Logging

Logging in IONOS S3 Object Storage enables the tracking and storage of requests made to your bucket. When you enable logging, S3 automatically records access requests, such as the requester, bucket name, request time, request action, response status, and error codes, if any. By default, Logging is disabled for a bucket.

Use cases

  • Security Monitoring: Tracks access patterns and identifies unauthorized or suspicious access to your data. In the event of a security breach, logs provide vital information for investigating the incident, such as IP addresses, request times, and the actions that were performed.

  • Auditing: Many industries require compliance with specific regulatory standards that mandate the monitoring and logging of access to data. S3 logging facilitates compliance with regulations like HIPAA, GDPR, or SOX by providing a detailed record of who accessed what data and when.

  • Troubleshooting: If there are issues with how applications are accessing your S3 data, logs can provide detailed information to help diagnose and resolve these issues. Logs show errors and the context in which they occurred, aiding in quick troubleshooting.

Manage Logging

You can manage Logging using the web console, APIs, and command-line tool.

Web console

Activate Logging

Prerequisite: Make sure you have provided access permissions for Log Delivery Group. For more information, see Grant access permission for Logging.

To activate logging, follow these steps:

1. In the DCD, go to Menu > Storage > IONOS S3 Object Storage.

2. From the Buckets list, choose the bucket and click Bucket settings.

3. Go to Logging and click Browse S3 to select the destination bucket in the same region to store logs.

Note: Although it is possible to store logs in the same bucket being logged, it is recommended to use a different bucket to avoid potential complications with managing log data and user data together.

4. (Optional) Specify the prefix for log storage, providing flexibility in organizing and accessing your log data. If no prefix is entered, the log file name is derived from its time stamp alone.

5. Click Save.

Result: Logging is enabled for the selected bucket.

Deactivate Logging

You can modify or deactivate logging at any time with no effect on existing log files. Log files are handled like any other object. Using the Logging section in the Bucket settings, you can click Disable Logging to stop collecting log data for a bucket.

Grant access permission for Logging

1. In the DCD, go to Menu > Storage > IONOS S3 Object Storage.

2. From the Buckets list, choose the bucket for which the logging must be enabled.

3. Click Bucket settings and go to Access Control List (ACL).

4. For Logging, select the OBJECTS:WRITE and BUCKET ACL:READ checkboxes.

5. Click Save.

Result: The required access permissions to enable Logging for a bucket is enabled.

IONOS S3 Object Storage API

Use the Logging API to configure and manage Logging for a bucket.

Last updated