COS provides the logging feature, which records the access details of a source bucket. These logs are then stored in a destination bucket for better bucket management. To get the file upload, download, and deletion logs, enable access logging to record file operations.
You can use the logging feature of COS to download bucket access logs and write a program to analyze which files consume the most public network traffic. You can also load the logs to Data Lake Compute (DLC) for statistics collection.
You can use the logging feature of COS to download bucket access logs and write a program to analyze from which source IPs most public network traffic comes from. You can also load the logs to DLC for statistics collection.
You can set an alarm policy in the CM console to receive alarm notifications when the public network downstream traffic in COS reaches the threshold. COS currently can't automatically suspend the service when the threshold is reached.
You can query the logs shipped by the logging feature to view file deletion logs. After access logging is enabled, you can load log files to DLC to filter deletion logs. Below is a sample deletion log. You can search for the
DELETE operation in the
reqMethod field to get such logs:
1.0 examplebucket-125000000 ap-chengdu 2020-02-10T13:07:00Z examplebucket-125000000.cos.ap-chengdu.myqcloud.com DELETEObject 184.108.40.206 AKIDSuCmiBvppcdxShtPrCjhEUPFpzSzmXEEhG2bFVgd7-J6AsmEPu8NYMOhgx3HLExh - 0 0 / DELETE tencentcloud-cos-console 200 - - 746 146 USER - 100009682373 - 100009682373:100009682373 NWU0MTU1NzRfNWNiMjU4NjRfM2JkMV8yNGFiNGEw - - - - DELETE /filepath HTTP/1.1
If you cannot find deletion logs among access logs, check whether rules of deletion upon expiration are set in the lifecycle configuration.
Bucket configuration logs are shipped to CloudAudit. You can search for such logs as instructed in Viewing Event Details in Operation Record.
Bucket creation and deletion logs are shipped to CloudAudit. You can select
PutBucket events to filter operation logs as instructed in Viewing Event Details in Operation Record.
No. However, you can create an alarm policy in CM to trigger alarms and push notifications by email or SMS when the traffic reaches a certain threshold.
If your business has an abnormal surge in the request count or traffic, your business may be hotlinked. You need to check whether public read is enabled for your bucket. We recommend you not enable public read, as it will bring uncontrollable risks to your business. You can grant access according to the principle of least privilege.
If you must use public read, we recommend you use the following methods to guarantee the bucket security: