Log files

All requests through the Service APIs are logged in the access log with a different interface type.

Each entry for Service API requests is logged as "interface_type": "service". For more information, see the Log file reference.

To use the Service APIs:

  • The Service API ports must be enabled for the access pools in use
  • Only a user with the Service Account role can use the Service API ports
  • All Service API requests must comply with the interface specifications
  • Storage accounts cannot be deleted if they are not empty. This means that a storage account that is associated with AWS credentials, containers, or objects cannot be deleted.

Access log

Access log entries have a different format in Container Mode than in Vault Mode, and is defined in the Log file reference. Each entry in this log corresponds to a request received on the Service API port or the S3 user request port. Container Mode also introduces additional fields that can be used for billing.

The interface type field specifies one of the following parameters for each entry in the access logs in Container Mode.

  • service: All Service API requests received at the Service API port.
  • s3-service: All vault-level access received at the Service API port (for example, management vault).
  • s3: All user requests received.

The fields in the access logs must be processed and aggregated for storage accounts and users, as each entry in an access log is for a single request received at an Accesser device. The usage information includes both bytes used and object count. In addition, the legacy fields provide the size of the object for the current request.

A billing application can support any billing model based on the available information and processing of the logs. Each access log has the device UUID for which the access log has access information, and a timestamp associated with the name of the log. The logs are rotated as configured in the Manager Web Interface and appropriately are named with timestamps.

Retrieval of access logs

Access logs are uploaded to the management vault periodically. These logs include detailed usage information that can be used for billing. The management vault must be deployed to an appropriate access pool to allow a service user to download log files from the management vault.

A system administrator must configure a suitable access log rotation time on the Manager Web Interface when creating or updating management vaults. All access logs are uploaded to the management vault periodically. An application can retrieve these logs from the management vault using the Service API port and service account credentials.

The URI format for management vault access in Container Mode differs from Vault Mode. The format is as follows:

http://<accesser-IP-address>:8337/vaults/s3/<management-vault-name>

https://<accesser IP address>:8338/vaults/s3/<management vault name>