Accessing Object Storage Service (OSS) generates numerous access logs. The log storage feature lets you save these logs as hourly log files to a specified bucket. These log files follow a fixed naming convention. You can analyze the stored logs using Alibaba Cloud Simple Log Service or by building a Spark cluster.
Notes
If the source bucket has a region attribute, the target bucket can be the same as or different from the source bucket. However, both buckets must belong to the same account and be in the same region.
When you enable log storage for a source bucket, the log push operation itself generates new logs. If the source bucket and the target bucket are the same, these new logs are recorded and pushed again, which creates a logging loop. We recommend that you use different buckets for the source and target.
Log files are expected to be generated within 48 hours. A log file for a specific time period may not record all requests from that period. Some requests may appear in the log file for the previous or next time period. Therefore, the completeness and timeliness of log records for a specific time period cannot be guaranteed.
OSS generates a log file every hour until you disable the log storage feature. To reduce your storage costs, delete log files that you no longer need.
You can use a lifecycle rule to periodically delete log files. For more information, see Lifecycle rules based on the last modified time.
To maintain OSS-HDFS availability and prevent data contamination, do not set Log Prefix to
.dlsdata/when you configure logging for a bucket for which OSS-HDFS is enabled.OSS may add fields to the end of logs as needed. Ensure that your log processing tools are designed for compatibility. Starting from September 17, 2025, the Bucket ARN field will be added to the log content.
Configure log storage
Configure log storage for a bucket
Console
Log on to the OSS console.
In the left-side navigation pane, click Buckets. On the Buckets page, find and click the desired bucket.
In the navigation pane on the left, choose .
On the Log Storage page, turn on Enable Log Storage and configure the following parameters.
Configuration Item
Description
Log Storage Location
By default, logs are stored in the current bucket. If you want to store logs in another bucket, select the name of the bucket from the drop-down list. You can select only a bucket that belongs to the same account and is in the same region.
Log Prefix
The directory where log files are stored. If you specify this parameter, log files are saved to the specified directory in the target bucket. If you do not specify this parameter, log files are saved to the root directory of the target bucket. For example, if you set the log prefix to log/, log files are recorded in the log/ directory.
Authorization Role
Grant OSS permissions to store logs by assuming a default role or a custom role.
Default authorization for log storage (recommended)
If you select this option, the default role
AliyunOSSLoggingDefaultRoleis automatically created and granted the required permissions. This role can be used to authorize log storage for all buckets within your account. When you use the log storage feature for the first time, click One-click Authorization to automatically create the default role and grant the permissions.Custom authorization
To grant permissions only for log storage in a specific bucket, use a custom role. To use a custom role, perform the following steps.
Create a service role. During role creation, set Trusted Entity Type to Alibaba Cloud Service and select Object Storage Service for Trusted Service.
Create a custom policy in edit mode.
Buckets encrypted with KMS
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "kms:List*", "kms:Describe*", "kms:GenerateDataKey", "kms:Decrypt" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "oss:PutObject", "oss:AbortMultipartUpload" ], "Resource": "acs:oss:*:*:examplebucket/*" } ] }Buckets not encrypted with KMS
Buckets not encrypted with KMS include buckets for which server-side encryption is disabled and buckets that are encrypted using OSS-managed keys. For these two cases, configure a custom policy as shown in the following example.
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "oss:PutObject", "oss:AbortMultipartUpload" ], "Resource": "acs:oss:*:*:examplebucket/*" } ] }
Click Save.
ossutil
You can use the ossutil command line interface (CLI) to enable log storage. For information about how to install ossutil, see Install ossutil.
The following command enables log storage for the examplebucket bucket. The log file prefix is MyLog-, and the bucket for storing access logs is dest-bucket.
ossutil vectors-api put-bucket-logging --bucket examplebucket --bucket-logging-status "{\"BucketLoggingStatus\":{\"LoggingEnabled\":{\"TargetBucket\":\"examplebucket\",\"TargetPrefix\":\"MyLog-\",\"LoggingRole\":\"AliyunOSSLoggingDefaultRole\"}}}"For more information about this command, see put-bucket-logging.
