Enabling Logging for a Resource

Service logs can be enabled directly on the resource itself, on the Logs page, or on a log group details page.

When you enable a service log on a specific resource, you specify the category. Different resources can have different categories. For example, rules in the Events Service have the Logs resource available for logging management. The rule can issue a log according to the category listed in the corresponding Category field. On this page, the logs are listed that the resource can create.

Note

For Site-to-Site VPN logs, an error is displayed on the log details page if you try to enable logs for a v1 Site-to-Site VPN connection. Only v2 connections are supported.
Note

When a log object is in an invalid state after failing (CREATING, DELETING, UPDATING), the only action available will be to delete the object. You can use the CLI to retrieve the logs of the work flow, to identify the nature of the failure (for example, a resource not found, an operation wasn't allowed on the resource, an internal failure, and so on). See CLI Examples for more information on logging CLI commands.

For more information on enabling a log on the Logs page, see Enabling Logging on the Logs page.

Enabling Logging from a Service's Resource page

For Oracle Cloud Infrastructure services that are compatible with Logging, the Logs resource allows you to manage the logs issued by the resource. You can view the following information:
  • Category
  • Status
  • Log name
  • Log group
In addition, you can enable or disable logging, edit the log, or delete it (the last two options are available in the action menu). When enabling logging, you also create the log object itself.

For a newly created resource, logging is automatically enabled. For a resource you want to enable logging on, under Resources click Logs, and then turn on Enable Logging. The Create Log panel is displayed, and the entry fields are already filled:

  • Compartment (the same as your resource)
  • Log Group: The first log group in your compartment. You can select another log group, or create a new group by clicking Create New Group.
  • Log Name: Already filled as the name of your resource and the category, which are combined with an underscore (<resource>_<category>). For example, if the resource is named "resource" and the category is "ruleexecutionlog", the log name is "resource_ruleexecutionlog".
  • Log Retention: The default retention period for the log in 30-day increments, up to a maximum of 180 days. You can select a different retention period.
    Note

    If you change the retention period from six months to one month, all the logs older than one month will no longer be accessible. For example, if changing from one month to six months, logs will not be available after one month, and six-month old logs will not be available.

    Furthermore, the future time and date that a log no longer becomes available is based on the exact time and date that you created the log. For example, if you created a log on July 21 at 15:05 UTC with a retention period of three months, then on October 19 at 15:05 the log will no longer be searchable.

After logging is enabled, you can click the link under Log name or Log group to view the log details or log group details pages.

To disable logging, toggle the Enable log control, which displays a disable logging confirmation dialog. Click Disable Log to confirm. The Status field is set to INACTIVE to indicate the inactive status.

When creating a log, a log object is established. To delete the log, select Delete from the action menu. A confirmation is displayed confirming whether you want to delete the log. After clicking Delete, this removes the log object, instead of disabling it (which means the log object still exists but doesn't record new data into it).

Enabling Logging on the Logs page

  1. Open the navigation menu and click Observability & Management. Under Logging, click Logs.
  2. Click Enable service log. The Logging details per service panel opens.

    The services that support logging are listed in the Service column, or search for a service in the Search services field.

  3. Under the Action column, click Enable Logs for the service you want to enable logs for. The Enable Resource Log panel opens.
  4. Under Select Resource, Resource Compartment, choose a compartment you have permission to work in.
    Tip

    You can type in the list box to perform a filtered search of all compartments in the tenancy.
  5. The service that you want to enable resource logging for is already selected in the Service list.
  6. In Resource select a resource.
  7. Under Log Location, configure the log location:
    • In Compartment, select the compartment for the log.
      Tip

      You can type in the list box to perform a filtered search of all compartments in the tenancy.
    • In Log Group, select a log group for the log.
      Tip

      To create a new log group, click Create New Group.
  8. Under Configure Log Location, configure the log:
    • In Log Category select a log category to specify the type of log to create. For example, Object Storage buckets have categories for read and write. Select Read Access Events to enable a log with only read events. Select Write Access Events for a log with only write events. Or select All categories for both.

      You can only have one log for any combination of service, resource, and log category. For example, Object Storage buckets have two categories: read and write. Therefore:

      • You can enable a single read log and a single write log for every bucket in your tenancy.
      • You can't enable more than two logs (one read and one write) for any one bucket.
    • Optionally, in Log Name, type a name for the log. See Log and Log Group Names for more information. Avoid entering confidential information. Select Enable Legacy Archival Logs to automatically create a bucket in your compartment, and place a copy of your log there. See Legacy Archival for more information.

  9. Click Show Advanced Options. In Log Retention, select a value from the list:
    Note

    If you change the retention period from six months to one month, all the logs older than one month will no longer be accessible. For example, if changing from one month to six months, logs will not be available after one month, and six-month old logs will not be available.

    Furthermore, the future time and date that a log no longer becomes available is based on the exact time and date that you created the log. For example, if you created a log on July 21 at 15:05 UTC with a retention period of three months, then on October 19 at 15:05 the log will no longer be searchable.

    • 1 month (the default) (30 days)
    • 2 months (60 days)
    • 3 months (90 days)
    • 4 months (120 days)
    • 5 months (150 days)
    • 6 months (180 days)
  10. Apply any tagging-related information in the Tag namespace, Tag key, and Tag value fields. For more information, see Tagging.
  11. Click Enable Log.
The log details page is displayed, and shows the log is in the process of being created (a "Creating log" message is displayed). See Getting a Log's Details for more information.

Enabling Logging in Log Group Details

  1. Open the navigation menu and click Observability & Management. Under Logging, click Log Groups.
  2. Under List scope, Compartment, choose a compartment you have permission to work in.
  3. Under Log Group, click the name of the log group you want to enable servcie logs for.
  4. Follow the same steps as described in Enabling Logging on the Logs page.