--- title: "Pushing logs from OVHcloud KMS to Logs Data Platform" description: "Analyze KMS logs through LDP" url: https://docs.ovhcloud.com/pt/guides/manage-and-operate/kms/logs lang: pt lastUpdated: 2025-06-18 --- # Pushing logs from OVHcloud KMS to Logs Data Platform ## Objective This guide aims to introduce logs generated by OVHcloud KMS and how they are managed from Logs Data Platform. ## Requirements - An [OVHcloud customer account](/pt/guides/account-and-service-management/account-information/ovhcloud-account-creation.md). - An [OVHcloud KMS ordered and an access certificate created](/pt/guides/manage-and-operate/kms/quick-start.md). ## Instructions ### Description OVHcloud KMS has a native integration with Logs Data Platform for logs management. ### Logs direct access KMS logs are available from each KMS `Logs ` tab. ![Logs tab](/images/manage-and-operate/kms/kms-troubleshooting/kms-logs-tab.png) This tab displays all KMS logsin real time. A selector allows to switch display between the two types of logs: - REST API audit logs. - KMIP audit logs. ### Logs access through LDP From the `Logs ` tab, you can subscribe to an LDP data stream. Once the subscription is enabled, all the logs will be pushed to [Logs Data Platform](https://www.ovhcloud.com/pt/identity-security-operations/logs-data-platform/) to archive generated logs and perform advanced searches, create alerts and visualisations. ![LDP Subscription](/images/manage-and-operate/kms/kms-troubleshooting/kms-ldp-subscription.png) For more information, please refer to our guide "[Quick start for Logs Data Platform](/pt/guides/manage-and-operate/observability/logs-data-platform/getting-started-quick-start.md)". ### Available logs details KMS logs contain the following information: - REST API Logs are displayed with this format: ```bash {{ http_method }} {{ http_path }} - {{ http_status }} - identity: {{ iam_identities }} - operation: {{ iam_operation }} on {{ res_urn }} - from {{ip}} with certificate {{cert_id}} - request id: {{ request_id }} ``` **Example:** ```console INFO | GET /v1/servicekey/77f0a3f6-c2ef-4e76-xxxx-xxxxxxxxxxxx - 200 - identity: urn:v1:eu:identity:group:xx1111-ovh/john.smith - operation: okms:apiovh:serviceKey/get on urn:v1:eu:resource:okms:8d1c84cc-1128-4629-xxxx-xxxxxxxxxx/serviceKey/77f0a3f6-c2ef-4e76-xxxx-xxxxxxxxxxxx - from Manager/APIv2 - request id: EU.manager-5.684c3abe.3880620.2080cff16eaa5539bf92cxxxxxxxx ``` Elements that can be pushed to Logs Data Platform: | **Field** | **Description** | | :-------------: | :-------------------------------------: | | domain\_id | OKMS domain ID | | request\_id | request ID | | type | | | log\_level | Log priority level | | client\_ip | IP of the client making the request | | tls\_cert\_id | Authentication certificate ID used | | res\_urn | target resource URN | | region | OKMS domain region | | iam\_operation | IAM action evalutated | | iam\_identities | IAM identity used for rights evaluation | | http\_path | Request path | | http\_status | HTTP answer status | | http\_method | Request method | | err\_category | Error category | - KMIP Logs are displayed with this format: ```bash {{ http_method }} {{ http_path }} - {{ http_status }} - identity: {{ iam_identities }} - operation: {{ iam_operation }} on {{ res_urn }} - from {{ip}} with certificate {{cert_id}} - request id: {{ request_id }} ``` **Example:** ```console INFO | GET on urn:v1:eu:resource:okms:8d1c84cc-1128-4629-xxxx-xxxxxxxxxxx/kmip/ff55638c-3e86-4cb3-xxxx-xxxxxxxx - identity: urn:v1:eu:identity:account:xx1111-ovh - operation: okms:kmip:get - from XXX.XXX.XXX.XXX with certificate e7850a19-a5de-4527-xxxx-xxxxxxxxx - request id: OKMS.db61c455-abfa-4a66-xxxx-xxxxxxxxxxx ``` Elements that can be pushed to Logs Data Platform: | **Field** | **Description** | | :-------------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | | domain\_id | OKMS domain ID | | request\_id | Request ID | | log\_level | Log priority level | | client\_ip | IP of the client making the request | | tls\_cert\_id | Authentication certificate ID used | | res\_urn | Target resource URN | | region | OKMS domain region | | iam\_operation | IAM action evalutated | | iam\_identities | IAM identity used for rights evaluation | | kmip\_operation | KMIP operation used | | kmip\_reason | [Standard KMIP error code](https://docs.oasis-open.org/kmip/spec/v1.4/kmip-spec-v1.4.pdf#%5B%7B%22num%22%3A484%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2C69%2C720%2C0%5D) | ## Go further Join our [community of users](https://community.ovhcloud.com/).