OUTSCALE Monitoring Services (OMS) allows you to trace and monitor your OUTSCALE API calls.

OMS logs the requests and responses of the API calls performed by your account. Each log records information such as what IP address performed the event, the resources that were affected by the event, the time at which the event occurred, and more.

Retrieving and analyzing these logs can, for example, serve as part of a strategy to detect anomalies and other malicious use on your account.

The following topics are discussed: 

Scope

OMS logs calls that were performed with the OUTSCALE API.

It does not log:

  • Calls performed with the OUTSCALE Object Storage (OOS), Object Storage Unit (OSU), and AWS-compliant APIs.
  • Unauthorized calls (response status code 401) and invalid calls (response status code 404).


ReadApiLogs Method

Basic Use

You can retrieve your logs with the ReadApiLogs method. A log is available for 30 days after the corresponding event occurs.

Request sample
$ osc-cli api ReadApiLogs
Response sample (with one log)
{
    "Logs": [ {
        "AccountId": "12345678",
        "CallDuration": 120,
        "QueryAccessKey": "ABCDEFGHIJKLMNOPQRST",
        "QueryApiName": "oapi",
        "QueryApiVersion": "1.10",
        "QueryCallName": "CreateVolume",
        "QueryDate": "2021-04-21T13:45:14.892066Z",
        "QueryHeaderRaw": "Host: api.eu-west-2.outscale.com\\nAccept: */*\\nConnection: close\\nUser-agent: osc_sdk 1.5\\nX-Osc-Date: 20210421T134514Z\\nContent-Type: application/json\\nx-osc-target: OutscaleService.CreateVolume\\nAuthorization: OSC4-HMAC-SHA256 Credential=ABCDEFGHIJKLMNOPQRST/20210421/eu-west-2/api/osc4_request, SignedHeaders=host;x-osc-date;x-osc-target, Signature=b3bbc12fc0ca1a6f9f34145672b9bfcdc3b3bc99992cbd4bf73ca2d0f988ce72\\nContent-Length: 69\\nAccept-Encoding: gzip, deflate\\nX-Forwarded-For: 11.11.11.11",
        "QueryHeaderSize": 501,
        "QueryIpAddress": "11.11.11.11",
        "QueryPayloadRaw": "{\\\"Size\\\": 10, \\\"SubregionName\\\": \\\"eu-west-2a\\\", \\\"VolumeType\\\": \\\"standard\\\"}",
        "QueryPayloadSize": 79,
        "QueryUserAgent": "osc_sdk 1.5",
        "RequestId": "62b859af-079d-4d0b-bfa7-b060122044a7",
        "ResponseSize": 220,
        "ResponseStatusCode": 200
    } ]
}
  • If used by an EIM user, ReadApiLogs returns all possible logs of the account and not just the logs of the EIM user.
  • Currently, the QueryPayLoadRaw element is returned with excess escape characters. This will be modified in a later version of OMS.


Filter Behavior

The quantity of logs retrieved can be very large. You can therefore use filters to make your request more specific and therefore limit the size of the output.

Request sample
$ osc-cli api ReadApiLogs --Filters '{ \
    "ResponseStatusCode": [500, 501], \
    "QueryIpAddress": ["255.255.255.254", "255.255.255.255"] \
}'

If you use multiple filters at the same time, these filters will be combined according to an AND logic.

If you specify multiple values within one filter, these values will be combined according to an OR logic.

Therefore, in the above example, the logic is:

(ResponseStatusCode = 500 OR ResponseStatusCode = 501) AND (QueryIpAddress = 255.255.255.254 OR QueryIpAddress = 255.255.255.255)


Log Elements

You can use the With parameter to choose the response elements that you want to display in each retrieved log.

Request sample
$ osc-cli api ReadApiLogs --With '{"QueryIpAddress": True}'
Response sample (with one log)
{
    "Logs": [ {
        "AccountId": "12345678",
        "QueryIpAddress": "11.11.11.11",
        "RequestId": "62b859af-079d-4d0b-bfa7-b060122044a7"
    } ]
}

If With is not specified, all available response elements are displayed, as in the first example of this page.

If With is specified, by default AccountId and RequestId are also included in the response unless you explicitly specify them as false.


Processing order

A ReadApiLogs request is processed as follows:

  1. Filters are applied to retrieve only the events corresponding to your request. If no event corresponds to the filters, an empty list is returned.
  2. Retrieved events are ordered by date, from the oldest item to the newest item.
  3. The NextPageToken and ResultPerPage parameters are applied to paginate the results.
  4. The With parameter is applied to determine the content displayed in each retrieved log.


Corresponding API Method


AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.