• Object Storage Service

obs
  1. Help Center
  2. Object Storage Service
  3. Developer Guide (Python SDK)
  4. Access Logging
  5. Enabling Bucket Logging

Enabling Bucket Logging

You can call ObsClient.setBucketLoggingConfiguration to enable bucket logging by performing the following two steps.

  1. Set the log delivery group's access permissions on the target bucket. (Ensure that the log delivery group has the WRITE and READ_ACP permissions on the bucket.)
  2. Configure logging.
NOTE:
  • The source bucket and target bucket of logging must be in the same region.
  • If the bucket is in the OBS Warm or Cold storage class, it cannot be used as the target bucket.

Enabling Bucket Logging Step by Step

Sample code:

# Import the module.
from com.obs.client.obs_client import ObsClient
 
# Create an instance of ObsClient.
obsClient = ObsClient(
    access_key_id='*** Provide your Access Key ***',    
    secret_access_key='*** Provide your Secret Key ***',    
    server='yourdomainname'
)

# Grant the WRITE and READ_ACP permissions on the target bucket to the log delivery group.
resp = obsClient.setBucketAcl('targetbucketname', aclControl='log-delivery-write')
if resp.status < 300:    
    print('requestId:', resp.requestId)
    logstatus = Logging(targetBucket='targetbucketname', targetPrefix='prefix')
     # Configure logging for the bucket.
    resp2 = obsClient.setBucketLoggingConfiguration('bucketname', logstatus)
    if resp2.status < 300:    
        print('requestId:', resp2.requestId)
    else:    
        print('errorCode:', resp2.errorCode)    
        print('errorMessage:', resp2.errorMessage)
else:    
    print('errorCode:', resp.errorCode)    
    print('errorMessage:', resp.errorMessage)

Setting ACLs for Objects to Be Logged

Sample code:

# Import the module.
from com.obs.client.obs_client import ObsClient
 
# Create an instance of ObsClient.
obsClient = ObsClient(
    access_key_id='*** Provide your Access Key ***',    
    secret_access_key='*** Provide your Secret Key ***',    
    server='yourdomainname'
)

# Grant the WRITE and READ_ACP permissions on the target bucket to the log delivery group.
resp = obsClient.setBucketAcl('targetbucketname', aclControl='log-delivery-write')
if resp.status < 300:    
    print('requestId:', resp.requestId)
    
    from com.obs.models.grantee import Grantee, Group
    from com.obs.models.grant import Grant, Permission
    from com.obs.models.logging import Logging
    
    # Grant the FULL_CONTROL permission on logs to the authorized users.
    grantee1 = Grantee(group=Group.AUTHENTICATED_USERS)
    grant1 = Grant(grantee=grantee1, permission=Permission.FULL_CONTROL)
    
    # Grant the READ permission on the objects to be logged to all users.
    grantee2 = Grantee(group=Group.ALL_USERE)
    grant2 = Grant(grantee=grantee2, permission=Permission.READ)
    logstatus = Logging(targetBucket='targetbucketname', targetPrefix='prefix', targetGrants= [grant1, grant2])
    
     # Configure logging for the bucket.
    resp2 = obsClient.setBucketLoggingConfiguration('bucketname', logstatus)
    if resp2.status < 300:    
        print('requestId:', resp2.requestId)
    else:    
        print('errorCode:', resp2.errorCode)    
        print('errorMessage:', resp2.errorMessage)
else:    
    print('errorCode:', resp.errorCode)    
    print('errorMessage:', resp.errorMessage)