Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ for Cloud Object Store Administrator's Guide
  3. Protecting Cloud object store assets
  4. About object change tracking
  5. Enable bucket logging for source buckets
NetBackup™ for Cloud Object Store Administrator's Guide

Enable bucket logging for source buckets

Refer to the IBM Storage Ceph documentation to enable bucket logging on the source bucket using the Ceph console. This section explains how to enable bucket logging using the S3 API.

Method: PUT

API Endpoint:

http://<IP-of-CEPH-server>:<CEPH-RGW-Port>/<source-bucket-name>?logging

Where:

  • IP-of-CEPH-server - IP address of the Ceph server.

  • CEPH-RGW-Port - Port of the S3 gateway.

  • source-bucket-name - the source bucket on which you want to enable bucket logging.

API payload:

<?xml version="1.0" encoding="UTF-8"?>

<BucketLoggingStatus xmlns="http://s3.amazonaws.com/doc/2006-03-01/">

    <LoggingEnabled>

        <TargetBucket><target-bucket-name></TargetBucket>

        <TargetPrefix><target-prefix></TargetPrefix>

        <ObjectRollTime>300</ObjectRollTime>

        <LoggingType>Journal</LoggingType>

        <RecordsBatchSize>0</RecordsBatchSize>

        <TargetObjectKeyFormat>

            <PartitionedPrefix>

                <PartitionDateSource>EventTime</PartitionDateSource>

            </PartitionedPrefix>

        </TargetObjectKeyFormat>

    </LoggingEnabled>

</BucketLoggingStatus>

Where:

  • <target-bucket-name> is the bucket where target logs are generated.

  • <target-prefix> defines the prefix (path) that Amazon S3 uses to store log files in the target bucket. For example, the logs may be stored as:

    s3://target-bucket-name/targetPrefix/2025-10-28-12-34-56-123456789ABCDEF

  • ObjectRollTime specifies how often the logging system rotates log files - closing the current log object and starting a new one.

  • LoggingType specifies the format or mode used to write logs to the target bucket. Must be Journal.

  • RecordsBatchSize specifies the number of log records (events) the system collects before writing them to the target log object.

  • PartitionDateSource specifies which timestamp the logging system uses to create date-based partitions (subfolders) for log objects in the target bucket. Must be EventTime.

Verify bucket logging using S3 API

Method: GET

API Endpoint:

http://<IP-of-CEPH-server>:<CEPH-RGW-Port>/<source-bucket-name>?logging

Where:

  • IP-of-CEPH-server - IP address of the Ceph server.

  • CEPH-RGW-Port - Port of the S3 gateway.

  • source-bucket-name - the source bucket on which you want to enable bucket logging.

Expected output:

   <BucketLoggingStatus xmlns="http://s3.amazonaws.com/doc/2006-03-01/">

    <LoggingEnabled> 

        <TargetBucket>log-destination</TargetBucket> 

        <TargetPrefix>abc/</TargetPrefix> 

        <ObjectRollTime>300</ObjectRollTime> 

        <LoggingType>Journal</LoggingType> 

        <RecordsBatchSize>0</RecordsBatchSize> 

        <TargetObjectKeyFormat> 

            <PartitionedPrefix> 

                <PartitionDateSource>EventTime</PartitionDateSource> 

            </PartitionedPrefix> 

        </TargetObjectKeyFormat> 

    </LoggingEnabled> 

</BucketLoggingStatus> 

Feedback

Was this page helpful?
Previous

Configuration guidelines for IBM Storage Ceph

Next

Creating policy for the log bucket

Feedback

Was this page helpful?