Pushing logs from OVHcloud KMS to Logs Data Platform

Contact us

Analyze KMS logs through LDP

Knowledge Base

KB0070885

70 Views

18.06.2025

Cloud / Logs Data Platform

Objective

This guide aims to introduce logs generated by OVHcloud KMS and how they are managed from Logs Data Platform.

Requirements

Instructions

Description

OVHcloud KMS has a native integration with Logs Data Platform for logs management.

Logs direct access

KMS logs are available from each KMS Logs tab.

This tab displays all KMS logsin real time. A selector allows to switch display between the two types of logs:

REST API audit logs.
KMIP audit logs.

Logs access through LDP

From the Logs tab, you can subscribe to an LDP data stream. Once the subscription is enabled, all the logs will be pushed to Logs Data Platform to archive generated logs and perform advanced searches, create alerts and visualisations.

For more information, please refer to our guide "Quick start for Logs Data Platform".

Available logs details

KMS logs contain the following information:

REST API

Logs are displayed with this format:

{{ http_method }} {{ http_path }} - {{ http_status }} - identity: {{ iam_identities }} - operation: {{ iam_operation }} on {{ res_urn }} - from {{ip}} with certificate {{cert_id}} - request id: {{ request_id }}

Example:

INFO | GET /v1/servicekey/77f0a3f6-c2ef-4e76-xxxx-xxxxxxxxxxxx - 200 - identity: urn:v1:eu:identity:group:xx1111-ovh/john.smith - operation: okms:apiovh:serviceKey/get on urn:v1:eu:resource:okms:8d1c84cc-1128-4629-xxxx-xxxxxxxxxx/serviceKey/77f0a3f6-c2ef-4e76-xxxx-xxxxxxxxxxxx - from Manager/APIv2 - request id: EU.manager-5.684c3abe.3880620.2080cff16eaa5539bf92cxxxxxxxx

Elements that can be pushed to Logs Data Platform:

Field	Description
domain_id	OKMS domain ID
request_id	request ID
type
log_level	Log priority level
client_ip	IP of the client making the request
tls_cert_id	Authentication certificate ID used
res_urn	target resource URN
region	OKMS domain region
iam_operation	IAM action evalutated
iam_identities	IAM identity used for rights evaluation
http_path	Request path
http_status	HTTP answer status
http_method	Request method
err_category	Error category

KMIP

Logs are displayed with this format:

{{ http_method }} {{ http_path }} - {{ http_status }} - identity: {{ iam_identities }} - operation: {{ iam_operation }} on {{ res_urn }} - from {{ip}} with certificate {{cert_id}} - request id: {{ request_id }}

Example:

INFO | GET on urn:v1:eu:resource:okms:8d1c84cc-1128-4629-xxxx-xxxxxxxxxxx/kmip/ff55638c-3e86-4cb3-xxxx-xxxxxxxx - identity: urn:v1:eu:identity:account:xx1111-ovh - operation: okms:kmip:get - from XXX.XXX.XXX.XXX with certificate e7850a19-a5de-4527-xxxx-xxxxxxxxx - request id: OKMS.db61c455-abfa-4a66-xxxx-xxxxxxxxxxx

Elements that can be pushed to Logs Data Platform:

Field	Description
domain_id	OKMS domain ID
request_id	Request ID
log_level	Log priority level
client_ip	IP of the client making the request
tls_cert_id	Authentication certificate ID used
res_urn	Target resource URN
region	OKMS domain region
iam_operation	IAM action evalutated
iam_identities	IAM identity used for rights evaluation
kmip_operation	KMIP operation used
kmip_reason	Standard KMIP error code