Enabling bucket logging for Multicloud Object Gateway [Technology preview]

Before you begin

Important: Bucket logging for Multicloud Object Gateway is a Technology Preview feature. IBM does not recommend using technology preview features in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

About this task

Bucket logging helps you to record the S3 operations that are performed against the Multicloud Object Gateway (MCG) bucket for compliance, auditing, and optimization purposes.

Procedure

  1. Create a data bucket where you can upload the objects.
    nb bucket create data.bucket
  2. Create a log bucket where you want to store the logs for bucket operations by using the following command:
    nb bucket create log.bucket
  3. Configure bucket logging on data bucket with log bucket.
    nb api bucket_api put_bucket_logging '{
       "name": "data.bucket",
       "log_bucket": "log.bucket",
       "log_prefix": "data-bucket-logs"
    }'
  4. Verify if the bucket logging is set for the data bucket.
    nb api bucket_api get_bucket_logging '{
       "name": "data.bucket"
    }'

    The S3 operations can take up to 24 hours to get recorded in the logs bucket. The following example shows the recorded logs and how to download them:

    Example

    s3_alias cp s3://logs.bucket/data-bucket-logs/logs.bucket.bucket_data-bucket-logs_1719230150.log - | tail -n 2
    
    Jun 24 14:00:02 10-XXX-X-XXX.sts.openshift-storage.svc.cluster.local  {"noobaa_bucket_logging":"true","op":"GET","bucket_owner":"operator@noobaa.io","source_bucket":"data.bucket","object_key":"/data.bucket?list-type=2&prefix=data-bucket-logs&delimiter=%2F&encoding-type=url","log_bucket":"logs.bucket","remote_ip":"100.XX.X.X","request_uri":"/data.bucket?list-type=2&prefix=data-bucket-logs&delimiter=%2F&encoding-type=url","request_id":"luv2XXXX-ctyg2k-12gs"} Jun 24 14:00:06 10-XXX-X-XXX.s3.openshift-storage.svc.cluster.local  {"noobaa_bucket_logging":"true","op":"PUT","bucket_owner":"operator@noobaa.io","source_bucket":"data.bucket","object_key":"/data.bucket/B69EC83F-0177-44D8-A8D1-4A10C5A5AB0F.file","log_bucket":"logs.bucket","remote_ip":"100.XX.X.X","request_uri":"/data.bucket/B69EC83F-0177-44D8-A8D1-4A10C5A5AB0F.file","request_id":"luv2XXXX-9syea5-x5z"}
  5. (Optional) To disable bucket logging, use the following command:
    nb api bucket_api delete_bucket_logging '{
       "name": "data.bucket"
    }'

Example