Audit S3 APIs

This page describes how to set up an HTTP webhook for S3 audit purposes.

S3 API calls can generate JSON events that webhook target applications can receive as a stream of events and for auditing and analysis purposes. Webhook applications like Splunk must be configured to accept the events stream and provide it with an authentication token.

Enabling an audit webhook comes instead of the BucketLogging S3 APIs. The purpose of the audit logs is to indicate the nature of traffic.

If the WEKA cluster disconnects from the webhook application or the S3 clusters' internal events buffer fills up, events are thrown away. It is recommended to monitor the external webhook target application's availability.

Related topics

Configure audit webhook using the GUI

Configure audit webhook using the CLI

Example: How to use Splunk to audit S3

Last updated