Help Center> Object Storage Service> User Guide (Kuala Lumpur Region)> OBS Console Operation Guide> Logging> Configuring Access Logging for a Bucket
Updated on 2022-08-16 GMT+08:00
View PDF

Configuring Access Logging for a Bucket

After logging is enabled for a bucket, OBS automatically converts bucket logs into objects following the naming rules and writes the objects into a target bucket.

Procedure

  1. In the bucket list, click the bucket you want to operate. The Overview page of the bucket is displayed.
  2. In the right Basic Configurations area, click Logging. The Logging dialog box is displayed.
  3. Select Enable.
  4. Select an existing bucket where you want to store log files.
  5. Enter a prefix for the Log File Name Prefix.

    After logging is enabled, generated logs are named in the following format:

    <Log File Name Prefix>YYYY-mm-DD-HH-MM-SS-<UniqueString>

    • <Log File Name Prefix> is the shared prefix of log file names.
    • YYYY-mm-DD-HH-MM-SS indicates when the log is generated.
    • <UniqueString> indicates a character string generated by OBS.

    On OBS Console, if the configured <Log File Name Prefix> ends with a slash (/), logs generated in the bucket are stored in the <Log File Name Prefix> folder in the bucket, facilitating the management of log files.

    Example:

    • If the bucket named bucket is used to save log files, and the log file name prefix is set to bucket-log/, all log files delivered to this bucket are saved in the bucket-log folder. A log file is named as follows: 2015-06-29-12-22-07-N7MXLAF1BDG7MPDV.
    • If the bucket named bucket is used to save log files, and the log file name prefix is set to bucket-log, all log files are saved in the root directory of the bucket. A log file is named as follows: bucket-log2015-06-29-12-22-07-N7MXLAF1BDG7MPDV.

  6. Select an IAM agency to grant OBS the permission to upload log files to the specified bucket.

    By default, when configuring permissions for an agency, you only need to grant the agency the permission to upload log files (PutObject) to the bucket for storing log files. In the following example, mybucketlogs is the bucket. If default encryption is enabled for the log storage bucket, the IAM agency also requires the KMS Administrator permissions in the region where the log storage bucket resides.

    {
    "Version": "1.1",
    "Statement": [
        {
            "Action": [
                "obs:object:PutObject"
            ],
            "Resource": [
                "OBS:*:*:object:mybucketlogs/*"
            ],
            "Effect": "Allow"
        }
    ]
}

    You can choose an existing IAM agency from the drop-down list or click Create Agency to create one. For details about how to create an agency, see Creating an IAM Agency.

  7. Click OK.

    After logging is configured, you can view operation logs in the bucket that stores the logs in approximately fifteen minutes.

Related Operations

If you do not need to record logs, click Disable in the Logging dialog box and then click OK. After logging is disabled, logs are not recorded, but existing logs in the target bucket will be retained.

Parent topic: Logging