Object Storage Service (OSS) generates access logs to record access to resources stored in OSS buckets. After you enable and configure logging for a bucket, OSS generates access logs every hour based on predefined naming rules and then stores the logs in a specific bucket.
Usage notes
In this topic, the public endpoint of the China (Hangzhou) region is used. If you want to access OSS from other Alibaba Cloud services in the same region as OSS, use an internal endpoint. For more information about OSS regions and endpoints, see Regions, endpoints and open ports.
In this topic, access credentials are obtained from environment variables. For more information about how to configure access credentials, see Configure access credentials.
In this topic, an OSSClient instance is created by using an OSS endpoint. If you want to create an OSSClient instance by using custom domain names or Security Token Service (STS), see Initialization.
To enable logging, you must have the oss:PutBucketLogging
permission. To query logging configurations, you must have the oss:GetBucketLogging
permission. To disable logging, you must have the oss:DeleteBucketLogging
permission. For more information, see Common examples of RAM policies.
Enable logging for a bucket
The following sample code provides an example on how to enable logging for a bucket:
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider
from oss2.models import BucketLogging
auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
endpoint = "https://oss-cn-hangzhou.aliyuncs.com"
region = "cn-hangzhou"
bucket = oss2.Bucket(auth, endpoint, "examplebucket", region=region)
logging = bucket.put_bucket_logging(BucketLogging(bucket.bucket_name, 'log/'))
if logging.status == 200:
print("Enable access logging")
else:
print("request_id:", logging.request_id)
print("resp : ", logging.resp.response)
Query the logging configurations of a bucket
The following sample code provides an example on how to query the logging configurations of a bucket:
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider
auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
endpoint = "https://oss-cn-hangzhou.aliyuncs.com"
region = "cn-hangzhou"
bucket = oss2.Bucket(auth, endpoint, "examplebucket", region=region)
logging = bucket.get_bucket_logging()
print('TargetBucket={0}, TargetPrefix={1}'.format(logging.target_bucket, logging.target_prefix))
Disable logging for a bucket
The following sample code provides an example on how to disable logging for a bucket:
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider
auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
endpoint = "https://oss-cn-hangzhou.aliyuncs.com"
region = "cn-hangzhou"
bucket = oss2.Bucket(auth, endpoint, "examplebucket", region=region)
logging = bucket.delete_bucket_logging()
if logging.status == 204:
print("Disable access logging")
else:
print("request_id :", logging.request_id)
print("resp : ", logging.resp.response)
References
For the complete sample code that is used to configure logging for a bucket, visit GitHub.
For more information about the API operation that you can call to enable logging for a bucket, see PutBucketLogging.
For more information about the API operation that you can call to query the logging configurations of a bucket, see GetBucketLogging.
For more information about the API operation that you can call to disable logging for a bucket, see DeleteBucketLogging.