# Audit S3 APIs Configuring HTTP webhooks for S3 API operations enables the capture of detailed audit logs, which are essential for analyzing access patterns, supporting security and compliance initiatives, and troubleshooting issues in S3 interactions. S3 API calls can generate JSON-formatted audit events, which are streamed to target applications such as Splunk for real-time monitoring and analysis. This approach replaces the legacy `BucketLogging` S3 APIs with a more robust and scalable auditing solution. Each event provides granular details about the operation, including the request type, object affected, requester identity, and network metadata. For example, an audit event generated by a `PutObject` operation includes fields such as the bucket name, object key, operation status, client IP address, user agent, and the WEKA cluster information that processed the request. These elements are crucial for tracing user activity, validating policy compliance, and performing forensic investigations. By understanding the structure and key fields in these logs, users can ensure that operations conform to expected behavior and promptly identify unauthorized access. {% hint style="info" %} If the WEKA cluster loses connectivity to the configured webhook application or if the internal event buffer reaches capacity, audit events are discarded. To avoid data loss, it is strongly recommended that the availability and performance of the external webhook target be continuously monitored. {% endhint %} **Related topics** [Configure audit webhook using the GUI](/additional-protocols/s3/audit-s3-apis/configure-audit-webhook-using-the-gui.md) [Configure audit webhook using the CLI](/additional-protocols/s3/audit-s3-apis/audit-s3-apis.md) [Example: How to use Splunk to audit S3](/additional-protocols/s3/audit-s3-apis/audit-s3-apis-1.md) [Example: How to use S3 audit events for tracking and security](/additional-protocols/s3/audit-s3-apis/example-how-to-use-s3-audit-events-for-tracking-and-security.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.weka.io/additional-protocols/s3/audit-s3-apis.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.