Object Storage Service:logging, logging

Usage notes

• To enable logging for a bucket and store access logs in the bucket, you must have the oss:PutBucketLogging permission. To enable logging for a bucket and store access logs in a different bucket, you must have the oss:PutBucketLogging and oss:PutObject permissions. To query the logging configurations of a bucket, you must have the oss:GetBucketLogging permission. To disable logging for a bucket, you must have the oss:DeleteBucketLogging permission. For more information, see Attach a custom policy to a RAM user.

• For ossutil 1.6.16 and later, you can directly use ossutil as the binary name in the command line. You do not need to update the binary name based on the operating system. For ossutil earlier than 1.6.16, you need to update the binary name based on the operating system. For more information, see ossutil command reference.

• For more information about logging, see Logging.

Enable logging

If logging is not enabled for a bucket, the following command enables logging for the bucket. If logging is enabled for a bucket, the following command overwrites the existing logging configurations of the bucket.

Enable logging or modify logging configurations for a bucket by using the following command.

• Command syntax

  ossutil logging --method put oss://bucketname   oss://targetbucket/[prefix]

  The following table describes the parameters and options in the command syntax.

  Parameter/Option	Description
  bucketname	The name of the source bucket for which log objects are generated.
  targetbucket	The name of the destination bucket in which log objects are stored.
  prefix	The directory in which log objects are stored. If you specify this parameter, the log objects are stored in the specified directory of the destination bucket. If you do not specify this parameter, the log objects are stored in the root directory of the destination bucket.

  Important

  The source bucket for which log objects are generated and the destination bucket in which the generated log objects are stored can be the same bucket or different buckets. However, the destination bucket must be located in the same region as the source bucket and belong to the same Alibaba Cloud account.

• Examples

  Run the following command to store log objects generated for the srcbucket source bucket in the root directory of the destbucket destination bucket:

  ossutil logging --method put oss://srcbucket  oss://destbucket

  Run the following command to store log objects generated for the srcbucket source bucket in the destdir subdirectory of the root directory of the destbucket destination bucket:

  ossutil logging --method put oss://srcbucket  oss://destbucket/destdir

  The following sample output indicates that logging is enabled for the source bucket:

  0.098601(s) elapsed

Query the logging configurations of a bucket

• Command syntax

  ossutil logging --method get oss://bucketname [local_xml_file]

  The following table describes the preceding parameters in the preceding command.

  Parameter	Description
  bucketname	The name of the bucket whose logging configurations you want to query.
  local_xml_file	The name of the local file in which you want to store the logging configurations. Example: localfile.txt. If this parameter is not specified, obtained logging configurations are displayed without being stored in a local file.

• Examples

  • Run the following command to query the logging configurations of the examplebucket bucket and write the logging configurations to the localfile.txt file:

    ossutil logging --method get oss://examplebucket localfile.txt

    The following sample output indicates that the logging configurations are queried:

    0.212407(s) elapsed

  • Run the following command to query the logging configurations of the examplebucket bucket and display the logging configurations without storing these logging configurations in a local file:

    ossutil logging --method get oss://examplebucket

    The following sample output indicates that the log objects generated for the examplebucket bucket are written to the root directory of the destbucket bucket:

    <?xml version="1.0" encoding="UTF-8"?>
      <BucketLoggingStatus>
          <LoggingEnabled>
              <TargetBucket>destbucket</TargetBucket>
              <TargetPrefix></TargetPrefix>
          </LoggingEnabled>
      </BucketLoggingStatus>
    
    
    0.109979(s) elapsed

Disable logging

Before you disable logging, OSS continuously generates log objects. To reduce storage costs, we recommend that you delete log objects that are no longer needed based on lifecycle rules. For more information, see Lifecycle rules based on the last modified time.

• Command syntax

  ossutil logging --method delete oss://bucketname

  In the preceding command syntax, bucketname is the name of the bucket for which you want to disable logging.

• Examples

  Run the following command to disable logging for the examplebucket bucket:

  ossutil logging --method delete oss://examplebucket

  The following sample output indicates that logging is disabled for the bucket:

  0.212409(s) elapsed

Common options

If you use ossutil to switch to a bucket that is located in another region, add the -e option to the command to specify the endpoint of the region in which the specified bucket is located. If you use ossutil to switch to a bucket that belongs to another Alibaba Cloud account, add the -i option to the command to specify the AccessKey ID of the specified account, and add the -k option to the command to specify the AccessKey secret of the specified account.

For example, you can run the following command to store log objects generated for the testbucket bucket that is located in the China (Hangzhou) region and owned by another Alibaba Cloud account to the destbucket bucket:

ossutil logging --method put oss://testbucket  oss://destbucket -e oss-cn-hangzhou.aliyuncs.com -i LTAI4Fw2NbDUCV8zYUzA****  -k 67DLVBkH7EamOjy2W5RVAHUY9H****

For more information about common options, see Common options.