When you access Object Storage Service (OSS), large numbers of access logs are generated. After you configure logging for a bucket, OSS generates log objects every hour in accordance with a predefined naming rule and then stores the access logs as objects in the specified bucket. You can run the logging command to enable or disable logging for a bucket, and query the logging configurations of a bucket.
Usage notes
To enable logging for a bucket and store access logs in the bucket, you must have the
oss:PutBucketLoggingpermission. To enable logging for a bucket and store access logs in a different bucket, you must have theoss:PutBucketLoggingandoss:PutObjectpermissions. To query logging configurations, you must have theoss:GetBucketLoggingpermission. To disable logging, you must have theoss:DeleteBucketLoggingpermission. For more information, see Attach a custom policy to a RAM user.This topic provides sample command lines that are based on the 64-bit Linux system. For other systems, replace ./ossutil64 in the commands with the corresponding binary name. For more information, see ossutil command reference.
For more information about logging, see Logging.
Enable logging
If logging is not enabled for the bucket, the following command enables logging for the bucket. If logging is enabled for the bucket, the following command overwrites the existing logging configurations of the bucket.
Command syntax
./ossutil64 logging --method put oss://bucketname oss://targetbucket/[prefix]The following table describes the parameters and options in the command syntax.
Parameter/Option
Description
bucketname
The name of the source bucket for which log objects are generated.
targetbucket
The name of the destination bucket in which log objects are stored.
prefix
The directory in which log objects are stored. If you specify this parameter, the log objects are stored in the specified directory of the destination bucket. If you do not specify this parameter, the log objects are stored in the root directory of the destination bucket.
ImportantThe source bucket for which log objects are generated and the destination bucket where the generated log objects are stored can be the same bucket or different buckets. However, the destination bucket must belong to the same account in the same region as the source bucket.
Examples
Store log objects generated for the srcbucket source bucket in the root directory of the destbucket destination bucket.
./ossutil64 logging --method put oss://srcbucket oss://destbucketStore log objects generated for the srcbucket source bucket in the destdir subdirectory of the root directory of the destbucket destination bucket.
./ossutil64 logging --method put oss://srcbucket oss://destbucket/destdirThe following sample output indicates that logging is enabled for the source bucket:
0.098601(s) elapsed
Query the logging configurations of a bucket
Command syntax
./ossutil64 logging --method get oss://bucketname [local_xml_file]The following table describes the parameters in the syntax.
Parameter
Description
bucketname
The name of the bucket whose the logging configurations you want to query.
local_xml_file
The name of the local file in which you want to store the logging configurations. Example:
localfile.txt. If this parameter is not specified, obtained logging configurations are displayed without being stored in a local file.Examples
Run the following command to query the logging configurations of the examplebucket bucket and write the results to the
localfile.txtfile:./ossutil64 logging --method get oss://examplebucket localfile.txtThe following sample output indicates that the logging configurations are queried:
0.212407(s) elapsedRun the following command to query the logging configurations of the examplebucket bucket and display the results without storing these results in a local file:
./ossutil64 logging --method get oss://examplebucketThe following sample output indicates that the log objects generated for the examplebucket bucket are written to the root directory of the destbucket bucket:
<?xml version="1.0" encoding="UTF-8"?> <BucketLoggingStatus> <LoggingEnabled> <TargetBucket>destbucket</TargetBucket> <TargetPrefix></TargetPrefix> </LoggingEnabled> </BucketLoggingStatus> 0.109979(s) elapsed
Disable logging
Before you disable logging, OSS continuously generates log objects. For storage cost control, we recommend that you delete log objects that are no longer needed based on lifecycle rules. For more information, see Lifecycle rules based on the last modified time.
Command syntax
./ossutil64 logging --method delete oss://bucketnameIn the command syntax, bucketname is the name of the bucket for which you want to disable logging.
Examples
Run the following command to disable logging for the examplebucket bucket:
./ossutil64 logging --method delete oss://examplebucketThe following sample output indicates that logging is disabled for the bucket:
0.212409(s) elapsed
Common options
If you use ossutil to switch to a bucket that is located in another region, add the -e option to the command to specify the endpoint of the region in which the specified bucket is located. If you use ossutil to switch to a bucket that belongs to another Alibaba Cloud account, add the -i option to the command to specify the AccessKey ID of the specified account, and add the -k option to the command to specify the AccessKey secret of the specified account.
For example, you can run the following command to store log objects generated for the testbucket source bucket that is located in the China (Hangzhou) region and owned by another Alibaba Cloud account to the destbucket destination bucket:
./ossutil64 logging --method put oss://testbucket oss://destbucket -e oss-cn-hangzhou.aliyuncs.com -i LTAI4Fw2NbDUCV8zYUzA**** -k 67DLVBkH7EamOjy2W5RVAHUY9H****For more information about other common options that you can use for the sync command, see Common options.