Object Storage Service (OSS) on CloudBox generates access logs to record access to resources stored in OSS on CloudBox buckets. After you enable logging for an OSS on CloudBox bucket, OSS generates access logs every hour based on predefined naming rules and then stores the logs in a specific OSS on CloudBox bucket. You can use Simple Log Service or build a Spark cluster to analyze the logs.
Prerequisites
OSS on CloudBox is supported only in the China (Hangzhou), China (Shanghai), China (Shenzhen), China (Heyuan), China (Beijing), and China (Chengdu) regions.
A cloud box is purchased. For more information, see Purchase a cloud box.
A Virtual Private Cloud (VPC) and a vSwitch are created in the OSS on CloudBox. For more information, see Create a VPC and a vSwitch.
A VPC internal network is set up, and a single tunnel is configured to provide secure connection. To apply for this feature, please contact technical support.
Precautions
If the source bucket that generates logs has a region attribute, the target bucket for log storage can be the same as or different from the source bucket. However, the target bucket must be in the same region and belong to the same account.
When you configure log storage for a source bucket, the log push operation itself generates new logs. If the source and target buckets are the same, the log storage feature records and pushes these new logs. This causes a logging loop. To prevent this, configure different source and target buckets.
Log files are expected to be generated within 48 hours. A log file for a specific time period may not record all requests from that period. Some requests may appear in the log file of the previous or next time period. Therefore, the log records for a specific time period are not guaranteed to be complete or timely.
OSS generates log files every hour until you disable the log storage feature. To reduce your storage costs, promptly clear log files that are no longer needed.
You can use a lifecycle rule to periodically delete log files. For more information, see Lifecycle rules based on the last modified time.
To maintain OSS-HDFS availability and prevent data contamination, do not set Log Prefix to .dlsdata/ when you configure logging for a bucket for which OSS-HDFS is enabled.
OSS may add fields to the end of logs as needed. You must consider compatibility issues when you develop log processing tools. Effective September 17, 2025, the Bucket ARN field will be added to the log content.
Log file naming convention
The naming convention for stored log files is as follows:
<TargetPrefix><SourceBucket>YYYY-mm-DD-HH-MM-SS-UniqueString
Field | Description |
TargetPrefix | The prefix of the log file name. |
SourceBucket | The name of the source bucket that generates access logs. |
YYYY-mm-DD-HH-MM-SS | The time partition of the log. From left to right, they represent year, month, day, hour, minute, and second. The stored logs are organized by hour. For example, if HH is 01, the log file contains log information from 01:00:00 to 01:59:59. MM and SS are both pushed as 00. |
UniqueString | A system-generated string that uniquely identifies the log file. |
Procedure
Use the OSS console
Log on to the OSS console.
In the left-side navigation pane, choose .
On the OSS on CloudBox Buckets page, click the OSS on CloudBox bucket for which you want to enable logging.
- In the left-side navigation pane, choose .
On the Logging tab, turn on Logging and specify Log Storage Bucket and Log Prefix.
Log Storage Bucket: Select an OSS on CloudBox bucket from the drop-down list. You can select only a destination OSS on CloudBox bucket that is located in the same region as the OSS on CloudBox bucket for which logging is enabled within the same Alibaba Cloud account.
Log Prefix: Enter the directory in which logs are stored. If you specify this parameter, the logs are stored in the specified directory of the destination OSS on CloudBox bucket. If you do not specify this parameter, the logs are stored in the root directory of the destination OSS on CloudBox bucket. For example, if you enter log/ in the Log Prefix field, the logs are stored in the log/ directory.
- Click Save.
Use OSS SDKs
You can enable logging only by using OSS SDK for Java. The version of OSS SDK for Java must be 3.15.0 or later.
import com.aliyun.oss.ClientException;
import com.aliyun.oss.OSS;
import com.aliyun.oss.OSSClientBuilder;
import com.aliyun.oss.OSSException;
import com.aliyun.oss.model.SetBucketLoggingRequest;
import com.aliyun.oss.common.auth.DefaultCredentialProvider;
import com.aliyun.oss.common.comm.SignVersion;
import com.aliyun.oss.ClientBuilderConfiguration;
import com.aliyun.oss.common.auth.CredentialsProviderFactory;
import com.aliyun.oss.common.auth.EnvironmentVariableCredentialsProvider;
public class Demo {
public static void main(String[] args) throws Exception {
// Specify the data endpoint of the OSS on CloudBox bucket.
String endpoint = "https://cb-f8z7yvzgwfkl9q0h****.cn-hangzhou.oss-cloudbox.aliyuncs.com";
// Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured.
EnvironmentVariableCredentialsProvider credentialsProvider = CredentialsProviderFactory.newEnvironmentVariableCredentialsProvider();
// Specify the name of the OSS on CloudBox bucket for which you want to enable logging. Example: examplebucket.
String bucketName = "examplebucket";
// Specify the name of the OSS on CloudBox bucket that stores logs. The source and destination OSS on CloudBox buckets can be the same OSS on CloudBox bucket or different OSS on CloudBox buckets.
String targetBucketName = "destbucket";
// Set the directory in which you want to store the log objects to log/. If you specify this parameter, the logs are stored in the specified directory of the destination OSS on CloudBox bucket. If you do not specify this parameter, the logs are stored in the root directory of the destination OSS on CloudBox bucket.
String targetPrefix = "log/";
// Specify the region in which the OSS on CloudBox bucket is located.
String region = "cn-hangzhou";
// Specify the ID of the cloud box.
String cloudBoxId = "cb-f8z7yvzgwfkl9q0h****";
// Create an OSSClient instance.
// Call the shutdown method to release resources when the OSSClient is no longer in use.
ClientBuilderConfiguration conf = new ClientBuilderConfiguration();
conf.setSignatureVersion(SignVersion.V4);
OSS ossClient = OSSClientBuilder.create()
.endpoint(endpoint)
.credentialsProvider(new DefaultCredentialProvider(credentialsProvider.getCredentials()))
.clientConfiguration(conf)
.region(region)
.cloudBoxId(cloudBoxId)
.build();
try {
SetBucketLoggingRequest request = new SetBucketLoggingRequest(bucketName);
request.setTargetBucket(targetBucketName);
request.setTargetPrefix(targetPrefix);
ossClient.setBucketLogging(request);
} catch (OSSException oe) {
System.out.println("Caught an OSSException, which means your request made it to OSS, "
+ "but was rejected with an error response for some reason.");
System.out.println("Error Message:" + oe.getErrorMessage());
System.out.println("Error Code:" + oe.getErrorCode());
System.out.println("Request ID:" + oe.getRequestId());
System.out.println("Host ID:" + oe.getHostId());
} catch (ClientException ce) {
System.out.println("Caught an ClientException, which means the client encountered "
+ "a serious internal problem while trying to communicate with OSS, "
+ "such as not being able to access the network.");
System.out.println("Error Message:" + ce.getMessage());
} finally {
if (ossClient != null) {
ossClient.shutdown();
}
}
}
}
Use ossutil
You can use ossutil to enable logging for an OSS on CloudBox bucket. For more information, see put-bucket-logging.
Use the OSS API
If your business requires a high level of customization, you can directly call RESTful APIs. To directly call an API, you must include the signature calculation in your code. For more information, see PutBucketLogging.