Introduction
When server access logging is enabled for a bucket, the system will write a timestamped access log file to a bucket specified in the configuration every 10 minutes. See Amazon Documentation for details about the log content.
Limitations
Log files are only created if the bucket has been accessed within the past 10 minutes.
The logging destination bucket must be in the same S3 region and must have the same owner as the source bucket.
S3 Object lock cannot be enabled on the log destination bucket.
Bucket Naming Rules apply to the log destination bucket
Configure the logging destination bucket
- Log into Cloud Object Storage
- Navigate to the Buckets & Objects tab, then click + Add New Bucket
- Give the new bucket an appropriate Bucket Name, select the same Region that hosts the bucket you wish to enable logging on, and leave the Storage Policy as the default
- With the bucket created, access the Properties of the newly created bucket and navigate to the Bucket Canned ACL tab
- In the Set Canned ACL drop-down, select Log Delivery Write and Save the configuration
- Review the Bucket Permissions tab. Ensure that the Log Delivery grantee has both Writable and ACP Readable permissions
Configure the source bucket
Return to Buckets & Objects and access the Properties of the bucket on which you wish to enable
Navigate to the Logging tab and toggle Enable Logging
Enter the name of the Destination Bucket that was created earlier.
Optionally, enter a Target Prefix. This is a text string that will be added to the beginning of the log filename. If multiple buckets are enabled for logging, we recommend setting a target prefix as the source bucket name
Save the configuration