Server Logging

AIStor Server publishes its server logs to the system console. These logs can include errors, information output, or other information useful during troubleshooting or debugging.

Server logs do not emit for all operations and cannot support audit trail or similar compliance requirements. If you require such a trail, configure and use audit logging instead.

You can read the server logs using any of the following methods:

Run journalctl -u minio from any host machine.
Run mc admin logs against the MinIO AIStor deployment.

Record logs to disk

New feature — opt-in only

Disk-based log recording is a new feature that is disabled by default. Enable it only after thorough testing at scale with your application workload. MinIO is actively optimizing this feature in subsequent releases.

MinIO AIStor can record API, error, and audit logs directly to disk as compressed JSON files. This complements webhook-based logging for compliance, forensics, and offline analysis.

Log Type	Purpose
API	S3 API request/response logs
Error	Server error logs
Audit	Comprehensive audit trail

You can configure disk-based log recording using either environment variables or runtime configuration settings:

Environment Variables

Configure log recording by setting environment variables before starting MinIO AIStor.

API log recording:

export MINIO_LOG_API_INTERNAL_ENABLE="on"
export MINIO_LOG_API_INTERNAL_DRIVE_LIMIT="1Gi"
export MINIO_LOG_API_INTERNAL_FLUSH_COUNT="10000"
export MINIO_LOG_API_INTERNAL_FLUSH_INTERVAL="1h"

Variable	Default	Description
`MINIO_LOG_API_INTERNAL_ENABLE`	`off`	Enable API log recording.
`MINIO_LOG_API_INTERNAL_DRIVE_LIMIT`	`1Gi`	Maximum disk space for API logs, applied per drive per node.
`MINIO_LOG_API_INTERNAL_FLUSH_COUNT`	`10000`	Log entries before flushing.
`MINIO_LOG_API_INTERNAL_FLUSH_INTERVAL`	`1h`	Time interval before flushing.

Error log recording:

export MINIO_LOG_ERROR_INTERNAL_ENABLE="on"
export MINIO_LOG_ERROR_INTERNAL_DRIVE_LIMIT="1Gi"
export MINIO_LOG_ERROR_INTERNAL_FLUSH_COUNT="10000"
export MINIO_LOG_ERROR_INTERNAL_FLUSH_INTERVAL="1h"

Variable	Default	Description
`MINIO_LOG_ERROR_INTERNAL_ENABLE`	`off`	Enable error log recording.
`MINIO_LOG_ERROR_INTERNAL_DRIVE_LIMIT`	`1Gi`	Maximum disk space for error logs, applied per drive per node.
`MINIO_LOG_ERROR_INTERNAL_FLUSH_COUNT`	`10000`	Log entries before flushing.
`MINIO_LOG_ERROR_INTERNAL_FLUSH_INTERVAL`	`1h`	Time interval before flushing.

Audit log recording:

export MINIO_LOG_AUDIT_INTERNAL_ENABLE="on"

Variable	Default	Description
`MINIO_LOG_AUDIT_INTERNAL_ENABLE`	`off`	Enable audit log recording.

Configuration Settings

You can use the mc admin config set command with the log_api_internal, log_error_internal, and log_audit_internal configuration keys to configure disk-based log recording.

API log recording:

mc admin config set ALIAS log_api_internal \
   enable=on                               \
   drive_limit=1Gi                         \
   flush_count=10000                       \
   flush_interval=1h

Error log recording:

mc admin config set ALIAS log_error_internal \
   enable=on                                 \
   drive_limit=1Gi                           \
   flush_count=10000                         \
   flush_interval=1h

Audit log recording:

mc admin config set ALIAS log_audit_internal enable=on

The log_api_internal and log_error_internal subsystems support the following keys. The log_audit_internal subsystem supports only the enable key.

Key	Default	Description
`enable`	`off`	Enable log recording for the subsystem (`on` or `off`).
`drive_limit`	`1Gi`	Maximum drive space for the logs, applied per drive per node.
`flush_count`	`10000`	Number of buffered log entries before flushing to disk.
`flush_interval`	`1h`	Maximum time before flushing buffered entries to disk.

The drive_limit is enforced independently on every drive of every node. When the limit is reached (for API and error logs), MinIO AIStor automatically removes the oldest log files on that drive to make room for new entries. For capacity planning, the total log space a cluster can consume is approximately drive_limit × drives-per-node × number-of-nodes.

