All Products
Search
Document Center

Object Storage Service:PutBucketLogging

Last Updated:Sep 24, 2025

Call the PutBucketLogging operation to enable the log storage feature for a bucket. This feature generates Object Storage Service (OSS) access logs every hour. The log files follow a fixed naming convention and are written to a specified bucket.

Usage notes

  • To call the PutBucketLogging operation to enable the log storage feature for a bucket, you must have the oss:PutBucketLogging permission. For more information, see Grant custom access policies to RAM users.

  • The source bucket and the destination bucket can be the same or different. They must be in the same region and belong to the same Alibaba Cloud account.

  • Log files are generated hourly. However, a log file for a specific hour might not contain all requests from that hour. Some requests might appear in the log file for the previous or next hour.

    For more information about the naming conventions and format of log files, see Log storage.

  • OSS continuously generates log files until you disable the log storage feature. Delete log files that you no longer need to reduce storage costs.

    You can use lifecycle rules to periodically delete log files. For more information, see Lifecycle rules based on last modified time.

  • OSS may add fields to the end of a log file as needed. When you develop log processing tools, consider compatibility.

Permissions

By default, an Alibaba Cloud account has full permissions. RAM users or RAM roles under an Alibaba Cloud account do not have any permissions by default. The Alibaba Cloud account or account administrator must grant operation permissions through RAM Policy or Bucket Policy.

API

Action

Definition

PutBucketLogging

oss:PutBucketLogging

Enables logging for a bucket.

oss:PutObject

When enabling logging for a bucket, if the logs are written to another bucket, this permission is required for the destination bucket.

Request syntax

PUT /?logging HTTP/1.1 Date: GMT Date Content-Length: ContentLength Content-Type: application/xml Authorization: SignatureValue Host: Host <?xml version="1.0" encoding="UTF-8"?> <BucketLoggingStatus> <LoggingEnabled> <TargetBucket>TargetBucket</TargetBucket> <TargetPrefix>TargetPrefix</TargetPrefix> </LoggingEnabled> </BucketLoggingStatus>

Request headers

All headers in a DescribeRegions request are common request headers. For more information, see Common request headers.

Request elements

Name

Type

Required

Example

Description

BucketLoggingStatus

Container

Yes

N/A

A container for the status information of access logs.

Child element: LoggingEnabled

Parent element: None

LoggingEnabled

Container

Yes, if you enable log storage.

N/A

A container for access log information.

Child elements: TargetBucket, TargetPrefix, and LoggingRole

Parent element: BucketLoggingStatus

TargetBucket

String

Yes, if you enable log storage.

examplebucket

The bucket where access logs are stored.

Child element: None

Parent element: BucketLoggingStatus.LoggingEnabled

TargetPrefix

String

No

MyLog-

The prefix for the names of log files. This can be empty.

Child element: None

Parent element: BucketLoggingStatus.LoggingEnabled

LoggingRole

String

No

AliyunOSSLoggingDefaultRole

The role that is authorized for log storage.

Child element: None

Parent element: BucketLoggingStatus.LoggingEnabled

Response headers

All headers in the response to a DescribeRegions request are common response headers. For more information, see Common response headers.

Examples

Bucket example

  • Sample request to enable log storage for a bucket

    PUT /?logging HTTP/1.1 Host: oss-example.oss-cn-hangzhou.aliyuncs.com Content-Length: 186 Date: Thu, 17 Apr 2025 03:21:12 GMT Authorization: OSS4-HMAC-SHA256 Credential=LTAI********************/20250417/cn-hangzhou/oss/aliyun_v4_request,AdditionalHeaders=content-length,Signature=a7c3554c729d71929e0b84489addee6b2e8d5cb48595adfc51868c299c0c218e <?xml version="1.0" encoding="UTF-8"?> <BucketLoggingStatus> <LoggingEnabled> <TargetBucket>examplebucket</TargetBucket> <TargetPrefix>MyLog-</TargetPrefix> <LoggingRole>AliyunOSSLoggingDefaultRole</LoggingRole> </LoggingEnabled> </BucketLoggingStatus>

    Sample response

    HTTP/1.1 200 OK x-oss-request-id: 534B371674E888648906008B Date: Fri, 04 May 2012 03:21:12 GMT Content-Length: 0 Connection: keep-alive Server: AliyunOSS

  • Sample request to disable log storage for a bucket

    To disable the log storage feature for a bucket, send an empty BucketLoggingStatus. The following is an example:

    PUT /?logging HTTP/1.1 Host: oss-example.oss-cn-hangzhou.aliyuncs.com Content-Type: application/xml Content-Length: 86 Date: Thu, 17 Apr 2025 04:21:12 GMT Authorization: OSS4-HMAC-SHA256 Credential=LTAI********************/20250417/cn-hangzhou/oss/aliyun_v4_request,AdditionalHeaders=content-length,Signature=a7c3554c729d71929e0b84489addee6b2e8d5cb48595adfc51868c299c0c218e <?xml version="1.0" encoding="UTF-8"?> <BucketLoggingStatus> </BucketLoggingStatus>

    Sample response

    HTTP/1.1 200 OK x-oss-request-id: 534B371674125A4D8906008B Date: Fri, 04 May 2012 04:21:12 GMT Content-Length: 0 Connection: keep-alive Server: AliyunOSS

Vector bucket example

The region parameter in the Host of a vector bucket uses a standard Alibaba Cloud region ID, such as cn-hangzhou, instead of a legacy OSS region ID used for general-purpose buckets, such as oss-cn-hangzhou.

Sample request to enable log storage for a bucket

PUT /?logging HTTP/1.1 Host: exampebucket-123***456.cn-hangzhou.oss-vectors.aliyuncs.com Content-Length: 186 Content-Type: application/json Date: Thu, 17 Apr 2025 03:21:12 GMT Authorization: OSS4-HMAC-SHA256 Credential=LTAI********************/20250417/cn-hangzhou/oss/aliyun_v4_request,AdditionalHeaders=content-length,Signature=a7c3554c729d71929e0b84489addee6b2e8d5cb48595adfc51868c299c0c218e { "BucketLoggingStatus": { "LoggingEnabled": { "TargetBucket": "examplebucket", "TargetPrefix": "MyLog-", "LoggingRole": "AliyunOSSLoggingDefaultRole" } } }

Sample response

HTTP/1.1 200 OK x-oss-request-id: 534B371674E888648906008B Date: Fri, 04 May 2012 03:21:12 GMT Content-Length: 0 Connection: keep-alive Server: AliyunOSS

SDK

The following SDKs are available for this operation:

ossutil command line interface

For the ossutil command that corresponds to the PutBucketLogging operation, see put-bucket-logging.

Error codes

Error code

HTTP status code

Description

NoSuchBucket

404

The source bucket does not exist.

InvalidTargetBucketForLogging

400

The source bucket and the destination bucket are not in the same data center.

InvalidDigest

400

If you include the Content-MD5 request header, OSS calculates the Content-MD5 value of the message body and checks for consistency. If the values are inconsistent, this error code is returned.

MalformedXML

400

The XML in the request is malformed.

InvalidTargetBucketForLogging

403

The requester is not the owner of the destination bucket.

AccessDenied

403

The requester is not the owner of the source bucket.