Object delete transactions
You can identify object delete transactions in the audit log by locating S3 API-specific audit messages.
Not all audit messages generated during a delete transaction are listed in the following tables. Only messages required to trace the delete transaction are included.
S3 delete audit messages
Code | Name | Description | Trace | See |
---|---|---|---|---|
SDEL |
S3 Delete |
Request made to delete the object from a bucket. |
CBID, S3KY |
Swift delete audit messages
Code | Name | Description | Trace | See |
---|---|---|---|---|
WDEL |
Swift Delete |
Request made to delete the object from a container, or the container. |
CBID, WOBJ |
Example: S3 object deletion
When an S3 client deletes an object from a Storage Node (LDR service), an audit message is generated and saved to the audit log.
Not all audit messages generated during a delete transaction are listed in the example below. Only those related to the S3 delete transaction (SDEL) are listed. |
SDEL: S3 Delete
Object deletion begins when the client sends a DeleteObject request to an LDR service. The message contains the bucket from which to delete the object and the object's S3 Key, which is used to identify the object.
2017-07-17T21:17:58.959669[AUDT:[RSLT(FC32):SUCS][TIME(UI64):14316][SAIP(IPAD):"10.96.112.29"][S3AI(CSTR):"70899244468554783528"][SACC(CSTR):"test"][S3AK(CSTR):"SGKHyalRU_5cLflqajtaFmxJn946lAWRJfBF33gAOg=="][SUSR(CSTR):"urn:sgws:identity::70899244468554783528:root"][SBAI(CSTR):"70899244468554783528"][SBAC(CSTR):"test"]\[S3BK\(CSTR\):"example"\]\[S3KY\(CSTR\):"testobject-0-7"\][CBID\(UI64\):0x339F21C5A6964D89][CSIZ(UI64):30720][AVER(UI32):10][ATIM(UI64):150032627859669][ATYP\(FC32\):SDEL][ANID(UI32):12086324][AMID(FC32):S3RQ][ATID(UI64):4727861330952970593]]