SDK
The following code provides examples of how to enable log storage using common software development kits (SDKs). For information about how to enable log storage using other SDKs, see SDKs.
import com.aliyun.oss.*; import com.aliyun.oss.common.auth.*; import com.aliyun.oss.common.comm.SignVersion; import com.aliyun.oss.model.SetBucketLoggingRequest; public class Demo { public static void main(String[] args) throws Exception { // In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. String endpoint = "https://oss-cn-hangzhou.aliyuncs.com"; // Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. EnvironmentVariableCredentialsProvider credentialsProvider = CredentialsProviderFactory.newEnvironmentVariableCredentialsProvider(); // Specify the name of the source bucket for which you want to enable logging. Example: examplebucket. String bucketName = "examplebucket"; // Specify the name of the destination bucket in which you want to store the log objects. The source bucket and the destination bucket can be the same bucket or different buckets. String targetBucketName = "yourTargetBucketName"; // Set the directory in which you want to store the log objects to log/. If you specify this parameter, the log objects are stored in the specified directory of the destination bucket. If you do not specify this parameter, the log objects are stored in the root directory of the destination bucket. String targetPrefix = "log/"; // Specify the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the region to cn-hangzhou. String region = "cn-hangzhou"; // Create an OSSClient instance. // Call the shutdown method to release resources when the OSSClient is no longer in use. ClientBuilderConfiguration clientBuilderConfiguration = new ClientBuilderConfiguration(); clientBuilderConfiguration.setSignatureVersion(SignVersion.V4); OSS ossClient = OSSClientBuilder.create() .endpoint(endpoint) .credentialsProvider(credentialsProvider) .clientConfiguration(clientBuilderConfiguration) .region(region) .build(); try { SetBucketLoggingRequest request = new SetBucketLoggingRequest(bucketName); request.setTargetBucket(targetBucketName); request.setTargetPrefix(targetPrefix); ossClient.setBucketLogging(request); } catch (OSSException oe) { System.out.println("Caught an OSSException, which means your request made it to OSS, " + "but was rejected with an error response for some reason."); System.out.println("Error Message:" + oe.getErrorMessage()); System.out.println("Error Code:" + oe.getErrorCode()); System.out.println("Request ID:" + oe.getRequestId()); System.out.println("Host ID:" + oe.getHostId()); } catch (ClientException ce) { System.out.println("Caught an ClientException, which means the client encountered " + "a serious internal problem while trying to communicate with OSS, " + "such as not being able to access the network."); System.out.println("Error Message:" + ce.getMessage()); } finally { if (ossClient != null) { ossClient.shutdown(); } } } }<?php if (is_file(__DIR__ . '/../autoload.php')) { require_once __DIR__ . '/../autoload.php'; } if (is_file(__DIR__ . '/../vendor/autoload.php')) { require_once __DIR__ . '/../vendor/autoload.php'; } use OSS\Credentials\EnvironmentVariableCredentialsProvider; use OSS\OssClient; use OSS\CoreOssException; // Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. $provider = new EnvironmentVariableCredentialsProvider(); // Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com. $endpoint = "yourEndpoint"; // Specify the name of the source bucket for which you want to enable logging. Example: examplebucket. $bucket= "examplebucket"; $option = array(); // Specify the name of the destination bucket in which the log objects are stored. $targetBucket = "destbucket"; // Specify the directory in which the log objects are stored. If you specify this parameter, the log objects are stored in the specified directory of the destination bucket. If you do not specify this parameter, the log objects are stored in the root directory of the destination bucket. $targetPrefix = "log/"; try { $config = array( "provider" => $provider, "endpoint" => $endpoint, "signatureVersion" => OssClient::OSS_SIGNATURE_VERSION_V4, "region"=> "cn-hangzhou" ); $ossClient = new OssClient($config); // Enable logging for the source bucket. $ossClient->putBucketLogging($bucket, $targetBucket, $targetPrefix, $option); } catch (OssException $e) { printf(__FUNCTION__ . ": FAILED\n"); printf($e->getMessage() . "\n"); return; } print(__FUNCTION__ . ": OK" . "\n"); const OSS = require('ali-oss') const client = new OSS({ // Specify the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the region to oss-cn-hangzhou. region: 