Enable Access Logging for a Bucket

  • Updated on Apr 12, 2025
  • Published on Mar 13, 2023
Prev Next

Introduction

When server access logging is enabled for a bucket, the system will write a timestamped access log file to a bucket specified in the configuration every 10 minutes. See Amazon Documentation for details about the log content.

Limitations

  • Log files are only created if the bucket has been accessed within the past 10 minutes.

  • The logging destination bucket must be in the same S3 region and must have the same owner as the source bucket.

  • S3 Object lock cannot be enabled on the log destination bucket.

  • Bucket Naming Rules apply to the log destination bucket

Configure the logging destination bucket

  1. Log into Cloud Object Storage
  2. Navigate to the Buckets & Objects tab, then click + Add New Bucket
  3. Give the new bucket an appropriate Bucket Name, select the same Region that hosts the bucket you wish to enable logging on, and leave the Storage Policy as the default
  4. With the bucket created, access the Properties of the newly created bucket and navigate to the Bucket Canned ACL tab
  5. In the Set Canned ACL drop-down, select Log Delivery Write and Save the configuration
  6. Review the Bucket Permissions tab. Ensure that the Log Delivery grantee has both Writable and ACP Readable permissions

Configure the source bucket

  1. Return to Buckets & Objects and access the Properties of the bucket on which you wish to enable

  2. Navigate to the Logging tab and toggle Enable Logging

  3. Enter the name of the Destination Bucket that was created earlier.

    1. Optionally, enter a Target Prefix. This is a text string that will be added to the beginning of the log filename. If multiple buckets are enabled for logging, we recommend setting a target prefix as the source bucket name

  4. Save the configuration