diff --git a/pkg/mongoproxy/plugins/authz/plugin.go b/pkg/mongoproxy/plugins/authz/plugin.go
index af32cae..8690f89 100644
--- a/pkg/mongoproxy/plugins/authz/plugin.go
+++ b/pkg/mongoproxy/plugins/authz/plugin.go
@@ -29,6 +29,10 @@ var (
 		Name: "mongoproxy_plugins_authz_deny_total",
 		Help: "The total deny returns of a command",
 	}, []string{"db", "collection", "command"})
+        authzLogOnly = promauto.NewCounterVec(prometheus.CounterOpts{
+                Name: "mongoproxy_plugins_authz_logonly_total",
+                Help: "The total num of cmd that hit log only policy",
+        }, []string{"type", "user", "policy", "effect", "method", "resource", "command", "db", "collection"})
 
 	OPEN_COMMAND = map[string]struct{}{
 		"isMaster":         {},
@@ -538,9 +542,11 @@ func (p *AuthzPlugin) Process(ctx context.Context, r *plugins.Request, next plug
 		for _, logRule := range result.LogOnlyRules {
 			if identitiesStrings == nil {
 				identitiesStrings = make([][]string, len(identities))
-				for i, id := range identities {
-					identitiesStrings[i] = []string{id.Type(), id.User()}
-				}
+			}
+			for i, id := range identities {
+				identitiesStrings[i] = []string{id.Type(), id.User()}
+				log.Println("Hitting metric mongoproxy_plugins_authz_logonly_total...")
+				authzLogOnly.WithLabelValues(id.Type(), id.User(), logRule.PolicyName, logRule.Effect.String(), result.AuthorizationMethod.String(), result.Resource.String(), r.CommandName, command.GetCommandDatabase(r.Command), command.GetCommandCollection(r.Command)).Inc()
 			}
 			logrus.NewEntry(logrus.StandardLogger()).WithFields(logrus.Fields{
 				"identities": identitiesStrings,