About OUTSCALE Monitoring Services (OMS)

OUTSCALE Monitoring Services (OMS) allows you to trace and monitor your OUTSCALE API calls.

OMS logs the requests and responses of the API calls performed by your account. Each log records information such as what IP performed the event, the resources that were affected by the event, the time at which the event occurred, and more.

Retrieving and analyzing these logs can, for example, serve as part of a strategy to detect anomalies and other malicious use on your account.

Scope

OMS logs calls that were performed with the OUTSCALE API.

It does not log:

  • Calls performed with the OUTSCALE Object Storage (OOS) and AWS-compliant APIs.

  • Unauthorized calls (response status code 401) and invalid calls (response status code 404).

If used by an EIM user, OMS retrieves all possible logs of the account and not just the logs of the EIM user.

ReadApiLogs Method

Basic Use

You can retrieve your logs with the ReadApiLogs method. A log is available for 32 days after the corresponding event occurs.

Request sample
$ osc-cli api ReadApiLogs
Response sample (with one log)
{
    "Logs": [
        {
            "AccountId": "123456780123",
            "CallDuration": 93,
            "QueryAccessKey": "ABCDEFGHIJKLMNOPQRST",
            "QueryApiName": "oapi",
            "QueryApiVersion": "1.14",
            "QueryCallName": "CreateVolume",
            "QueryDate": "2021-08-11T09:55:02.842375Z",
            "QueryHeaderRaw": "Host: api.eu-west-2.outscale.com\\nAccept: */*\\nConnection: close\\nUser-agent: osc_sdk 1.5\\nX-Osc-Date: 20210811T095502Z\\nContent-Type: application/json\\nx-osc-target: OutscaleService.CreateVolume\\nAuthorization: *****\\nContent-Length: 69\\nAccept-Encoding: gzip, deflate\\nX-Forwarded-For: 11.111.111.111",
            "QueryHeaderSize": 302,
            "QueryIpAddress": "11.111.111.111",
            "QueryPayloadRaw": "{\"Size\": 10, \"SubregionName\": \"eu-west-2a\", \"VolumeType\": \"standard\"}",
            "QueryPayloadSize": 69,
            "QueryUserAgent": "osc_sdk 1.5",
            "RequestId": "8aac17df-ca98-48c7-9f00-181205675fbc",
            "ResponseSize": 220,
            "ResponseStatusCode": 200
        }
    ]
}
  • You can use this method as part of a script, for example to archive your logs. For more information, see Tutorial: Archiving Your API Logs.

  • You can use the With parameter to hide some response elements in the retrieved logs.

Filter Behavior

The quantity of logs retrieved can be very large. You can therefore use filters to make your request more specific and therefore limit the size of the output.

Request sample
$ osc-cli api ReadApiLogs --Filters '{ \
    "ResponseStatusCode": [500, 501], \
    "QueryIpAddress": ["255.255.255.254", "255.255.255.255"] \
}'

If you use multiple filters at the same time, these filters will be combined according to an AND logic.

If you specify multiple values within one filter, these values will be combined according to an OR logic.

Therefore, in the above example, the logic is:

(ResponseStatusCode = 500 OR ResponseStatusCode = 501) AND (QueryIpAddress = 255.255.255.254 OR QueryIpAddress = 255.255.255.255)

Processing order

A ReadApiLogs request is processed as follows:

  1. Filters are applied to retrieve only the events corresponding to your request. If no event corresponds to the filters, an empty list is returned.

  2. Retrieved events are ordered by date, from the oldest item to the newest item.

  3. The NextPageToken and ResultPerPage parameters are applied to paginate the results.

  4. The With parameter is applied to determine the content displayed in each retrieved log.

Related Pages

Corresponding API Method

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.