Configuring Access Logging for a Bucket
After logging is enabled for a bucket, OBS automatically converts bucket logs into objects following the naming rules and writes the objects into a target bucket.
Uploading bucket logs to the target bucket incurs billable PUT requests. For details about the pricing, see Requests.
Procedure
- In the navigation pane of OBS Console, choose Object Storage.
- In the bucket list, click the bucket you want to operate to go to the Objects page.
- In the navigation pane, choose Overview.
- In the Basic Configurations area, click Logging. The Logging dialog box is displayed.
- Select Enable. For details, see Figure 1.
- Select an existing bucket where you want to store log files. Log delivery users of the selected bucket will be automatically granted the permissions to read the bucket ACL and write logs to the bucket.
- Enter a prefix for the Log File Name Prefix.
After logging is enabled, generated logs are named in the following format:
<Log File Name Prefix>YYYY-mm-DD-HH-MM-SS-<UniqueString>
- <Log File Name Prefix> is the shared prefix of log file names.
- YYYY-mm-DD-HH-MM-SS indicates when the log is generated.
- <UniqueString> indicates a character string generated by OBS.
On OBS Console, if the configured <Log File Name Prefix> ends with a slash (/), logs generated in the bucket are stored in the <Log File Name Prefix> folder in the bucket, facilitating the management of log files.
Example:
- If the bucket named bucket is used to save log files, and the log file name prefix is set to bucket-log/, all log files delivered to this bucket are saved in the bucket-log folder. A log file is named as follows: 2015-06-29-12-22-07-N7MXLAF1BDG7MPDV.
- If the bucket named bucket is used to save log files, and the log file name prefix is set to bucket-log, all log files are saved in the root directory of the bucket. A log file is named as follows: bucket-log2015-06-29-12-22-07-N7MXLAF1BDG7MPDV.
- Select an IAM agency to grant OBS the permission to upload log files to the specified bucket.
By default, when configuring permissions for an agency, you only need to grant the agency the permission to upload log files (PutObject) to the bucket for storing log files. In the following example, mybucketlogs is the bucket. If the log storage bucket has server-side encryption enabled, the agency also requires the KMS Administrator permission for the region where the bucket is located.
{ "Version": "1.1", "Statement": [ { "Action": [ "obs:object:PutObject" ], "Resource": [ "OBS:*:*:object:mybucketlogs/*" ], "Effect": "Allow" } ] }
You can choose an existing IAM agency from the drop-down list or click Create Agency to create one. For details about how to create an agency, see Creating an Agency.
- Click OK.
After logging is configured, you can view operation logs in the bucket that stores the logs in approximately fifteen minutes.
Related Operations
If you do not need to record logs, in the Logging dialog box, select Disable and then click OK. After logging is disabled, logs are not recorded, but existing logs in the target bucket will be retained.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.