeakCertificateValidation, mongod
              will  accept connections when the client does not present a cer-
              tificate when establishing the connection.

              If  the  client  presents   a   certificate   and   mongod   has
              --sslWeakCertificateValidation enabled, mongod will validate the
              certificate  using  the  root  certificate  chain  specified  by
              --sslCAFile and reject clients with invalid certificates.

              Use  --sslWeakCertificateValidation  if you have a mixed deploy-
              ment that includes clients that do not or  cannot  present  cer-
              tificates to mongod.

              The default distribution of MongoDB does not contain support for
              SSL.   For  more   information   on   MongoDB   and   SSL,   see
              http://docs.mongodb.org/manual/tutorial/configure-ssl.

       --sslFIPSMode
              New in version 2.6.

              Directs  mongod  to  use  the FIPS mode of the installed OpenSSL
              library. Your system must have a FIPS compliant OpenSSL  library
              to use --sslFIPSMode.

              The default distribution of MongoDB does not contain support for
              SSL.   For  more   information   on   MongoDB   and   SSL,   see
              http://docs.mongodb.org/manual/tutorial/configure-ssl.

   Audit Options
       --auditDestination
              Enables  auditing. The --auditDestination option can have one of
              the following values:

                           +--------+----------------------------+
                           |Value   | Description                |
                           +--------+----------------------------+

                           |syslog  | Output the audit events to |
                           |        | syslog in JSON format. Not |
                           |        | available   on    Windows. |
                           |        | Audit messages have a sys- |
                           |        | log severity level of info |
                           |        | and  a  facility  level of |
                           |        | user.                      |
                           |        |                            |
                           |        | The syslog  message  limit |
                           |        | can  result in the trunca- |
                           |        | tion  of  the  audit  mes- |
                           |        | sages. The auditing system |
                           |        | will  neither  detect  the |
                           |        | truncation  nor error upon |
                           |        | its occurrence.            |
                           +--------+----------------------------+
                           |console | Output the audit events to |
                           |        | stdout in JSON format.     |
                           +--------+----------------------------+
                           |file    | Output the audit events to |
                           |        | the  file   specified   in |
                           |        | --auditPath  in the format |
                           |        | specified  in  --auditFor- |
                           |        | mat.                       |
                           +--------+----------------------------+

              NOTE:
                 The audit system is available only in MongoDB Enterprise.

       --auditFormat
              Specifies the format of the output file if --auditDestination is
              file. The --auditFormat can have one of the following values:

                            +------+----------------------------+
                            |Value | Description                |
                            +------+----------------------------+
                            |JSON  | Output the audit events in |
                            |      | JSON  format  to  the file |
                            |      | specified in --auditPath.  |
                            +------+----------------------------+
                            |BSON  | Output the audit events in |
                            |      | BSON  binary format to the |
                            |      | file specified in --audit- |
                            |      | Path.                      |
                            +------+----------------------------+

              Printing  audit  events to a file in JSON format degrades server
              performance more than printing to a file in BSON format.

              NOTE:
                 The audit system is available only in MongoDB Enterprise.

       --auditPath
              Specifies the output file for auditing if --auditDestination has
              value  of  file.  The  --auditPath option can take either a full
              path name or a relative path name.

              NOTE:
                 The audit system is available only in MongoDB Enterprise.

       --auditFilter
              Specifies the filter to limit the types of operations the  audit
              system records. The option takes a document of the form:

                 { atype: <expression> }

              For  authentication operations, the option can also take a docu-
              ment of the form:

                 { atype: <expression>, "param.db": <database> }

              NOTE:
                 The audit system is available only in MongoDB Enterprise.

AUTHOR
       MongoDB Documentation Project

COPYRIGHT
       2011-2014, MongoDB, Inc.

2.6                             March 18, 2014                       MONGOD(1)

Man(1) output converted with man2html
list of all man pages