Does Wasabi support data access auditing? (Bucket Logging)

Yes, customers can optionally configure Wasabi buckets to create access log records for all requests made against it. These access log records can be used for audit purposes and contain details about the request, such as the request type, the resources specified in the request, and the time and date the request was processed.

Our Bucket Logs follow the same structure as AWS (https://docs.aws.amazon.com/AmazonS3/latest/dev/LogFormat.html)

The column headers included are:

Canonical Userid Total Time
bucket Turn-Around Time
Time Referrer
Remote IP User-Agent
Requester Version Id
Request ID Host Id
Operation,Key Signature Version
Request-URI Cipher Suite
HTTP Status Authentication Type
Error Code  Host Header
Bytes Sent  TLS Version
 Object Size  

 

For example:

Canonical Userid,bucket,Time,Remote IP,Requester,Request ID,Operation,Key,Request-URI,,HTTP Status,Error Code,Bytes Sent,Object Size,Total Time,Turn-Around Time,Referrer,User-Agent,Version Id,Host Id,Signature Version,Cipher Suite,Authentication Type,Host Header,TLS Version

64FC53EBEA41CD99146391187E793B721167132B88F80CB6D63D39A3CABCDEFG readynas-bucket-eu [03/Jan/2020:13:52:29 +0000] 192.168.1.234 64FC53EBEA41CD99146391187E793B721167132B88F80CB6D63D39A3CABCDEFG 2DB819D68A987654 REST.GET.BUCKET - "GET /?list-type=2&max-keys=1000&prefix=" 200 - - 0 654 81 "" "DORAYAKI/1.0" -

You can review this in the Wasabi Management Console User Guide in the Enable/Disable Bucket Logging Section. 

 

NOTE: 

Do NOT set your logging bucket to be the monitored bucket. It will create a logging loop, and your bucket will grow in size exponentially. Hence please be sure to collect logs at a new destination bucket.

 

 

Have more questions? Submit a request