'yourregion', // Obtain access credentials from environment variables. Before you run the sample code, make sure that you have configured environment variables OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET. accessKeyId: process.env.OSS_ACCESS_KEY_ID, accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET, authorizationV4: true, // Specify the name of the bucket. bucket: 'yourbucketname' }); async function putBucketLogging () { try { const result = await client.putBucketLogging('bucket-name', 'logs/'); console.log(result) } catch (e) { console.log(e) } } putBucketLogging();# -*- coding: utf-8 -*- import oss2 from oss2.credentials import EnvironmentVariableCredentialsProvider from oss2.models import BucketLogging # Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider()) # Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com. endpoint = "https://oss-cn-hangzhou.aliyuncs.com" # Specify the ID of the region that maps to the endpoint. Example: cn-hangzhou. This parameter is required if you use the signature algorithm V4. region = "cn-hangzhou" # Specify the name of your bucket. bucket = oss2.Bucket(auth, endpoint, "examplebucket", region=region) # Specify that the generated log objects are stored in the current bucket. # Set the directory in which the log objects are stored to log/. If you specify this parameter, the log objects are stored in the specified directory of the bucket. If you do not specify this parameter, the log objects are stored in the root directory of the bucket. # Enable logging for the bucket. logging = bucket.put_bucket_logging(BucketLogging(bucket.bucket_name, 'log/')) if logging.status == 200: print("Enable access logging") else: print("request_id:", logging.request_id) print("resp : ", logging.resp.response) using Aliyun.OSS; using Aliyun.OSS.Common; // Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com. Specify your actual endpoint. var endpoint = "https://oss-cn-hangzhou.aliyuncs.com"; // Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. var accessKeyId = Environment.GetEnvironmentVariable("OSS_ACCESS_KEY_ID"); var accessKeySecret = Environment.GetEnvironmentVariable("OSS_ACCESS_KEY_SECRET"); // Specify the name of the source bucket for which you want to enable logging. Example: examplebucket. var bucketName = "examplebucket"; // Specify the name of the destination bucket in which the log objects are stored. The source bucket and the destination bucket can be the same bucket or different buckets. var targetBucketName = "destbucket"; // Specify the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the region to cn-hangzhou. const string region = "cn-hangzhou"; // Create a ClientConfiguration instance and modify the default parameters based on your requirements. var conf = new ClientConfiguration(); // Use the signature algorithm V4. conf.SignatureVersion = SignatureVersion.V4; // Create an OSSClient instance. var client = new OssClient(endpoint, accessKeyId, accessKeySecret, conf); client.SetRegion(region); try { // Specify that the log objects are stored in the log/ directory. If you specify this parameter, the log objects are stored in the specified directory of the destination bucket. If you do not specify this parameter, log objects are stored in the root directory of the destination bucket. var request = new SetBucketLoggingRequest(bucketName, targetBucketName, "log/"); // Enable logging for the source bucket. client.SetBucketLogging(request); Console.WriteLine("Set bucket:{0} Logging succeeded ", bucketName); } catch (OssException ex) { Console.WriteLine("Failed with error info: {0}; Error info: {1}. \nRequestID:{2}\tHostID:{3}", ex.ErrorCode, ex.Message, ex.RequestId, ex.HostId); } catch (Exception ex) { Console.WriteLine("Failed with error info: {0}", ex.Message); }PutBucketLoggingRequest request = new PutBucketLoggingRequest(); // Specify the name of the source bucket for which you want to enable logging. request.setBucketName("yourSourceBucketName"); // Specify the name of the destination bucket in which you want to store the logs. // The source bucket and the destination bucket must be located in the same region. The source bucket and the destination bucket can be the same bucket or different buckets. request.setTargetBucketName("yourTargetBucketName"); // Specify the directory in which the logs are stored. request.setTargetPrefix("<yourTargetPrefix>"); OSSAsyncTask task = oss.asyncPutBucketLogging(request, new OSSCompletedCallback<PutBucketLoggingRequest, PutBucketLoggingResult>() { @Override public void onSuccess(PutBucketLoggingRequest request, PutBucketLoggingResult result) { OSSLog.logInfo("code::"+result.getStatusCode()); } @Override