Working with Amazon S3 Bucket Logging
How to enable Amazon S3 Bucket Logging
An Amazon S3 bucket can be configured to create access log records for the requests made against it.
An access log record contains details about the request such as the request type, the resource with which
the request worked, and the time and date that the request was processed. Server access logs give bucket
owners insight into the nature of requests made by clients not under their control.
By default, server access logs are not collected for a bucket.
With S3 Browser you can easily turn on Amazon S3 Bucket Logging.
To enable Amazon S3 Bucket Logging:
1. Select the Bucket you want to enable logging for and click:
Buckets, Edit Logging Settings
Click Buckets, Edit Logging Settings or use the Ctrl+G keyboard shortcut.
The Bucket Logging Settings dialog will open:
Bucket Logging Settings Dialog allows you to specify logging settings
2. Tick the Enable logging for [bucket-name] checkbox and specify Target Bucket and folder.
Target bucket and folder - defines the bucket and optinal folder, where log files will be stored.
Target Bucket should be in the same region as Source Bucket.
If you would like to use the same bucket for log files, we recommend to specify the folder
as well to keep log files in separate folder and avoid mixing log files with other files.
You may enter destination bucket and optional folder manually or use the Browse for Folder
dialog to select destination bucket and folder for your log files. You may also create new folder if necessary.
If you would like to choose destination bucket via Browse for Folder dialog,
you may click the folder icon as shown on the screenshot below:
Browse For Folder Dialog allows you to choose the Bucket and Folder
When all settings are configured, click OK to apply bucket logging settings:
Click OK to apply bucket logging settings
Please note, that log files do not appear immediately. There is some delay between the time when
request was made and when it will appear in the logs.
You may also consider configuring Lifecycle Rules for your log files to automatically
delete old log files after specified period of time.
To disable Amazon S3 Bucket Logging
1. Select the bucket, you want to disable logging for.
2. Click Buckets->Edit Logging Settings
Bucket Logging Settings Dialog will appear:
How to disable Amazon S3 bucket logging
3. Untick the Enable logging for bucket checkbox and click OK to save changes.
Amazon S3 Server Access Log Format
The log files consist of a sequence of new-line delimited log records.
Below is an example of typical entries from Amazon S3 Server Access Logs.
314423094967345b38a76d76d78c678b4 bucket_name [14/Nov/2010:13:53:47 +0000] 188.8.131.52 Anonymous 3E43423453A12F47 REST.GET.OBJECT s3browser/2.4.5/s3browser-2-4-5.exe "GET /s3browser/2.4.5/s3browser-2-4-5.exe HTTP/1.1" 200 - 543664 543664 116 96 "http://s3browser.com/download.aspx" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7" -
314423094967345b38a76d76d78c678b4 bucket_name [14/Nov/2010:13:53:59 +0000] 184.108.40.206 Anonymous 3E43423453A12F47 REST.GET.OBJECT s3browser/2.4.7/s3browser-2-4-7.exe "GET /s3browser/2.4.7/s3browser-2-4-7.exe HTTP/1.1" 200 - 289897 289897 50 44 "http://s3browser.com/download.aspx" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7" -
Each log record represents one request and consists of space delimited fields described in the following table:
||The canonical user id of the owner of the source bucket.
||The name of the bucket that the request was processed against.
||The time at which the request was received.
||The apparent Internet address of the requester.
||The canonical user id of the requester, or the string "Anonymous" for unauthenticated requests.
||The request ID is a string generated by Amazon S3 to uniquely identify each request.
||Either SOAP.operation or REST.HTTP_method.resource_type.
||The "key" part of the request, URL encoded, or "-" if the operation does not take a key parameter.
||"GET /s3browser/2.4.5/s3browser-2-4-5.exe HTTP/1.1"
||The Request-URI part of the HTTP request message.
||The numeric HTTP status code of the response.
||The Amazon S3 Error Code, or "-" if no error occurred.
||The number of response bytes sent, excluding HTTP protocol overhead, or "-" if zero.
||The total size of the object in question.
||The number of milliseconds the request was in flight from the server's perspective.
||The number of milliseconds that Amazon S3 spent processing your request.
||The value of the HTTP Referrer header, if present.
||"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
||The value of the HTTP User-Agent header.
||The version ID in the request, or "-" if the operation does not take a versionId parameter.