Configuring Access Logging for a Bucket
After logging is enabled for a bucket, OBS automatically converts bucket logs into objects following the naming rules and writes the objects into a target bucket.
Procedure
- In the bucket list, click the bucket to be operated. The Overview page of the bucket is displayed.
- In the right Basic Configurations area, click Logging. The Logging dialog box is displayed.
- Select Enable.
- Select an existing bucket where you want to store log files.
- Enter a prefix for the Log File Name Prefix.
After logging is enabled, generated logs are named in the following format:
<Log File Name Prefix>YYYY-mm-DD-HH-MM-SS-<UniqueString>
- <Log File Name Prefix> is the shared prefix of log file names.
- YYYY-mm-DD-HH-MM-SS indicates the date and time when the log is generated.
- <UniqueString> indicates a character string generated by OBS.
On OBS Console, if configured <TargetPrefix> ends with a slash (/), logs generated in the bucket are stored on OBS Console; if configured <Log File Name Prefix> ends with a slash (/), logs generated in the bucket are stored in the <Log File Name Prefix> folder in the bucket, facilitating the management of log files.
Example:
- If the bucket named bucket is selected to save log files, and the log file name prefix is set to bucket-log/, all log files delivered to the bucket are saved in the bucket-log folder. A log file is named as follows: 2015-06-29-12-22-07-N7MXLAF1BDG7MPDV.
- If the bucket named bucket is selected to save log files, and the log file name prefix is set to bucket-log, then no folder is created for log files delivered to the bucket. A log file is named as follows: bucket-log2015-06-29-12-22-07-N7MXLAF1BDG7MPDV.
- Select an IAM agency to grant OBS the permission to upload log files to the specified bucket.
By default, when configuring permissions for an agency, you only need to grant the agency the permission to upload log files (PutObject) to the bucket where log files are stored. In the following example, mybucketlogs is the name of the bucket for storing log files. If the default encryption function is enabled for the log storing bucket, the IAM agency also requires the KMS Administrator permissions in the region where the log storing bucket resides.
{ "Version": "1.1", "Statement": [ { "Action": [ "obs:object:PutObject" ], "Resource": [ "OBS:*:*:object:mybucketlogs/*" ], "Effect": "Allow" } ] }
You can select an existing IAM agency from the drop-down list or click Create to create an IAM agency. For details about how to create an agency, see Creating an IAM Agency.
- Click OK.
After logging is configured, you can view operation logs in the bucket that stores the logs in approximately fifteen minutes.
Follow-up Procedure
If you do not need to record logs, click Disable in the Logging dialog box and then click OK. After logging is disabled, logs are not recorded, but existing logs in the target bucket will be retained.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot