# Audit S3 APIs

S3 API calls can generate JSON events that webhook target applications can receive as a stream of events and for auditing and analysis purposes. Webhook applications like Splunk must be configured to accept the events stream and provide it with an authentication token.

Enabling an audit webhook comes instead of the `BucketLogging` S3 APIs. The purpose of the audit logs is to indicate the nature of traffic.

{% hint style="info" %}
If the WEKA cluster disconnects from the webhook application or the S3 clusters' internal events buffer fills up, events are thrown away. It is recommended to monitor the external webhook target application's availability.
{% endhint %}

**Related topics**

[Configure audit webhook using the GUI](/4.3/additional-protocols/s3/audit-s3-apis/configure-audit-webhook-using-the-gui.md)

[Configure audit webhook using the CLI](/4.3/additional-protocols/s3/audit-s3-apis/audit-s3-apis.md)

[Example: How to use Splunk to audit S3](/4.3/additional-protocols/s3/audit-s3-apis/audit-s3-apis-1.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.weka.io/4.3/additional-protocols/s3/audit-s3-apis.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.