OSS provides automatic saving of server access logs. A bucket owner can log on to OSS console to enable the server access logging feature for all the owner’s buckets.
When access logging is activated for a bucket (Source Bucket), the OSS generates an object containing all access request logs of that bucket (by hour) and write the object into the user-designated bucket (Target Bucket) according to fixed naming rules.
Object naming rules for access logging
<TargetPrefix><SourceBucket>YYYY-mm-DD-HH-MM-SS-UniqueStringIn the naming rules, the TargetPrefix is specified by the user; YYYY, mm, DD, HH, MM, and SS give the year, month, day, hour, minutes, and seconds of the creation time in Arabic numerals (note the digits); and UniqueString is the string generated by the OSS system. An example for the name of an object actually used to store OSS access logs is given as follows:
MyLog-oss-example2012-09-10-04-00-00-0000In the preceding example, "MyLog-" is the Object prefix specified by the user; "oss-example" is the name of the origin bucket; "2012-09-10-04-00-00" is the Object creation time (Beijing time); and "0000" is the string generated by the OSS system.
Log file format
(Separated by spaces from left to right):
| Name | Example | Description |
|---|---|---|
| Remote IP | 119.140.142.11 | IP address from which the request is initiated (the proxy or user firewall may block this field) |
| Reserved | - | Reserved field |
| Reserved | - | Reserved field |
| Time | [02/May/2012:00:00:04 +0800] | Time when the OSS receives the request |
| Request-URI | GET /aliyun-logo.png HTTP/1.1 | User-Requested URI (including query-string) |
| HTTP Status | 200 | HTTP status code returned by the OSS |
| SentBytes | 5576 | Traffic that the user downloads from the OSS |
| RequestTime (ms) | 71. | Time spent in completing this request (in ms) |
| Referer | http://www.aliyun.com/product/oss |
Requested TTP Referer |
| User-Agent | curl/7.15.5 | HTTP User-Agent header |
| HostName | oss-example.oss-cn-hangzhou.aliyuncs.com | Domain name for access request |
| Request ID | 505B01695037C2AF032593A4 | UUID used to uniquely identify this request |
| LoggingFlag | true | Whether the access logging function is enabled |
| Requester Aliyun ID | 1657136103983691 | Alibaba Cloud ID of the requester, "-" for anonymous access |
| Operation | GetObject | Request type |
| Bucket | oss-example | Name of the bucket requested for access |
| Key | /aliyun-logo.png | User-Requested Key |
| ObjectSize | 5576 | Object size |
| Server Cost Time (ms) | 17 | Time taken by the OSS server to process this request (in ms) |
| Error Code | NoSuchBucket | Error code returned by the OSS |
| Request Length | 302 | Length of user request (byte) |
| UserID | 1657136103983691 | ID of the bucket owner |
| Delta DataSize | 280 | Bucket size variation, "-" for no change |
| Sync Request | - | Whether this is a origin retrieval request from CND, "-" for no |
| Reserved | - | Reserved Field |
Detail analysis
- The source bucket and target bucket must belong to the same data center of the same user.
- TargetPrefix indicates the name prefix of the object used for storing access logs. The field can be left blank.
- The source bucket and target bucket can be the same or different buckets (but must be both in the same region). You can save logs from multiple source buckets to the same target bucket (in this case, we recommend that you assign different values to TargetPrefix).
- The OSS generates a bucket access log file every hour. However, all requests in the hour may not be recorded in the log file, but may be recorded in the previous or next log file.
- In the naming rules for log files generated by the OSS, "UniqueString" is only a UUID that the OSS generates for an object to uniquely identify the file.
- Each time the OSS generates a bucket access log file, this is considered a PUT operation and the occupied space is recorded, but the generated traffic is not recorded. After log files are generated, you can operate these log files as common objects.
-
The OSS ignores all query-string parameters prefixed by "x-" but such query-string parameters are recorded in access logs. If you want to mark a special request from massive access logs, you can add a query-string parameter prefixed by "x-" to the URL. For example:
http://oss-example.oss-cn-hangzhou.aliyuncs.com/aliyun-logo.pnghttp://oss-example.oss-cn-hangzhou.aliyuncs.com/aliyun-logo.png?x-user=adminWhen the OSS processes the preceding two requests, the results are the same. However, you can search access logs with "x-user=admin" to quickly locate the marked request.
- You may see "-" in any field of OSS logs. It indicates that data is unknown or the field is invalid for the current request.
- Certain fields are added to the end of OSS log files in the future based on the requirements. We recommend that developers take compatibility issues into consideration when developing log processing tools.
Reference
- Console: Set access logging
- API: PutBucketLogging, DeleteBucketLogging, GetBucketLogging