Managing Audit Logs
Audit logs are detailed records of activities in the Lyve Cloud console and S3 API operations. Audit logs are used to access audit functions and track any suspicious activity.
When you enable audit logging, all audit logs are written to the selected target bucket. The target bucket must be immutable, which keeps audit logs immutable. For more information, see Using object immutability. You cannot switch off object immutability for the target bucket. You can maintain three types of audit logs:
S3 API audit logs: This log records all supported S3 API calls. For more information, see Supported S3 API calls.
S3 API audit logs are recorded in the
S3-<BUCKET-NAME>-<TIMESTAMP>.gzformat, where theBUCKET-NAMEis the name of a bucket being logged. For more information, see Example of S3 API audit logs.IAM audit logs: This log includes all events corresponding to identity and access management actions.
IAM audit logs are recorded in the
IAM-<TIMESTAMP>.gzformat. For more information, see Example of IAM audit log.Console audit logs: This log includes all the events that originated from the Lyve Cloud console's actions.
The console audit log is recorded in the
console-<TIMESTAMP>.gzformat. For more information, see Example of the console audit log.Note
Switching on the Console Audit Logs enables both the Console audit logs and IAM audit logs that are written to the target bucket.
The audit log files have TIMESTAMP format: yyyy-MM-dd-HH-mm-ss' and are set to the UTC zone.
Audit log files keep sufficient information to establish which events occurred, when they occurred, and who caused them. Administrators can manually delete these audit log files after the specified retention duration ends. This helps you to manage the buckets cost-effectively. For more information, see Using object immutability.
Lyve Cloud periodically saves audit logs for specified buckets. The maximum size of a log file is 500 MB. If the file size reaches 500 MB, that log file is saved, and the logs continue to be written in a new file. Log files are saved to the target bucket as console audit log files, IAM audit logs, or S3 API logs.
Role-based access to permission
The following table describes access to enable and disable audit logs based on your role.
Actions | Admin | Storage Admin | Auditor (Read only) |
|---|---|---|---|
Enable/disable S3 API audit logs | ✓ | × | × |
Enable/disable account audit logs | ✓ | × | × |
Edit audit log target bucket | ✓ | × | × |
View audit log settings | ✓ | × | ✓ |