Help Center> Object Storage Service> Developer Guide> Bucket Log Management

View PDF

Bucket Log Management

Bucket access logs are for bucket owners to obtain access data of buckets. After the logging function is enabled, a log is generated for each operation on a bucket and multiple logs are packed into a log file. Requester information and request parameters are saved in bucket access logs and are saved into destination buckets as objects to provide statistics to the bucket owner.

You need to specify a bucket for storing log files when enabling logging for a bucket. Log files can be stored in any bucket in the region where the logged bucket resides, including the logged bucket. To better manage logs, you are advised to store log files in a bucket other than the logged bucket. If log files are stored in the logged bucket, OBS creates additional logs for writing log files to the bucket, which takes up more storage space that will increase your costs and makes it more difficult for you to locate required logs.

The log files are generated by OBS and uploaded to the bucket where the logs are stored. Therefore, OBS needs to be authorized to upload the generated log files. Before configuring bucket log management, you need to generate a delegate for OBS service on IAM and configure the delegate name as a parameter on the bucket. You only need to authorize the agency with the upload permissions for the target bucket, following the principle of least privilege.

Buckets in the Infrequent Access and Archive storage classes cannot be used to store log file. Stored log files occupy storage space in a bucket. Therefore, users are charged for the logging service based on the pricing for data storage.

Format of Generated Logs

After the bucket log function is enabled, a log is generated upon each access to OBS. The format of the bucket access log files generated in the destination bucket is as follows:

3ebc47240f7640e4b6c4b33937dd9b58 hw203 [15/Jun/2015:06:38:27 +0000] 1192.168.0.1 3ebc47240f7640e4b6c4b33937dd9b58 A196564DC12F13AAA19FD56D23B04C58 REST.GET.BUCKET - "GET /hw203 HTTP/1.1" 200 - 247 - 58 58 "-" "curl/7.19.0 (x86_64-suse-linux-gnu) libcurl/7.19.0 OpenSSL/0.9.8^? zlib/1.2.3 libidn/1.10" – –
3ebc47240f7640e4b6c4b33937dd9b58 hw203 [15/Jun/2015:06:38:28 +0000] 1192.168.0.1 3ebc47240f7640e4b6c4b33937dd9b58 2CFE324941EE96DDDD41F5FE57B369DD REST.GET.BUCKET - "GET /hw203 HTTP/1.1" 200 - 247 - 39 39 "-" "curl/7.19.0 (x86_64-suse-linux-gnu) libcurl/7.19.0 OpenSSL/0.9.8 zlib/1.2.3 libidn/1.10" - -
3ebc47240f7640e4b6c4b33937dd9b58 hw203 [15/Jun/2015:06:38:29 +0000] 1192.168.0.1 3ebc47240f7640e4b6c4b33937dd9b58 175189E1217733A1F41F4060DF2E7268 REST.GET.BUCKET - "GET /hw203 HTTP/1.1" 200 - 247 - 22 22 "-" "curl/7.19.0 (x86_64-suse-linux-gnu) libcurl/7.19.0 OpenSSL/0.9.8^? zlib/1.2.3 libidn/1.10" – –
3ebc47240f7640e4b6c4b33937dd9b58 hw203 [15/Jun/2015:06:38:30 +0000] 1192.168.0.1 3ebc47240f7640e4b6c4b33937dd9b58 0F1A4E95C42D7A491D8868CD040DD2EB REST.GET.BUCKET - "GET /hw203 HTTP/1.1" 200 - 247 - 33 33 "-" "curl/7.19.0 (x86_64-suse-linux-gnu) libcurl/7.19.0 OpenSSL/0.9.8 zlib/1.2.3 libidn/1.10" - -
3ebc47240f7640e4b6c4b33937dd9b58 hw203 [15/Jun/2015:06:39:14 +0000] 1192.168.0.1 3ebc47240f7640e4b6c4b33937dd9b58 C09CD463EC71251C41B58F389094168B REST.GET.BUCKET - "GET /hw203 HTTP/1.1" 200 - 247 - 21 21 "-" "curl/7.19.0 (x86_64-suse-linux-gnu) libcurl/7.19.0 OpenSSL/0.9.8 zlib/1.2.3 libidn/1.10" – –

The access log of each bucket contains the information listed in the following table:

**Table 1** Bucket logging format
Parameter	Example	Description
BucketOwner	3ebc47240f7640e4b6c4b33937dd9b58	ID of the bucket owner
Bucket	hw203	Bucket name
Time	[15/Jun/2015:06:38:27 +0000]	Request timestamp
RemoteIP	192.168.0.1	Request IP address
Requester	3ebc47240f7640e4b6c4b33937dd9b58	Requester account ID
RequestID	175189E1217733A1F41F4060DF2E7268	Request ID
Operation	REST.GET.BUCKET	Operation
Key	phtoto.gif	Object name
Request-URI	"GET /hw203 HTTP/1.1"	Request URI
HTTPStatus	200	Response code
ErrorCode	NoSuchBucket	Error code
BytesSent	555	Size of the HTTP response, expressed in bytes
ObjectSize	400	Object size
TotalTime	58	Server processing time (millisecond)
Turn-AroundTime	58	Total request time (millisecond)
Referrer	"http://example.com"	Request referrer header
User-Agent	"curl/7.19.0"	Request user-agent header
VersionID	25HXDUX78WEUU367	Version ID contained in a request
STSLogUrn	-	Federated authentication and agency information

Setting Logging for a Bucket

The setting is as follows in XML format:

<BucketLoggingStatus>
  <Agency>agency-name</Agency>
  <LoggingEnabled>
    <TargetBucket>mybucketlogs</TargetBucket>
    <TargetPrefix>mybucket-access_log-/</TargetPrefix>
    <TargetGrants>
      <Grant>
        <Grantee>
          <ID>domainID</ID>
        </Grantee>
        <Permission>READ</Permission>
      </Grant>
    </TargetGrants>
  </LoggingEnabled>
</BucketLoggingStatus>

Last Article: Event notification

Next Article: Monitoring

Did this article solve your problem?

Thank you for your score！Your feedback would help us improve the website.

Products

Compute

Application

Dedicated Cloud

Storage

Management & Deployment

Migration

Network

Enterprise Intelligence

Video

Database

Edge Cloud Services

DevCloud

Security

Cloud Communications

Internet of Things

Solutions

Industry-Specific Solutions

General-Purpose Solutions

Security

DevOps

Enterprise Intelligence

Essential Platform

Big Data

Visual Cognition

Speech and Semantics

Support

Help Center

Customer Services

Developers

Console

语言 - Language

中国站 - 简体中文

中国站 - English

International - 简体中文

International - English

Help Center

Bucket Log Management

Format of Generated Logs

Setting Logging for a Bucket