All Products
Document Center

Object Storage Service:Monitoring and auditing

Last Updated:Jun 03, 2024

Object Storage Service (OSS) provides logging and real-time log query and supports bucket-level log analysis and audits to address your monitoring and auditing needs for enterprise data.


CloudMonitor allows you to monitor OSS metrics, such as the resource status, performance, and usage, and configure custom alerts rules. These metrics and alert rules help you track requests, analyze resource usage, obtain business insights, and identify and troubleshoot problems at the earliest opportunity. For more information, see Overview.

Configuration auditing

Cloud Config is a resource auditing service that allows you to track configuration changes of your resources and evaluate configuration compliance. For example, Cloud Config can monitor noncompliant OSS configurations and notify you of noncompliant configurations. You can manually correct noncompliant configurations or have them automatically corrected by using Function Compute. Cloud Config can help you evaluate a large number of resources and maintain the continuous compliance of your cloud infrastructure. For more information, see What is Cloud Config?

Sensitive data detection and auditing

Data stored in OSS may include sensitive information such as personal data, passwords, keys, and sensitive images. You can combine OSS with Sensitive Data Discovery and Protection (SDDP) to better identify, classify, and protect sensitive data. After you authorize SDDP to scan your OSS buckets, SDDP identifies sensitive data in your OSS buckets, classifies and displays sensitive data by risk level, and tracks the use of sensitive data. In addition, SDDP protects and audits sensitive data based on built-in security rules, so that you can query the security status of your data assets in OSS buckets at any time. For more information, see Sensitive data protection.

Real-time log query

OSS supports real-time log query based on Simple Log Service. In the OSS console, you can query and analyze access logs to audit operations, collect access statistics, track exceptions, and troubleshoot problems. Real-time log query helps you improve efficiency and make informed decisions. For more information, see Real-time log query.


OSS generates a large number of access logs to record access requests. After you enable and configure logging for a bucket, OSS generates log objects every hour in accordance with a predefined naming rule and then stores the access logs as objects in the specified bucket. You can use Simple Log Service or build a Spark cluster to analyze logs. For more information, see Logging.


Alibaba Cloud ActionTrail provides the Inner-ActionTrail feature. This feature allows you to transfer the operation logs of Alibaba Cloud services from ActionTrail to Simple Log Service in near real time for analysis and auditing. You can configure ActionTrail to record and store the operations logs of OSS and transfer these logs to Simple Log Service for analysis and auditing. This way, you can efficiently implement log query and analysis, reporting, alerting, and downstream computing, and delivery capabilities. For more information, see Inner-ActionTrail overview.