Storage location and retrieval

MinIO AIStor stores recorded logs on the deployment drives under the system path .minio.sys/logs/, with a separate prefix for each log type:

.minio.sys/
└── logs/
    ├── api/
    ├── error/
    └── audit/

Each file is a zstd-compressed JSON file named using the format <type>.<count>.<timestamp>.zst, for example api.1234.20250115.103000.000000000.zst:

type: api, error, or audit.
count: number of log entries in the file.
timestamp: UTC time in the format YYYYMMDD.HHMMSS.nnnnnnnnn.
.zst: the zstd compression extension.

Use mc ls to list the recorded files and mc cat piped through zstd -d to decompress and read them:

mc ls ALIAS/.minio.sys/logs/audit/
mc cat ALIAS/.minio.sys/logs/audit/FILE.zst | zstd -d

Publish server logs to HTTP webhook

MinIO AIStor supports publishing logs to a webhook consumer through an HTTP PUT operation, where the body of the request is the log as a JSON document.

You can configure a new HTTP webhook endpoint to which AIStor Server publishes minio server logs using either environment variables or runtime configuration settings:

Environment Variables

You can use environment variables to configure one or more webhook logging targets.

The following example code displays all environment variables related to publishing server logs to a webhook. Commented # variables are optional. Add these environment variables to the /etc/default/minio environment file on all MinIO AIStor nodes.

MINIO_LOGGER_WEBHOOK_ENABLE="on"
MINIO_LOGGER_WEBHOOK_ENDPOINT="https://webhook-1.example.net"
#MINIO_LOGGER_WEBHOOK_AUTH_TOKEN="TOKEN"
#MINIO_LOGGER_WEBHOOK_BATCH_SIZE=10
#MINIO_LOGGER_WEBHOOK_CLIENT_CERT="/opt/minio/webhook/public.crt"
#MINIO_LOGGER_WEBHOOK_CLIENT_KEY="/opt/minio/webhook/private.key"
#MINIO_LOGGER_WEBHOOK_MAX_RETRY=5
#MINIO_LOGGER_WEBHOOK_RETRY_INTERVAL=1
#MINIO_LOGGER_WEBHOOK_PROXY="https://proxy.example.net"
#MINIO_LOGGER_WEBHOOK_TLS_SKIP_VERIFICATION=false
#MINIO_LOGGER_WEBHOOK_HTTP_TIMEOUT=10
#MINIO_LOGGER_WEBHOOK_HTTP_ENCODING="json"

Configuration Settings

You can use the mc admin config set command and the logger_webhook configuration key to configure one or more webhook logging targets.

The following example code displays all configuration settings related to publishing server logs to a webhook. Commented # settings are optional.

mc admin config set ALIAS logger_webhook        \
   endpoint="https://webhook-1.example.net"     \
#  auth_token="TOKEN"                           \
#  batch_size=10                                \
#  max_retry=5                                  \
#  retry_interval=1                             \
#  client_cert="/opt/minio/webhook/public.crt"  \
#  client_key="/opt/minio/webhook/private.key"  \
#  proxy="https://proxy.example.net"            \
#  tls_skip_verification=false                  \
#  http_timeout=10                              \
#  http_encoding="json"

For options that require specifying a directory path, ensure the minio-user user and group have read, write, and list access to those resources. Where possible use chown and chmod to limit access and ownership to only the minio-user.

Restart MinIO AIStor to apply the new settings.

You can specify multiple webhook loggers by appending a unique identifier to each group of environment variables or settings. For example, MINIO_LOGGER_WEBHOOK_ENDPOINT_PRIMARY or mc admin config set alias logger_webhook:primary.

Server log JSON format

The following example json document resembles the format used by MinIO AIStor for webhook logging:

{
    "deploymentid": "c8484a3f-2fb0-416b-b0dd-06c7c60a6925",
    "level": "WARNING",
    "time": "2025-08-15T16:06:01.16308316Z",
    "api": {
        "name": "SYSTEM.iam",
        "args": {}
    },
    "error": {
        "message": "Enabling MINIO_IDENTITY_TLS_SKIP_VERIFY is not recommended in a production environment (*errors.errorString)",
        "source": [
            "internal/logger/logger.go:271:logger.LogIf()",
            "cmd/logging.go:29:cmd.iamLogIf()",
            "cmd/iam.go:270:cmd.(*IAMSys).Init()",
            "cmd/server-main.go:1006:cmd.serverMain.func15.1()",
            "cmd/server-main.go:566:cmd.bootstrapTrace()",
            "cmd/server-main.go:1005:cmd.serverMain.func15()"
        ]
    }
}

Log entry fields

Field	Type	Description
`deploymentid`	string	Unique cluster deployment identifier
`level`	string	Log severity: `ERROR`, `WARNING`, `INFO`, `EVENT`
`time`	string	UTC timestamp with nanosecond precision
`api.name`	string	Operation name (see Log subsystems)
`api.args`	object	Operation-specific arguments (bucket, object, metadata)
`requestID`	string	Unique request identifier for correlating logs across nodes
`requestNode`	string	Node that generated the log entry
`remotehost`	string	Client or peer that initiated the request
`error.message`	string	Error description
`error.source`	array	Code path that triggered the error (stack trace)
`error.variables`	object	Context-specific data (for example, drive endpoint)

Log subsystems

The api.name field identifies the subsystem that generated the log entry.

