Lyve Cloud Documentation

Managing Audit Logs

Audit logs are detailed records of activities in the Lyve Cloud console and S3 API operations. Audit logs are used to access audit functions and track any suspicious activity.

All audit logs are written to the selected target bucket when you enable audit logging. The target bucket must be immutable, which keeps audit logs immutable. For more information, see Using object immutability. You cannot switch off object immutability for the target bucket. You can maintain three types of audit logs:

  • S3 API audit logs: This log records all supported S3 API calls. For more information, see Supported S3 API calls.

    S3 API audit logs are recorded in the S3-<BUCKET-NAME>-<TIMESTAMP>.gz format, where the BUCKET-NAME is the name of a bucket being logged. For more information, see Example of S3 API audit logs.

  • IAM audit logs: This log includes all events corresponding to identity and access management actions.

    IAM audit logs are recorded in the IAM-<TIMESTAMP>.gz format. For more information, see Example of IAM audit log.

  • Console audit logs: This log includes all the events that originated from the Lyve Cloud console's actions.

    The console audit log is recorded in the console-<TIMESTAMP>.gz format. For more information, see Example of the console audit log.

    Note

    Switching on the Console Audit Logs enables both the Console audit logs and IAM audit logs that are written to the target bucket.

The audit log files have TIMESTAMP format: yyyy-MM-dd-HH-mm-ss' and are set to the UTC time zone.

Audit log files keep sufficient information to establish which events occurred when they occurred, and who caused them. Administrators have the ability to delete these audit log files manually after the specified retention duration ends. This helps you to cost-effectively manage the buckets. For more information, see Using object immutability.

Lyve Cloud periodically saves audit logs for specified buckets. The maximum size of a log file is 500 MB. If the file size reaches 500 MB, then that log file is saved, and the logs are continued to be written in a new file. Log files are saved to the target bucket as console audit log files, IAM audit log files, or S3 API audit log files.

Role-based access to permission

The following table describes access to enable and disable audit logs based on your role.

Actions

Admin

Storage Admin

Auditor (Read only)

Enable/disable S3 API audit logs

×

×

Enable/disable console audit logs

×

×

Edit audit log target bucket

×

×

View audit log settings

×

Video: How to manage audit log settings in the Lyve Cloud console