Handling errors

If a trail cannot send audit logs to the destination object, the trail status will change to Error. This guide contains recommendations on how to recover the trail.

Object Storage bucketObject Storage bucket

ACCESS_DENIEDACCESS_DENIED

• Make sure the service account used by the trail to upload audit logs to the bucket is assigned the storage.uploader or a higher role.
• Check the bucket access control list (ACL) and bucket policy and make sure they contain no rules that disable the service account to write data to the bucket.

BUCKET_QUOTA_EXCEEDEDBUCKET_QUOTA_EXCEEDED

Increase the bucket size and delete the objects you do not need.

BUCKET_CLOUD_QUOTA_EXCEEDEDBUCKET_CLOUD_QUOTA_EXCEEDED

Contact support to have the Object Storage quota for the cloud increased.

BUCKET_NOT_FOUNDBUCKET_NOT_FOUND

Check the bucket specified in the trail settings. If the bucket was deleted:

1. Create a new bucket with the same name as that specified in the trail settings.

   You can also change the trail settings by specifying a different bucket under Destination.

2. If the bucket is encrypted with the Key Management Service key, grant the kms.keys.decrypter role for the key to the service account used by the trail to upload audit logs to the bucket.

UNKNOWN or INTERNAL_ERRORUNKNOWN or INTERNAL_ERROR

Contact support for additional information and recommendations.

See alsoSee also

• Assigning roles to a service account