Monday, May 25, 2026

 OCI Service Connector Hub: Move Logs from OCI Logging to Object Storage

Oracle Cloud Infrastructure provides centralized logging through the OCI Logging service. Logs are very useful for troubleshooting, auditing, security review, and operational analysis. However, in many real-time environments, we may need to retain logs for a longer period, store them in a centralized location, or keep them for compliance and future analysis.

The Logs could be VCN Flow Logs, Load balancer Logs, API Gateway logs, Object storage logs or any custom logs. By doing this we can store logs beyond the default log retention period. OCI Object storage is perfect location to store logs and even we can store logs in the archive storage to reduce the cost.

OCI Connector Hub helps to move data between OCI services. It can move log data from OCI Logging to targets such as Object Storage, Streaming, Logging Analytics, Monitoring, Functions, and Notifications. For this article, we will configure a connector to move logs from OCI Logging to OCI Object Storage.

Prerequisites

Before starting this activity, make sure the following resources are available:

  • OCI tenancy access
  • Required compartment
  • OCI Logging enabled for any OCI service
  • Object Storage bucket
  • Permission to create Service Connector Hub connector
  • Permission to read logs and write objects into Object Storage

 

Step 1: Create Object Storage Bucket

First, we will create an Object Storage bucket to store archived logs.

Open the OCI Console.

Go to:

Storage → Object Storage & Archive Storage → Buckets

Choose the correct compartment and click Create Bucket, provide a bucket name.

Example:

oci-logging-archive-bucket

Keep the default storage tier as Standard unless Archive Storage is specifically required.

Click Create.

After the bucket is created, open the bucket and confirm that it is empty.

Step 2: Identify the Source Log in OCI Logging

Now we need to identify the log that we want to move into Object Storage.

Go to:

Observability & Management → Logging → Logs

Select the correct compartment.

Review the available log groups and logs.

For this article, select the log group and log that need to be archived.

Example:

Log group : VCN_Flow_logs

Log Name: VCN_Flow_Log_1

Open the log and confirm that log records are available.

Step 3: Create Service Connector

Now we will create the Service Connector.

Go to:

Analytics & AI → Messaging → Connector Hub

Click Create Connector.

Provide a connector name.

Example:

logging-to-object-storage-connector

Select the compartment where the connector should be created. Under Configure connector, select:

Source: Logging
Target: Object Storage

 

Step 4: Configure Source Connection

In the source connection section, select the log details.

Choose:

Compartment: <compartment where log exists>
Log Group: <log group name>
Logs: <log name>

If needed, we can add multiple logs by using the Another Log option.

For this article, we are selecting one log.

Step 5: Optional Filter Configuration

Service Connector Hub also allows filtering the log data before sending it to the target. This is useful when we do not want to archive every log record.

For example, in VCN Flow Logs, we may want to move only rejected traffic logs.Example filter idea:

data.action = 'REJECT'

For this article, we will not apply any filter. We will move all selected log records to Object Storage.

Step 6: Configure Target Connection

In the target connection section, select the Object Storage bucket.

Choose:

Compartment: <bucket compartment>
Bucket: oci-logging-archive-bucket

This is where the log files will be stored.

Step 7: Create Required Policy

While creating the connector, OCI may prompt us to create the required policy.

If prompted, click Create.

This policy allows the Service Connector to read from OCI Logging and write objects into the selected Object Storage bucket. By clicking Create button a policy statement gets created with below statement.

allow any-user to manage objects in compartment id ocid1.compartment.oc1..aaaaaaaa where all {request.principal.type='serviceconnector', target.bucket.name='oci-logging-archive-bucket', request.principal.compartment.id='ocid1.compartment.oc1..aaaaaaaaj'}

If the user is part of the Administrators group, this may already be allowed. Otherwise, proper IAM policies are required.

Step 8: Verify Connector Status

After the connector is created, open the connector details page.

Verify the connector status.

The connector should show as active.

Review the following details:

Source: Logging
Target: Object Storage
Status: Active

Step 9: Generate Log Activity

Now we need to generate some log activity.

