Logging Overview
Terakhir diperbarui:2025-10-10 09:50:01
Feature Overview
The logging feature allows you to record the access information of a source bucket and save it to a destination bucket as logs.
In the destination bucket, the log path is:
destination bucket/path prefix{YYYY}/{MM}/{DD}/{time}_{random}_{index}
Logs are generated every 5 minutes (one record per line). Each record contains multiple fields, and fields are separated by a space. The file size for a log file is up to 256 MB. If the amount of logs generated within these 5 minutes exceeds 256MB, your logs will be split into multiple log files. The logging fields supported are as follows:
No. | Field | Description | Sample |
1 | eventVersion | Log version | 1.0 |
2 | bucketName | Bucket Name | examplebucket-1250000000 |
3 | qcsRegion | Request region | ap-beijing |
4 | eventTime | Event time (request end time, which is a timestamp in UTC+0 time zone) | 2018-12-01T11:02:33Z |
5 | eventSource | Access domain name | examplebucket-1250000000.cos.ap-guangzhou.myqcloud.com |
6 | eventName | UploadPart | |
7 | remoteIp | Source IP | 192.168.0.1 |
8 | userSecretKeyId | User access KeyId | ************************************ |
9 | reservedFiled | Reserved field. | Displayed as - |
10 | reqBytesSent | Request bytes | 83886080 |
11 | deltaDataSize | Change in storage made by the request (in bytes) | 808 |
12 | reqPath | Requested file path | /folder/text.txt |
13 | reqMethod | Request method | put |
14 | userAgent | User UA | cos-go-sdk-v5.2.9 |
15 | resHttpCode | HTTP response status code | 404 |
16 | resErrorCode | Error Codes | NoSuchKey |
17 | resErrorMsg | Error Message | The specified key does not exist. |
18 | resBytesSent | Bytes returned | 197 |
19 | resTotalTime | Total time used by the request (in milliseconds, i.e., the time between the last byte of the response and the first byte of the request) | 4295 |
20 | logSourceType | Source type of the log | USER (user access requests), CDN (CDN origin-pull requests) |
21 | storageClass | Storage Type | STANDARD,STANDARD_IA,ARCHIVE |
22 | accountId | Bucket owner ID | 100000000001 |
23 | resTurnAroundTime | Time used by the request server (in milliseconds, i.e., the time between the first byte of the response and the last byte of the request) | 4295 |
24 | requester | Visitor account. If the visitor is the root account, the account format is root account UIN:root account UIN;If the visitor is a sub-account, the account format is root account UIN:sub-account UIN;If the requester is anonymous, it is displayed as -. | 100000000001:100000000001 |
25 | requestId | Request ID | NWQ1ZjY4MTBfMjZiMjU4NjRfOWI1N180NDBiYTY= |
26 | objectSize | Object size, in bytes | 808, if you use multipart upload, the objectSize field will only be displayed upon completion of the upload. During each part's upload, this field will display -. |
27 | versionId | Object version ID | Random string |
28 | targetStorageClass | Destination storage class, recorded for replication requests | STANDARD,STANDARD_IA,ARCHIVE |
29 | referer | HTTP referer of the request | *.example.com or 111.111.111.1 |
30 | requestUri | Request URI | "GET /fdgfdgsf%20/%E6%B5%AE%E7%82%B9%E6%95%B0 HTTP/1.1" "GET /fdgfdgsf%20/%E6%B5%AE%E7%82%B9%E6%95%B0 HTTP/1.1" Notes: If the signature is in the query_string form, it will be shown in the requestUri. Otherwise, the requestUri will not contain the signature information. |
31 | vpcId | VPC request ID | "0" (non-VPC) / "12345" (VPC, any non-zero string) |
Note:
Currently, the log management function of COS supports the following regions: Beijing, Nanjing, Shanghai, Guangzhou, Chengdu, Chongqing, Shenzhen Finance, Shanghai Finance, Hong Kong (China), Singapore, Seoul, Bangkok, Tokyo, Silicon Valley, Virginia, Frankfurt.
The destination bucket and source bucket must reside in the same region.
The destination bucket that stores logs can be the source bucket itself (not recommended).
Currently, logs will be generated only when the bucket is accessed through XML APIs and XML API-based SDKs or tools, not via JSON APIs or JSON API-based SDKs or tools.
Depending on customer needs and business development, COS may add new fields to the access logs. Be sure to prepare for this when parsing the logs.
COS does not guarantee 100% accuracy of log data, for reference only, not as measurement or billing basis.
Enabling Logging
Using the Console
1. Log in to the COS console.
2. In the left navigation bar, click Bucket List to enter the bucket list management page.
3. Find the source bucket for which you want to enable log storage, click the Bucket Name, and enter the bucket management page.
4. On the left sidebar, select Logging > Logging, click Edit, and toggle on the feature.
5. Configure the configuration items of Logging as follows.
Destination Bucket: The destination bucket that stores the source bucket's logs must reside in the same region as the source bucket. We recommend you not set the source bucket itself as the destination bucket.
Path Prefix: A custom path prefix for the logs. If this field is left empty, logs will be delivered to the root directory of the destination bucket.
Service Authorization: When enabling the log storage feature for the first time, you need to authorize the CLS product service to deliver access logs to your bucket. Follow the prompts to complete the authorization.
6. After confirming that everything is correct, click Save.
Note:
After enabling the log storage feature, it is expected to take 1 hour to complete the first batch of log delivery. Subsequently, logs will be generated every 5 minutes, and the specific time of log delivery depends on the data volume.
7. Go to the destination bucket configured to view the generated logs.
8. After downloading the logs, you can view them in detail. For more information, see Logging Overview.
Note:
Currently, only the bucket owner possesses the permission to configure log storage. Other users will not see the Log Storage configuration option when accessing the console.
Notes
To enable Logging, you need to create a log role in the CAM console and grant the role permissions to read/write logs of the source bucket.
If Logging is disabled yet the role is not deleted, the role's read/write permissions on the source bucket's logs still exist.
Using the API
To enable logging for a bucket using APIs, follow the steps below:
1. Create a log role
Here,
roleName must be CLS_QcsRole.policyDocument must be:{"version": "2.0","statement": [{"action": "name/sts:AssumeRole","effect": "allow","principal": {"service": "cls.cloud.tencent.com"}}]}
2. Grant the log role permissions
Here,
policyName is set to QcloudCOSAccessForCLSRole.roleName is the CLS_QcsRole in step 1, or the roleID returned when roleName was created.3. Enable Log Management
Call the API to enable logging. For more information about the API, see PUT Bucket logging. Note that the destination bucket to store the logs should be in the same region as the source bucket.
Apakah halaman ini membantu?
Anda juga dapat Menghubungi Penjualan atau Mengirimkan Tiket untuk meminta bantuan.
Ya
Tidak
masukan