Skip to main content
Object Storage keeps logs of actions that are performed to buckets and objects. You can view and analyze these logs as events in the Audit Logs service. There are two types of logs in Object Storage:
  • Control plane logs describe actions on buckets, such as creating and deleting buckets, or getting and updating buckets’ settings. Control plane logs are always available for all buckets.
  • Data plane logs describe actions on objects, such as uploading, downloading and deleting objects. By default, Object Storage does not keep data plane logs for your buckets. For each individual bucket, you can enable partial or full data plane logging. This can help you identify object usage patterns to optimize storage costs, improve performance of critical parts of your applications and comply with regulations, such as the Health Insurance Portability and Accountability Act (HIPAA).
    Data plane logs are in preview. Before enabling them for your buckets, contact support.
    Audit Logs has a throughput quota for data plane logs. Logs beyond that quota are not recorded.

Configuring data plane logs

To configure data plane logs for a bucket, you need the admin role for the bucket, its parent project or tenant.
You can configure data plane logs when creating a bucket or on the Settings page of an existing bucket:
  1. Turn the Data plane Audit Logs setting on or off.
  2. If the setting is on, choose whether to log all actions or only actions that change objects. See the list of logged data plane actions.
Changes to existing buckets may take some time to apply. For example, if you enable data plane logs in an existing bucket, there may be a delay before logging begins.

Logged data plane actions

Depending on whether you enabled all data plane logs (all) or only logs for actions that change objects (mutate_only), Object Storage logs actions that are performed by using the following S3 API methods:
Methodallmutate_only
PutObject
CopyObject
CreateMultipartUpload
UploadPart
UploadPartCopy
AbortMultipartUpload
CompleteMultipartUpload
DeleteObject
DeleteObjects
DeleteObjectVersion
GetObject
HeadObject
ListParts
ListObjectVersions
ListObjects
ListMultipartUploads
Actions that do not create, read, update or delete objects themselves, such as GetObjectAcl or PutObjectTagging, are not logged, even if Object Storage supports them. Requests that result in HTTP client errors 400 Bad Request and 429 Too Many Requests are also not logged.

Viewing control plane and data plane logs

You can view control plane logs, and data plane logs from buckets that have them enabled, in Audit Logs:
  1. In the sidebar, go to https://mintcdn.com/nebius-ai-cloud/1Ha0sWR6e1mnIaHS/_assets/sidebar/audit-logs.svg?fit=max&auto=format&n=1Ha0sWR6e1mnIaHS&q=85&s=9cb45ab2aee1262c0b066fdb6816f93d Audit Logs.
  2. Select Control plane or Data plane.
  3. Filter events by the STORAGE service. If this filter is not displayed, click Filters and then select Service.
For more details, see Viewing events in Audit Logs. Parameters of an action, such as the bucket name and the object key, are returned in the .request.parameters field of the Audit Logs event. For example: 
{
  "request": {
    "parameters": {
      "bucket_name": "bucket-test",
      "object_key": "data/config.yaml",
      "version": "0[isNull=true,isLatest=false]"
    }
  }
}
For more details, see Structure and fields of events in Audit Logs.