---
Title: Configure monitoring
URL Source: https://company-skill.com/p/oss/oss-configure-monitoring
Language: en
Description: You want to enable, configure, or analyze access logs for your OSS buckets — including setting where logs are stored, what fields they contain, and how to review them. This includes both initial…
---

# Configure monitoring

Part of **Object Storage Service (OSS)**. Route queries via `POST https://company-skill.com/api/route`.

## What You Want to Do

You want to enable, configure, or analyze access logs for your OSS buckets — including setting where logs are stored, what fields they contain, and how to review them. This includes both initial setup and ongoing inspection.

**Typical User Questions**:
- How to analyze OSS access logs?
- Can I add custom fields to logs?

## Decision Tree

Pick the best path for your situation:

- **If** you need to add **user-defined log fields** (e.g., specific HTTP headers or query parameters) → Use CLI (go to *oss/oss-logging*)
- **If** you are integrating log configuration into a **resource provisioning pipeline using REST API calls** with **Authorization: SignatureValue** and must use **GMT format** like **rfc1123-date** → Use API (go to *oss/oss-storage*)
- **If** you only need to **browse existing access logs** without changing any configuration → Use (go to *oss/oss-logging-guide*)
- **Otherwise (default)** → Start with **CLI** if you need configuration flexibility; otherwise use **Console** for read-only analysis.

## Path Comparison

| Path | Best For | Complexity | Code Required | Automation | Key Fact | Detail Skill |
|------|----------|------------|---------------|------------|----------|-------------|
| CLI | medium | Yes | Yes | ossutil CLI | `oss/cli/oss-logging` |
| Console / Dashboard | low | No | No | custom fields | `oss/guide/oss-logging` |
| API | medium | Yes | Yes | Requires manual HTTP request signing with **Authorization: SignatureValue** | `oss/api/oss-storage` |

## Path Details

### Path 1: CLI

**Brief Description**: Uses the **ossutil logging** command to enable bucket access logging, set a **target bucket** and **log prefix**, and manage **user-defined log fields** via subcommands like **put-user-defined-log-fields-config**. Requires **oss:PutBucketLogging** permission and same-account, same-region constraints.

**Key technical facts**:
- Auth method: AccessKey ID and Secret via `ossutil config` or environment variables (`OSS_ACCESS_KEY_ID`, `OSS_ACCESS_KEY_SECRET`)

**When to Use**:
- Need through script automation configure log rules
- Need to add custom HTTP header or query parameter to access logs
- Ops scenarios requiring batch management of multiple bucket log configurations

**When NOT to Use**:
- User unfamiliar with CLI or hasn’t installed ossutil
- Only need to view logs without configuration
- Ad-hoc log checks that don’t require automation

**Known Limitations**:
- Cannot store logs in a bucket in a different region or under a different Alibaba Cloud account
- Custom log fields only configurable via **ossutil**, not Console or API directly
- Requires pre-installation and configuration of **ossutil**

### Path 2: Console / Dashboard
**Brief Description**: Navigate in **Console** to **Real-time Logs** under a bucket to view raw **access logs** and perform basic **log analysis**. The interface shows standard fields but does not expose **Custom Fields** configuration or allow log rule changes.

**Key technical facts**:
- Auth method: Console login credentials

**When to Use**:
- Need quick visual inspection of log content
- Non-technical users unfamiliar with CLI/API
- Temporary troubleshooting or validation

**When NOT to Use**:
- Need to configure or modify logging settings
- Require **user-defined log fields**
- Planning automated or bulk operations

### Path 3: API

**Brief Description**: Directly call OSS REST API endpoints like `https://BucketName.oss.aliyuncs.com/?userDefinedLogFieldsConfig` to manage logging. Requires constructing signed requests with **Authorization: SignatureValue**, setting **Date** header in **GMT format** (e.g., **rfc1123-date**), and handling responses like **HTTP DELETE** for removal. Needs **oss:DeleteUserDefinedLogFieldsConfig** permission.

**Key technical facts**:
- Auth method: Header: **Authorization: SignatureValue**
- Prerequisites: Must set Date header in **rfc1123-date**, **rfc850-date**, or **asctime-date** format

**When to Use**:
- Configuring logs during bucket creation in infrastructure-as-code
- Integrating into existing API-driven resource orchestration
- Already have SDK or HTTP client framework for OSS

**When NOT to Use**:
- Unfamiliar with REST API signing mechanics
- Only need to view logs
- Lack existing API calling infrastructure

**Known Limitations**:
- Manual request construction and signature calculation required
- Strict time format (**GMT format**) enforcement
- Error handling (e.g., 403, 404) must be implemented manually

## FAQ

Q: Which path should I start with?
A: If you’re setting up logging for the first time and may need custom fields later, start with **CLI**. If you only need to look at logs now, use **Console**.

Q: What if I need to add custom HTTP headers to my logs but used the Console?
A: You’ll hit a dead end — the **Console** does not support configuring **user-defined log fields**, and you cannot add **Custom Fields** after the fact without switching to **ossutil**.

Q: What if I tried to configure logging via API but didn’t use **rfc1123-date** in the **Date** header?
A: The OSS service will reject your request with a 403 error due to invalid signature — the **GMT format** requirement is strict for **Authorization: SignatureValue**.

Q: Can I store logs in a bucket owned by another Alibaba Cloud account?
A: No — all paths require the **target bucket** to be under the **same account** and **same region** as the source bucket, per **oss:PutBucketLogging** permission constraints.

Q: Is there a way to automate log configuration without installing ossutil?
A: Yes — use the **API path** with your own HTTP client, but you must handle request signing and **GMT format** time headers manually.

Q: Does the Console show logs configured via CLI or API?
A: Yes — once logging is enabled (by any method), **Real-time Logs** in **Console** will display the **access logs**, including any **user-defined log fields** that were added.

## Related queries

configure oss logging, enable oss access logs, view oss logs, analyze oss access logs, add custom fields to oss logs, oss log configuration, how to set up oss logging, where are oss logs stored, can i customize oss logs, oss logging cli, oss console logs, oss api logging, ossutil logging setup, oss

---
Part of [Object Storage Service (OSS)](https://company-skill.com/p/oss.md) · https://company-skill.com/llms.txt