public void onFailure(PutBucketLoggingRequest request, ClientException clientException, ServiceException serviceException) { OSSLog.logError("error: "+serviceException.getRawMessage()); } }); task.waitUntilFinished();package main import ( "fmt" "os" "github.com/aliyun/aliyun-oss-go-sdk/oss" ) func main() { // Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. provider, err := oss.NewEnvironmentVariableCredentialsProvider() if err != nil { fmt.Println("Error:", err) os.Exit(-1) } // Create an OSSClient instance. // Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com. Specify your actual endpoint. // Specify the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the region to cn-hangzhou. Specify the actual region. clientOptions := []oss.ClientOption{oss.SetCredentialsProvider(&provider)} clientOptions = append(clientOptions, oss.Region("yourRegion")) // Specify the version of the signature algorithm. clientOptions = append(clientOptions, oss.AuthVersion(oss.AuthV4)) client, err := oss.New("yourEndpoint", "", "", clientOptions...) if err != nil { fmt.Println("Error:", err) os.Exit(-1) } // Specify the name of the source bucket for which you want to enable logging. Example: examplebucket. bucketName := "examplebucket" // Specify the name of the destination bucket in which you want to store the log objects. The source and destination buckets can be the same bucket or different buckets, but they must be located in the same region. targetBucketName := "destbucket" // Set the directory in which you want to store the log objects to log/. If you specify this parameter, the log objects are stored in the specified directory of the destination bucket. If you do not specify this parameter, the log objects are stored in the root directory of the destination bucket. targetPrefix := "log/" // Enable logging for the bucket. err = client.SetBucketLogging(bucketName, targetBucketName, targetPrefix, true) if err != nil { fmt.Println("Error:", err) os.Exit(-1) } } #include <alibabacloud/oss/OssClient.h> using namespace AlibabaCloud::OSS; int main(void) { /* Initialize information about the account that is used to access OSS. */ /* Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com. */ std::string Endpoint = "yourEndpoint"; /* Specify the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the region to cn-hangzhou. */ std::string Region = "yourRegion"; /* Specify the name of the source bucket for which you want to enable logging. Example: examplebucket. */ std::string BucketName = "examplebucket"; /* Specify the name of the destination bucket in which the log objects are stored. The source bucket and the destination bucket can be the same bucket or different buckets. */ std::string TargetBucketName = "destbucket"; /* Set the directory in which the log objects are stored to log/. If you specify this parameter, the log objects are stored in the specified directory of the destination bucket. If you do not specify this parameter, the log objects are stored in the root directory of the destination bucket. */ std::string TargetPrefix ="log/"; /* Initialize resources such as network resources. */ InitializeSdk(); ClientConfiguration conf; conf.signatureVersion = SignatureVersionType::V4; /* Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. */ auto credentialsProvider = std::make_shared<EnvironmentVariableCredentialsProvider>(); OssClient client(Endpoint, credentialsProvider, conf); client.SetRegion(Region); /* Enable logging for the bucket. */ SetBucketLoggingRequest request(BucketName, TargetBucketName, TargetPrefix); auto outcome = client.SetBucketLogging(request); if (!outcome.isSuccess()) { /* Handle exceptions. */ std::cout << "SetBucketLogging fail" << ",code:" << outcome.error().Code() << ",message:" << outcome.error().Message() << ",requestId:" << outcome.error().RequestId() << std::endl; return -1; } /* Release resources such as network resources. */ ShutdownSdk(); return 0; }#include "oss_api.h" #include "aos_http_io.h" /* Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com. */ const char *endpoint = "yourEndpoint"; /* Specify the name of the bucket. Example: examplebucket. */ const char *bucket_name = "examplebucket"; /* Specify the name of the destination bucket in which the log objects are stored. The source bucket and the destination bucket can be the same bucket or different buckets. */ const char *target_bucket_name = "yourTargetBucketName"; /* Specify the directory in which the log objects are stored. If you specify this parameter, the log objects are stored in the specified directory of the destination bucket. If you do not specify this parameter, the log objects are stored in the root directory of the destination bucket. */ const char *target_logging_prefix = "yourTargetPrefix"; /*Specify the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the region to cn-hangzhou.