The activity depends on the source log selected.

Examples:

For VCN Flow Logs:

  • Connect to a compute instance
  • Run ping, SSH, curl, or any network traffic
  • Generate accepted or rejected traffic based on security rules

For Load Balancer Logs:

  • Access the load balancer endpoint

For Object Storage Logs:

  • Upload or download an object

Wait for a few minutes for logs to be processed and delivered.

 

Step 10: Validate Logs in Object Storage

Go to:

Storage → Object Storage & Archive Storage → Buckets

Open the bucket:

oci-logging-archive-bucket

Check whether log objects are created. We should see objects created by the Service Connector.

Open the object and review the content.

The logs are usually delivered in structured format, and the object names are automatically generated.

 

Step 11: Download and Review the Log File

Download the log files from Object Storage.

Open the file in a text editor.

Review the log records.

Example fields may include:

datetime
logContent
data
source
type
oracle

 Example:

{"id":"de9bb2f0","time":"2026-05-25T17:18:56Z","oracle":{"compartmentid":"ocid1.compartment.oc1..aaaaaaaaj7vcmtjkoungbmz5x3o2di56ewryi54vcoj5e5qsas4r7h52fxiq","filterOcid:":"DEFAULT_CAPTURE_FILTER","ingestedtime":"2026-05-25T17:20:41.335Z","instanceOcid:":"VNICaaS:ocid1.vnic.oc1.iad.abuwcljtazluubqqhm7jz6vbd6ri2kz2e3jkyvqj6m6tbej2exo4znzrfohq","loggroupid":"ocid1.loggroup.oc1.iad.amaaaaaaq444raaanpcwllthfwrfc3cllmuvrqb5nbs37ahx2bbtwzjggxpq","logid":"ocid1.log.oc1.iad.amaaaaaaq444raaa5f6vthyw6ev647d4zfg367yfrkxd4susqlhr75jeidma","managed":"true","resourceId":"ocid1.privateendpoint.oc1.iad.aaaaaaaael4mvgs4m5connq4c2yfpvl7rcdkhwhdpbkovflfbs3ykkz5tpka","resourceType":"PrivateEndpoint","tenantid":"ocid1.tenancy.oc1..aaaaaaaacq5gprsqz26em4koaokcntrpey4adi7mzzgve53cm44ozbxa4z4a","vcnOcid":"ocid1.vcn.oc1.iad.amaaaaaaq444raaaffljepgvsc4dbzvq7cq4xeh7ufc76hmagrsqae4zhlvq","vniccompartmentocid":"ocid1.compartment.oc1..aaaaaaaaj7vcmtjkoungbmz5x3o2di56ewryi54vcoj5e5qsas4r7h52fxiq","vnicocid":"ocid1.vnic.oc1.iad.abuwcljtazluubqqhm7jz6vbd6ri2kz2e3jkyvqj6m6tbej2exo4znzrfohq","vnicsubnetocid":"ocid1.subnet.oc1.iad.aaaaaaaaazzsdkncfvrvco6vbt5ctxwzz22gmqfh7uwlldmxa732phlzg3ma"},"source":"-","specversion":"1.0","subject":"-","type":"com.oraclecloud.vcn.flowlogs.QualityEvent.NoData","data":{"flowid":"de9bb2f0","version":"2","status":"NODATA","startTime":1779729536,"endTime":1779729597}}

 

The exact fields depend on the OCI service log type. This confirms that logs are successfully moved from OCI Logging to Object Storage.

 

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

  OCI Service Connector Hub: Move Logs from OCI Logging to Object Storage Oracle Cloud Infrastructure provides centralized logging through...

  • (no title)
        OCI - Vision The very common use case seen today is image recognition and detecting objects within that image. The image could have docu...
  • (no title)
      OCI Resource Manager OCI Resource manager is an automation tool for infrastructure. It can be considered as Infrastructure as a code too...
  • (no title)
    Installation of OCI Command line OCI CLI (Oracle Cloud Infrastructure Command Line Interface) is a powerful tool that allows users to mana...