Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ for Cloud Object Store Administrator's Guide
  3. Protecting Cloud object store assets
  4. About object change tracking
  5. Creating policy for the log bucket
NetBackup™ for Cloud Object Store Administrator's Guide

Creating policy for the log bucket

To create a log bucket policy using the Ceph console, refer to the IBM Storage Ceph documentation. This section describes how to create the policy using the S3 API.

Method: PUT

API endpoint: http://<IP-of-CEPH-server>:<CEPH-RGW-Port>/<source-bucket-name>?logging

Where:

  • IP-of-CEPH-server - IP address of the Ceph server.

  • CEPH-RGW-Port - Port of the S3 gateway.

  • source-bucket-name - the source bucket on which you want to enable bucket logging.

API payload:

{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Sid": "AllowLoggingFromSourceBucket",

      "Effect": "Allow",

      "Principal": {

        "Service": "logging.s3.amazonaws.com"

      },

      "Action": "s3:PutObject",

      "Resource": "arn:aws:s3:::<target-bucket-name>/*",

      "Condition": {

        "ArnLike": {

          "aws:SourceArn": "arn:aws:s3:::<source-bucket-name>"

        }

      }

    }

  ]

} 

Where:

  • <target-bucket-name> is the bucket where target logs are generated.

  • <source-bucket-name> is the bucket where you want to enable bucket logging.

Feedback

Was this page helpful?
Previous

Enable bucket logging for source buckets

Next

Additional storage requirements at the staging location

Feedback

Was this page helpful?