For background operations (healing, scanning, bootstrap), the value is SYSTEM.<subsystem>. For errors during S3 API requests, the value is the S3 operation name (for example, GetObject, PutObject) rather than the subsystem name.

Storage and drives:

Subsystem	Description
`SYSTEM.storage`	Drive I/O errors, drive not found, connection failures
`SYSTEM.offline-drive-healing`	Automatic healing of drives that were offline
`SYSTEM.formatting`	Drive formatting operations during startup

Network and internode:

Subsystem	Description
`SYSTEM.peers`	Peer node communication errors
`SYSTEM.grid`	Internode grid connections: pong timeouts, nodes marked offline
`SYSTEM.dns`	DNS resolution errors

Data operations:

Subsystem	Description
`SYSTEM.s3`	S3 API-level errors in background contexts
`SYSTEM.replication`	Bucket replication errors and status
`SYSTEM.site-replication`	Site replication synchronization issues
`SYSTEM.batch`	Batch operation errors (replicate, expire, key rotation)
`SYSTEM.transition`	Object transition (tiering) operations
`SYSTEM.tier`	Tier target connectivity and configuration

Cluster operations:

Subsystem	Description
`SYSTEM.healing`	Object and drive healing operations
`SYSTEM.scanner`	Background scanner activity and errors
`SYSTEM.ilm`	Lifecycle management expiration and transition
`SYSTEM.decom`	Pool decommissioning progress and errors
`SYSTEM.rebalance`	Server pool rebalancing operations
`SYSTEM.cordon`	Node cordoning events
`SYSTEM.healthcheck`	Read and write quorum evaluation results

Security and identity:

Subsystem	Description
`SYSTEM.iam`	IAM policy and user management
`SYSTEM.authN`	Authentication errors
`SYSTEM.authZ`	Authorization and policy evaluation errors
`SYSTEM.sts`	Security Token Service operations
`SYSTEM.encryption`	Server-side encryption errors
`SYSTEM.kms`	Key Management Service connectivity

Administration:

Subsystem	Description
`SYSTEM.admin`	Admin API operations
`SYSTEM.config`	Configuration changes and validation
`SYSTEM.bootstrap`	Server startup and initialization
`SYSTEM.shutdown`	Graceful shutdown events
`SYSTEM.metrics`	Metrics collection errors
`SYSTEM.license`	License validation

Features:

Subsystem	Description
`SYSTEM.tables`	AIStor Tables (Iceberg catalog) operations
`SYSTEM.sftp`	SFTP gateway operations
`SYSTEM.ftp`	FTP protocol operations

Filtering server logs

Use the api.name field to filter logs by subsystem in your log pipeline.

Common filter patterns:

Purpose	Filter expression
Storage errors (background)	`api.name == "SYSTEM.storage" AND level == "ERROR"`
Quorum failures	`api.name == "SYSTEM.healthcheck" AND level == "ERROR"`
Internode connectivity	`api.name == "SYSTEM.grid" AND level == "ERROR"`
Replication errors	`api.name == "SYSTEM.replication" AND level == "ERROR"`
Healing activity	`api.name == "SYSTEM.healing"`
All errors	`level == "ERROR"`

Errors that occur during an S3 API request show the S3 operation name in api.name (for example, GetObject) rather than the subsystem name. To find storage or network errors during S3 requests, filter by error.message or error.source content instead of api.name.

Server logs vs audit logs

Server logs and audit logs serve different purposes and capture different data.

	Server logs	Audit logs
Content	Errors, warnings, internal operations	All S3 API requests and responses
Rate limited	Yes (repeated errors are suppressed)	No (every event is logged)
Filtered	Yes (some internal errors are suppressed)	No (all events are logged for compliance)
Includes stack trace	Yes (`error.source`)	No
Includes request/response headers	No	Yes
Includes timing	No	Yes (TTFB and response time in nanoseconds)
Config key	`logger_webhook`	`audit_webhook` / `audit_kafka`
Use case	Operational monitoring, debugging	Compliance, security audit trail

For audit log configuration, see Audit Logging.