Logging

Logging in IONOS S3 Object Storage enables the tracking and storage of requests made to your bucket. When you enable Logging, S3 automatically records access requests, such as the requester, bucket name, request time, request action, response status, and error codes, if any. By default, Logging is disabled for a bucket.

Note: Logging is currently supported only for user-owned buckets and is available in the de, eu-central-2, and eu-south-2 S3 regions.

Note: Logging is not supported for contract-owned buckets.

Use cases

  • Security Monitoring: Tracks access patterns and identifies unauthorized or suspicious access to your data. In the event of a security breach, logs provide vital information for investigating the incident, such as IP addresses, request times, and the actions that were performed.

  • Auditing: Many industries require compliance with specific regulatory standards that mandate the monitoring and logging of access to data. S3 logging facilitates compliance with regulations like HIPAA, GDPR, or SOX by providing a detailed record of who accessed what data and when.

  • Troubleshooting: If there are issues with how applications are accessing your S3 data, logs can provide detailed information to help diagnose and resolve these issues. Logs show errors and the context in which they occurred, aiding in quick troubleshooting.

Manage Logging

You can manage Logging using the DCD, API, and CLI.

DCD

Activate Logging

Prerequisite: Make sure you have provided access permissions for the Log Delivery Group. For more information, see Grant access permission for Logging.

To activate Logging, follow these steps:

1. In the DCD, go to Menu > Storage > IONOS S3 Object Storage.

2. From the Buckets list, choose the bucket and click Bucket settings.

3. Go to the Logging setting under the Access management section and click Browse S3 to select the destination bucket in the same region to store logs.

Note: Although it is possible to store logs in the same bucket being logged, it is recommended to use a different bucket to avoid potential complications with managing log data and user data together.

4. (Optional) Specify the prefix for log storage, providing flexibility in organizing and accessing your log data. If no prefix is entered, the log file name is derived from its time stamp alone.

5. Click Save.

Result: Logging is enabled for the selected bucket.

Deactivate Logging

You can modify or deactivate Logging at any time with no effect on existing log files. Log files are handled like any other object. Using the Logging section in the Bucket settings, you can click Disable Logging to stop collecting log data for a bucket.

Grant access permission for Logging

1. In the DCD, go to Menu > Storage > IONOS S3 Object Storage.

2. From the Buckets list, choose the bucket for which the logging must be enabled.

3. Click Bucket settings and go to the Access Control List (ACL).

4. For Logging, select the OBJECTS:WRITE and BUCKET ACL:READ checkboxes.

5. Click Save.

Result: The required access permissions to enable Logging for a bucket is granted.

IONOS S3 Object Storage API

Use the API to configure and manage Logging for a bucket.

CLI

Use CLI to manage Logging for buckets.

Limitations

Logs can only be stored in the same-region buckets.

Warning: Although it is possible to store logs in the same bucket being logged, it is not recommended due to potential complications with managing log data and user data together.

Lifecycle Management

Use Lifecycle Management in conjunction with Logging to manage and automate the lifecycle of log files. For instance, you can set up a lifecycle policy to permanently delete logs that are no longer needed after a certain period.

Last updated