*/ const char *region = "yourRegion"; void init_options(oss_request_options_t *options) { options->config = oss_config_create(options->pool); /* Use a char* string to initialize data of the aos_string_t type. */ aos_str_set(&options->config->endpoint, endpoint); /* Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. */ aos_str_set(&options->config->access_key_id, getenv("OSS_ACCESS_KEY_ID")); aos_str_set(&options->config->access_key_secret, getenv("OSS_ACCESS_KEY_SECRET")); //Specify two additional parameters. aos_str_set(&options->config->region, region); options->config->signature_version = 4; /* Specify whether to use CNAME. The value 0 indicates that CNAME is not used. */ options->config->is_cname = 0; /* Specify network parameters, such as the timeout period. */ options->ctl = aos_http_controller_create(options->pool, 0); } int main(int argc, char *argv[]) { /* Call the aos_http_io_initialize method in main() to initialize global resources, such as network resources and memory resources. */ if (aos_http_io_initialize(NULL, 0) != AOSE_OK) { exit(1); } /* Create a memory pool to manage memory. aos_pool_t is equivalent to apr_pool_t. The code used to create a memory pool is included in the APR library. */ aos_pool_t *pool; /* Create a memory pool. The value of the second parameter is NULL. This value indicates that the pool does not inherit other memory pools. */ aos_pool_create(&pool, NULL); /* Create and initialize options. This parameter includes global configuration information, such as endpoint, access_key_id, access_key_secret, is_cname, and curl. */ oss_request_options_t *oss_client_options; /* Allocate the memory resources in the memory pool to the options. */ oss_client_options = oss_request_options_create(pool); /* Initialize oss_client_options. */ init_options(oss_client_options); /* Initialize the parameters. */ aos_string_t bucket; oss_logging_config_content_t *content; aos_table_t *resp_headers = NULL; aos_status_t *resp_status = NULL; aos_str_set(&bucket, bucket_name); content = oss_create_logging_rule_content(pool); aos_str_set(&content->target_bucket, target_bucket_name); aos_str_set(&content->prefix, target_logging_prefix); /* Enable logging for the source bucket. */ resp_status = oss_put_bucket_logging(oss_client_options, &bucket, content, &resp_headers); if (aos_status_is_ok(resp_status)) { printf("put bucket logging succeeded\n"); } else { printf("put bucket logging failed, code:%d, error_code:%s, error_msg:%s, request_id:%s\n", resp_status->code, resp_status->error_code, resp_status->error_msg, resp_status->req_id); } /* Release the memory pool. This operation releases the memory resources allocated for the request. */ aos_pool_destroy(pool); /* Release the allocated global resources. */ aos_http_io_deinitialize(); return 0; }require 'aliyun/oss' client = Aliyun::OSS::Client.new( # In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. endpoint: 'https://oss-cn-hangzhou.aliyuncs.com', # Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. access_key_id: ENV['OSS_ACCESS_KEY_ID'], access_key_secret: ENV['OSS_ACCESS_KEY_SECRET'] ) # Specify the name of the bucket. Example: examplebucket. bucket = client.get_bucket('examplebucket') # Set logging_bucket to the destination bucket in which log objects are stored. # Set my-log to the directory in which log objects are stored. If you specify this parameter, log objects are stored in the specified directory of the destination bucket. If you do not specify this parameter, log objects are stored in the root directory of the destination bucket. bucket.logging = Aliyun::OSS::BucketLogging.new( enable: true, target_bucket: 'logging_bucket', target_prefix: 'my-log')API
Call the PutBucketLogging operation to enable log storage for a bucket.
Configure log storage for a vector bucket
Console
On the Vector Buckets page, click the target bucket. In the navigation pane on the left, choose Log Management > Log Storage.
Turn on the Log Storage switch and configure the following parameters:
Target Storage Location: Select a bucket to store log files. The bucket must be in the same region as the vector bucket.
Log Prefix: Set the directory and prefix for log files, such as
MyLog-.Authorization Role: Use the default log service role AliyunOSSLoggingDefaultRole or select a custom role.
ossutil
The following example shows how to enable log storage for a bucket named examplebucket. The log file prefix is MyLog-, and the bucket for storing access logs is examplebucket.
