download free 30 days trial version buy bucket explorer
Documentation  Download  Purchase  Support  FAQs   Forum   ScreenShots & Demos

Amazon S3 - How to Configure Server Access Logging (PUT Bucket Logging, GET Bucket Logging)?

Enable or Disable Bucket Logging by sending HTTP PUT Request to Amazon S3 Server

You can enable Bucket Logging on your Amazon S3 Buckets , to collect detail logs on the requests made on you Buckets, including Request Types, Time stamp etc, by sending HTTP PUT Request to Amazon S3's server. You can also specify permissions for who can view and modify the logging parameters with the PUT Request.

Get Bucket Logging Status and User Permissions by sending HTTP GET Request to Amazon S3 Server

If you want to GET the Logging Status or the User Permissions to View or Modify the Logging Status, send an HTTP GET Request to Amazon S3 Server

You can Enable/ Disable/ Get the status for Bucket Logging with HTTP PUT/ GET Request with the following options:

a) Using Amazon S3 APIs

  • Enable or Disable Bucket Logging using Amazon S3 REST API (PUT Bucket Logging)- If you know software programming, you can write a program to use Amazon's REST or SOAP API to Set or Remove Bucket Logging. This documentation only talks about REST API (PUT Bucket Logging). You can read Amazon S3 documentation for details on SOAP APIs.
  • Get Bucket Logging Status and User Permissions using Amazon S3 REST API (GET Bucket Logging)- You can also write a program to use GET Bucket Logging API of Amazon S3 to Get the Bucket Logging Status, as well as the user permissions to view and update the Bucket Logging Status.

b) Using Bucket Explorer

If you do not want to write a software program and want to use a user interface instead, you can do the following:

  • Enable or Disable Bucket Logging using Bucket Explorer
  • Get Bucket Logging Status and User Permissions using Bucket Explorer

To authenticate the GET Bucket Logging and PUT Bucket Logging requests, you need to be the owner of the bucket.

As the owner of the bucket, you automatically have FULL_CONTROL on all S3 Bucket access logs. To be able to grant access to other people, you use Grantee request element. To specify the kind of access the grantee has on the server access logs, you will use the Permissions request element.

Read the following sections to get more details on how to use Amazon S3 APIs or Bucket Explorer for configuring Bucket Logging:

a) Set or Remove Bucket logging using REST API (PUT Bucket Logging)

To set Bucket Logging on your Amazon S3 bucket, you will need to request PUT Bucket logging. For that, you need to use LoggingEnabled and its request elements to enable logging on the bucket and use an empty BucketLoggingStatus request element to disable logging.

Syntax:

PUT /?logging HTTP/1.1
Host: BucketName .s3.amazonaws.com
Date: date
Authorization: signatureValue

Request elements vary depending on what you're setting.
 

Get Bucket Logging Status using Amazon REST API (GET Bucket Logging)

To get a list or retrieve the logging status of a bucket and the permissions that you and other users have to view and modify the status, you will need to request GET Bucket Logging. For that, you need to only use request headers that are common to all operations.

Syntax:


GET /?logging HTTP/1.1
Host: BucketName .s3.amazonaws.com
Date: date
Authorization: signature
 

b) Set or Remove Bucket logging using Bucket Explorer

Here is how Bucket Explorer lets you set or remove Bucket Logging easily without having to write any code.

Amazon S3 Bucket Logging to audit and track file access and download

If you need to track your data transfer on your Amazon S3 account , Bucket Explorer provides you bucket logging service.

  • Set logging: Using this option, you can log all activities on specified bucket. To activate logging for the bucket, you only need to right click on the bucket and choose "Bucket Logging" option.
  • Remove Bucket Logging: Using this option, you can disable or remove bucket logging for already logged bucket .

Steps to set/enable Amazon S3 bucket logging:

  1. Select the bucket on which you want to set/enable bucket logging and
  2. choose "Logging -> Set" or right click on bucket panel to choose "Bucket Logging operation -> set logging" option.
  3. Bucket Logging status shows if bucket is already logged or not. If logged, it displays the "target" bucket name; otherwise, it shows "Not Logged" .
  4. The default prefix is the bucket that you want to log. You can also change this.
  5. Select the target bucket from the combo box where you want to deliver the log files.
  6. Click on Set Grantee button.
  7. A set grantee panel will appear. Click on Add access by Email Id/Canonical Id button.
  8. Enter the Email Id of user/canonical Id of account with which you want to share the log files.
  9. Set permissions for the users that you have added.
  10. Click on Ok button to set the permissions. The Set Grantee panel disappears.
  1. Now click on OK button to save the grantee permissions and to enable bucket logging.
  2. Right click on the target bucket and select Update Bucket Access Control List option.
  3. It will display a window where you can see the permissions for the “Log delivery” users.
  4. Bucket Explorer automatically sets "Write" and "Read_ACP" permissions.

Steps to remove/disable Amazon S3 bucket logging:

  1. Click on Logging -> Remove or right click on bucket and choose "Bucket Logging operation -> Remove" option.
  2. It will show the message "bucket logging removed for: $BucketName$" in the message box. option.

Steps to get the logging status of an Amazon S3 bucket:

  1. Select the bucket on which you want to retrieve the logging status and choose “Logging -> Set” or right click on bucket panel to choose “Bucket Logging operation -> set logging” option.
  2. A dialog box will then appear that will show you the logging status of the bucket. It displays “target” bucket name if logged; otherwise, it shows “Not Logged”.