When you access OSS, a large number of access logs are generated. After you enable the logging feature for a bucket, OSS automatically generates an object by hour based on the predefined naming rules to store access logs for the bucket and writes the object to the specified bucket. You can use Alibaba Cloud Data Lake Analytics or build a Spark cluster to analyze access logs. You can also set lifecycle management rules for the bucket that stores access logs to convert the storage class of log objects to Archive for long-term archiving.
- Enable the logging feature: PutBucketLogging
- Disable the logging feature: DeleteBucketLogging
- View the logging configuration: GetBucketLogging
Operating methods
| Operating method | Description |
|---|---|
| Console | Web application, which is intuitive and easy to use |
| Java SDK | SDK demos in various languages |
| Python SDK | |
| PHP SDK | |
| Go SDK | |
| C SDK | |
| .NET SDK | |
| Node.js SDK | |
| Ruby SDK |
Naming rules for objects that store access logs
<TargetPrefix><SourceBucket>YYYY-mm-DD-HH-MM-SS-UniqueString TargetPrefix: the name prefix of the object that stores access logs. This field is user-defined and can be left empty.YYYY-mm-DD-HH-MM-SS: the year, month, day, hour, minute, and second when the object was created. (Note the number of digits.)UniqueString: the string (UUID) generated by OSS, which is used to uniquely identify the object.
MyLog-oss-example2017-09-10-04-00-00-0000MyLog-indicates the object prefix specified by the user.oss-exampleindicates the name of the source bucket.2017-09-10-04-00-00indicates the time the object was created.0000indicates the string generated by OSS to uniquely identify the object.
Log object format
The following table describes the fields that comprise a log object. In such an object, these fields are combined in order from left to right and are separated by spaces.
| Name | Example | Description |
|---|---|---|
| Remote IP | 119.xxx.xx.11 | The IP address from which the request is initiated. (The proxy or user firewall may block this field.) |
| Reserved | None | The reserved field. |
| Reserved | None | The reserved field. |
| Time | [02/May/2012:00:00:04 +0800] | The time OSS receives the request. |
| Request-URI | "GET /aliyun-logo.png HTTP/1.1" | The URI of the user request, including query-string. |
| HTTP Status | 200 | The HTTP status code returned by OSS. |
| SentBytes | 5576 | The amount of traffic downloaded by the user from OSS. |
| RequestTime (ms) | 71 | The duration used to complete the request, in milliseconds. |
| Referer | http://www.aliyun.com/product/oss |
The HTTP referer of the request. |
| User-Agent | curl/7.15.5 | The User-Agent field in the HTTP header. |
| HostName | oss-example.oss-cn-hangzhou.aliyuncs.com | The domain to be accessed. |
| Request ID | 505B016950xxxxxx032593A4 | The UUID used to uniquely identify the request. |
| LoggingFlag | true | Indicates whether the access logging feature is enabled. |
| Requester Aliyun ID | 16571xxxxxx83691 | The RAM user ID, which is a hyphen (-) for anonymous access. |
| Operation | GetObject | The request type. |
| Bucket | oss-example | The name of the bucket to be accessed. |
| Key | /aliyun-logo.png | The name (key) of the object that the user requests. |
| ObjectSize | 5576 | The object size. |
| Server Cost Time (ms) | 17 | The duration for the OSS server to process this request, in milliseconds. |
| Error Code | NoSuchBucket | The error code returned by OSS. |
| Request Length | 302 | The length of the user request, in bytes. |
| UserID | 16571xxxxxx83691 | The ID of the bucket owner. |
| Delta DataSize | 280 | The bucket size variation, which is a hyphen (-) if the bucket size does not change. |
| Sync Request | None | Indicates whether the request is a CDN back-to-origin request. The value is a hyphen (-) if the request is not a back-to-origin request. |
| Reserved | None | The reserved field. |
Detail analysis
- The source bucket and destination bucket can be the same bucket, or different buckets that are owned by the same Alibaba Cloud account and in the same region. You can also store the access logs of multiple source buckets in the same destination bucket. In this case, we recommend that you specify different TargetPrefix values for the log objects of different source buckets.
- OSS generates an object that stores bucket access logs on an hourly basis. However, requests in the last hour may be recorded in the object generated for the last hour or the next hour.
- Each time OSS generates an object that stores bucket access logs, it performs a PUT operation and records the storage space that the operation occupies. However, OSS does not record the traffic generated by the PUT operation. After a log object is generated, you can perform operations on it as a common object.
-
OSS ignores all query-string parameters whose values are prefixed with
x-. However, these parameters are recorded in access logs. To easily identify a special request from a large number of access logs, you can add a query-string parameter whose value is prefixed withx-to the URL of the request. Example:http://oss-example.oss-cn-hangzhou.aliyuncs.com/aliyun-logo.pnghttp://oss-example.oss-cn-hangzhou.aliyuncs.com/aliyun-logo.png?x-user=adminOSS returns the same result for the preceding two requests. However, you can search for access logs that contain
x-user=adminto easily locate the marked request. - A hyphen (
-) may appear in any field in OSS logs. It indicates that data is unknown or the field is invalid for the current request. - More fields will be added to the end of OSS logs in the future as needed. We recommend that developers consider potential compatibility issues when developing log processing tools.