Use a JSON configuration file. The following code shows the content of the bucket-logging-status.json file:
{ "BucketLoggingStatus": { "LoggingEnabled": { "TargetBucket": "examplebucket", "TargetPrefix": "MyLog-", "LoggingRole": "AliyunOSSLoggingDefaultRole" } } }The following code provides an example of the command:
ossutil vectors-api put-bucket-logging --bucket examplebucket --bucket-logging-status file://bucket-logging-status.jsonUse JSON configuration parameters. The following code provides an example of the command:
ossutil vectors-api put-bucket-logging --bucket examplebucket --bucket-logging-status "{\"BucketLoggingStatus\":{\"LoggingEnabled\":{\"TargetBucket\":\"examplebucket\",\"TargetPrefix\":\"MyLog-\",\"LoggingRole\":\"AliyunOSSLoggingDefaultRole\"}}}"
SDK
Python
import argparse import alibabacloud_oss_v2 as oss import alibabacloud_oss_v2.vectors as oss_vectors parser = argparse.ArgumentParser(description="vector put bucket logging sample") parser.add_argument('--region', help='The region in which the bucket is located.', required=True) parser.add_argument('--bucket', help='The name of the bucket.', required=True) parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS') parser.add_argument('--account_id', help='The account id.', required=True) parser.add_argument('--target_bucket', help='The name of the target bucket.', required=True) def main(): args = parser.parse_args() # Loading credentials values from the environment variables credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider() # Using the SDK's default configuration cfg = oss.config.load_default() cfg.credentials_provider = credentials_provider cfg.region = args.region cfg.account_id = args.account_id if args.endpoint is not None: cfg.endpoint = args.endpoint vector_client = oss_vectors.Client(cfg) result = vector_client.put_bucket_logging(oss_vectors.models.PutBucketLoggingRequest( bucket=args.bucket, bucket_logging_status=oss_vectors.models.BucketLoggingStatus( logging_enabled=oss_vectors.models.LoggingEnabled( target_bucket=args.target_bucket, target_prefix='log-prefix', logging_role='AliyunOSSLoggingDefaultRole' ) ) )) print(f'status code: {result.status_code},' f' request id: {result.request_id},' ) if __name__ == "__main__": main() Go
package main import ( "context" "flag" "github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/vectors" "log" "github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss" "github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials" ) var ( region string bucketName string accountId string ) func init() { flag.StringVar(®ion, "region", "", "The region in which the vector bucket is located.") flag.StringVar(&bucketName, "bucket", "", "The name of the vector bucket.") flag.StringVar(&accountId, "account-id", "", "The id of vector account.") } func main() { flag.Parse() if len(bucketName) == 0 { flag.PrintDefaults() log.Fatalf("invalid parameters, bucket name required") } if len(region) == 0 { flag.PrintDefaults() log.Fatalf("invalid parameters, region required") } if len(accountId) == 0 { flag.PrintDefaults() log.Fatalf("invalid parameters, accounId required") } cfg := oss.LoadDefaultConfig(). WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()). WithRegion(region).WithAccountId(accountId) client := vectors.NewVectorsClient(cfg) request := &vectors.PutBucketLoggingRequest{ Bucket: oss.Ptr(bucketName), BucketLoggingStatus: &vectors.BucketLoggingStatus{ &vectors.LoggingEnabled{ TargetBucket: oss.Ptr("TargetBucket"), TargetPrefix: oss.Ptr("TargetPrefix"), LoggingRole: oss.Ptr("AliyunOSSLoggingDefaultRole"), }, }, } result, err := client.PutBucketLogging(context.TODO(), request) if err != nil { log.Fatalf("failed to put vector bucket logging %v", err) } log.Printf("put vector bucket logging result:%#v\n", result) } API
Log file naming convention
Stored log files use the following naming convention:
<TargetPrefix><SourceBucket>YYYY-mm-DD-HH-MM-SS-UniqueStringField | Description |
TargetPrefix | The prefix of the log file name. |
SourceBucket | The name of the source bucket from which access logs are generated. |
YYYY-mm-DD-HH-MM-SS | The time partition of the log. From left to right, the fields represent year, month, day, hour, minute, and second. Currently, logs are stored on an hourly basis. For example, if HH is 01, the log file contains logs from 01:00:00 to 01:59:59. MM and SS are both pushed as 00. |
UniqueString | A system-generated string that uniquely identifies the log file. |
Log format and example
Log format
OSS access logs contain information about requesters and the resources that they access. The format is as follows:
RemoteIP Reserved Reserved Time "RequestURL" HTTPStatus SentBytes RequestTime "Referer" "UserAgent" "HostName" "RequestID" "LoggingFlag" "RequesterAliyunID" "Operation" "BucketName" "ObjectName" ObjectSize ServerCostTime "ErrorCode" RequestLength "UserID" DeltaDataSize "SyncRequest" "StorageClass" "TargetStorageClass" "TransmissionAccelerationAccessPoint" "AccessKeyID" "BucketARN"Field
Example
Description
RemoteIP
192.168.0.1
The IP address of the requester.
Reserved
-
A reserved field. The value is a hyphen (-).
Reserved
-
A reserved field. The value is a hyphen (-).
