Contents x
How to Enable and Manage Bucket Access Logs in the Enterprise Web Console
    • Print
    • Dark
      Light
    Contents

    How to Enable and Manage Bucket Access Logs in the Enterprise Web Console

      • Print
      • Dark
        Light
      Article summary

      Backblaze Bucket Access Logs contain detailed records about requests made on a bucket. Information such as the time and date of requests, request types, and specified resources can be included in these access logs. Bucket Access Logs are intended to help facilitate general data security and compliance requirements, as well as troubleshooting and monitoring.

      Backblaze does not collect Bucket Access Logs by default. To start collecting data on a bucket, you will need to enable access logging at the bucket level on the desired source bucket (the bucket for which you would like to monitor activity) and select a destination bucket to which Backblaze will deliver the logs.

      Notes

      • You must have the Administrator role to update any bucket settings.

      • Access log files are stored as objects in the destination bucket and are included in storage usage calculations for billing.

      Buckets with Object Lock enabled during access log configuration are filtered out; enabling Object Lock after configuration causes the access log service to fail, which may not be reflected in the enterprise web console.

      For more information, see the Bucket Access Logs Quickstart Guide.

      Prefix Paths

      A prefix path lets you optionally add structure to how access logs are stored within the selected destination bucket (the bucket itself is chosen from the dropdown). Enter a prefix to organize logs, using forward slashes (/) to create a folder-like hierarchy if desired. The prefix does not need to end in a /, though adding one can help clearly define a folder structure.

      For example, if multiple source buckets send access logs to the same destination bucket, you might include the source bucket name in the prefix:

      • logs/bucket123/

      • logs/bucket456/

      • logs/bucket789/

      This keeps each source bucket’s access logs in its own folder. Your prefix structure may also depend on the file naming pattern you prefer to use.

      File Name Formats

      To support AWS S3-compatibility, Bucket Access Logs follow the AWS S3 naming pattern for object log names.

      Example Log File Name:

      prefix/0883dc05e9a6/us-west-100/example-log-name/2025/03/27/2025-03-27-15-12-52-[UniqueString]

      Bucket Access Logs can have two different log object key formats:

      • Non-date-based partitioning This is the default log object key format:
        [DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]

      • Date-based partitioning If you choose date-based partitioning, you can choose the event time or delivery time for the log file as the date source used in the log format. This format makes it easier to query the logs:
        [DestinationPrefix]/[SourceAccountId]/[SourceRegion]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]

      Data Sources

      If you select the structured format, you must choose a Data Source, which determines how the timestamp is generated.

      B2 Event Time

      • The date in the file name reflects when the events occurred in Backblaze B2.

      • The year, month, and day correspond to when the logged activity happened.

      • The time portion (hour, minute, and second) is set to 00 to indicate day-level grouping.

      • Backblaze recommends this option for analytics and querying because log files are organized by the date the activity occurred.

      Log File Delivery Time

      • The timestamp in the file name reflects when the log file was successfully delivered to Backblaze B2.

      • The date and time represent when the system wrote the completed log file to the destination bucket.

      • This may differ from when the events inside the file actually occurred.

      • This option is useful for operational monitoring or tracking log delivery timing.

      Enable and Configure Access Logs

      The Administrator role is required to enable and configure access logs.

      1. Sign in to your Backblaze organization.

      2. In the left navigation menu, select Buckets.

      3. Select the bucket name.

      4. Click Settings.

      5. On the Access Logs tab, enable Access Logging.

        1. Select a destination bucket.
          The destination bucket must be in the same region as the source bucket and cannot be the same bucket as the source.

        2. (Optional) Enter a prefix path.

        3. Select a file name format.

        4. If applicable, select a data source.

        5. Verify that the example log file name displayed in the interface matches your expected structure and timestamp format.

      6. Click Save.

      If the destination bucket is deleted or becomes inaccessible at any time, logging stops and the following message appears in the Access Logs field:

      Destination bucket is not found or inaccessible. Logging stopped.

      To resume logging, select a valid destination bucket and save the configuration again.

      Disable Access Logs

      The Administrator role is required to disable access logs.

      1. In the left navigation menu, select Buckets.

      2. Select the bucket name.

      3. Click Settings.

      4. Select the Access Logs tab.

      5. Toggle Access Logging to disabled.

      6. Click Save.

      View Access Logs

      Permission to view the contents of the destination bucket is required to view access logs. Multiple buckets may be configured to store access log files.

      1. In the left navigation menu, select Buckets.

      2. Select the destination bucket that contains your access logs.

      3. Select the Objects tab.

      4. Select the folder that contains your access logs.

      5. Click to download the file.

      6. Click to share the file with a pre-signed URL.

      7. Click to delete the file.

      Was this article helpful?
      Related articles
      What's Next