Service Logs

Oracle Cloud Infrastructure services emit service logs. Each of these supported services has a Logs resource that allows you to enable or disable logging for that service.

Enabling Logging for a Resource

Logs can be enabled in two places: directly on the resource itself, or on the central Logs page. When you enable a log on a specific resource, you specify the category. Different resources can have different categories. For example, rules in the Events Service have the Logs resource available for logging management. The rule can issue a log according to the category listed in the corresponding Category field. On this page, the logs are listed that the resource can create.


For Site-to-Site VPN logs, an error is displayed on the log details page if you attempt to enable logs for a v1 Site-to-Site VPN connection. Only v2 connections are supported.

When a log object is in an invalid state after failing (CREATING, DELETING, UPDATING), the only action available will be to delete the object. You can use the CLI to retrieve the logs of the work flow, to identify the nature of the failure (for example, a resource not found, an operation was not allowed on the resource, an internal failure, and so on). See Using the Command Line Interface (CLI) for more information on logging CLI commands.

Enabling Logging from the Resource page

For Oracle Cloud Infrastructure services that are compatible with Logging, the Logs resource allows you to manage the logs issued by the resource. You can view the following information:
  • Category
  • Status
  • Log name
  • Log group
In addition, you can enable or disable logging, edit the log, or delete it (the last two options are available in the action menu). When enabling logging, you also create the log object itself.

For a newly created resource, logging is automatically enabled. For a resource you want to enable logging on, under Resources click Logs, and then toggle Enable Logging. The Create Log panel is displayed, and the entry fields are pre-populated:

  • Compartment (the same as your resource)
  • Log Group: The first log group in your compartment. You can select another log group, or create a new group by clicking Create New Group.
  • Log Name: Pre-populated as the name of your resource and the category, which are combined with an underscore (<resource>_<category>). For example, if the resource is named "resource" and the category is "ruleexecutionlog", the log name is "resource_ruleexecutionlog".
  • Log Retention: The default retention period for the log. You can select a different retention period.

After logging is enabled, you can click the link under Log name or Log group to view the log details or log group details pages, respectively.

To disable logging, toggle the Enable log control, which displays a disable logging confirmation dialog. Click Disable Log to confirm. The Status field is set to INACTIVE to indicate the inactive status.

When creating a log, a log object is established. To delete the log, select Delete from the action menu. A confirmation is displayed confirming whether you want to delete the log. After clicking Delete, this removes the log object, as opposed to disabling it (which means the log object still exists but does not record new data into it).

Enabling Logging on the Logs page

  1. Open the navigation menu and click Observability & Management. Under Logging, click Logs. The Logs page is displayed.
  2. Click Enable service log. The Enable Resource Log panel is displayed.
  3. Under Select Resource, Resource Compartment, choose a compartment you have permission to work in.

    You can type in the list box to perform a filtered search of all compartments in the tenancy.
  4. Select the service for which you want to enable resource logging from the Service list (see Supported Services for the available services).
  5. In Resource select a resource.
  6. Configure the log:
    • In Log Category select a log category to specify the type of log to create. For example, Object Storage buckets have categories for read and write. Select read to enable a log with only read events. Select write for a log with only write events.

      You can only have one log for any combination of service, resource, and log category. For example, Object Storage buckets have two categories: read and write. Therefore:

      • You can enable a single read log and a single write log for every bucket in your tenancy.
      • You cannot enable more than two logs (one read and one write) for any one bucket.
    • In Log Name, type a name for the log. See Log and Log Group Names for more information. Avoid entering confidential information. Select Enable Legacy Archival Logs to automatically create a bucket in your compartment, and place a copy of your log there. See Legacy Archival for more information.

  7. To specify the log location (click Show Advanced Options if necessary):
    • In Compartment, select the compartment for the log.

      You can type in the list box to perform a filtered search of all compartments in the tenancy.
    • In Log Group, select a log group for the log.

      To create a new log group, click Create New Group.
  8. In Log Retention, select a value from the list:
    • 1 month (the default)
    • 2 months
    • 3 months
    • 4 months
    • 5 months
    • 6 months
  9. Apply any tagging-related information in the Tag Namespace, Tag Key, and Value fields.
  10. Click Enable Log.
The Log detail page is displayed, and the log is in the process of being created (a "Creating log" message is displayed). See Using the Console for more information on viewing and using this page.