Time
03/Jan/2021:14:59:49 +0800
The time when OSS received the request.
RequestURL
GET /example.jpg HTTP/1.0
The request URL that contains the query string.
OSS ignores query string parameters that start with
x-, but these parameters are recorded in access logs. You can use a query string parameter that starts withx-to mark a request and then use this mark to quickly find the log that corresponds to the request.HTTPStatus
200
The HTTP status code returned by OSS.
SentBytes
999131
The outbound traffic generated by the request. Unit: bytes.
RequestTime
127
The time taken to complete the request. Unit: ms.
Referer
http://www.aliyun.com/product/oss
The HTTP Referer of the request.
UserAgent
curl/7.15.5
The User-Agent header of the HTTP request.
HostName
examplebucket.oss-cn-hangzhou.aliyuncs.com
The target domain name accessed by the request.
RequestID
5FF16B65F05BC932307A3C3C
The request ID.
LoggingFlag
true
Indicates whether log storage is enabled. Valid values:
true: Log storage is enabled.
false: Log storage is not enabled.
RequesterAliyunID
16571836914537****
The user ID of the requester. A hyphen (-) indicates an anonymous request.
Operation
GetObject
The request type.
BucketName
examplebucket
The name of the target bucket.
ObjectName
example.jpg
The name of the target object.
ObjectSize
999131
The size of the target object. Unit: bytes.
ServerCostTime
88
The time that OSS takes to process the request. Unit: milliseconds.
ErrorCode
-
The error code returned by OSS. A hyphen (-) indicates that no error code is returned.
RequestLength
302
The length of the request. Unit: bytes.
UserID
16571836914537****
The ID of the bucket owner.
DeltaDataSize
-
The change in the object size. A hyphen (-) indicates that the request does not involve a write operation on the object.
SyncRequest
-
The request type. Valid values:
-: a general request.
cdn: a CDN origin request.
lifecycle: a request to dump or delete data through a lifecycle rule.
StorageClass
Standard
The storage class of the target object. Valid values:
Standard: Standard.
IA: Infrequent Access.
Archive: Archive Storage.
Cold Archive: Cold Archive.
DeepCold Archive: Deep Cold Archive.
-: The object storage class is not obtained.
TargetStorageClass
-
Indicates whether the storage class of the object is converted by a lifecycle rule or a CopyObject operation. Valid values:
Standard: converted to Standard.
IA: converted to Infrequent Access.
Archive: converted to Archive Storage.
Cold Archive: converted to Cold Archive.
DeepCold Archive: converted to Deep Cold Archive.
-: The operation does not involve converting the object storage class.
TransmissionAccelerationAccessPoint
-
The acceleration endpoint used when you access the target bucket through a transfer acceleration domain name. For example, if a requester accesses the target bucket through an endpoint in the China (Hangzhou) region, the value is cn-hangzhou.
A hyphen (-) indicates that a transfer acceleration domain name is not used or the acceleration endpoint is in the same region as the target bucket.
AccessKeyID
LTAI****************
The AccessKey ID of the requester.
When a request is initiated from the console, the log field displays a temporary AccessKey ID that starts with TMP.
When a request is initiated from a tool or an SDK using a long-term key, the log field displays a common AccessKey ID, such as
LTAI****************.When a request is initiated using the temporary access credentials of Security Token Service (STS), the log field displays a temporary AccessKey ID that starts with STS.
NoteIf the AccessKey ID field is a hyphen (-), the request is anonymous.
BucketARN
acs:oss***************
The globally unique resource descriptor of the bucket.
Log example
192.168.0.1 - - [03/Jan/2021:14:59:49 +0800] "GET /example.jpg HTTP/1.0" 200 999131 127 "http://www.aliyun.com/product/oss" "curl/7.15.5" "examplebucket.oss-cn-hangzhou.aliyuncs.com" "5FF16B65F05BC932307A3C3C" "true" "16571836914537****" "GetObject" "examplebucket" "example.jpg" 999131 88 "-" 302 "16571836914537****" - "cdn" "standard" "-" "-" "LTAI****************" "acs:oss***************"After log files are stored in the specified OSS bucket, you can use Simple Log Service to analyze the log files. To do this, you must first import the OSS log files to Simple Log Service. For more information about how to import data, see Import OSS data. For more information about the analysis features of Simple Log Service, see Query and analysis overview.