Help Center> Cloud Stream Service> User Guide> Operation Guide> Audit Log
View PDF

Audit Log

You can use CTS to record key operation events related to CS. The events can be used in various scenarios such as security analysis, compliance audit, resource tracing, and problem locating. This section is organized as follows:

Enabling CTS

A tracker will be automatically created after CTS is enabled. All traces recorded by CTS are associated with a tracker. Currently, only one tracker can be created for each account.

  1. On the CS management console, choose Service List > Management & Deployment > Cloud Trace Service. The CTS management console is displayed.
  2. In the navigation pane on the left, click Tracker.
  3. Click Enable CTS.
  4. On the Enable CTS page that is displayed, click Enable.

    If you enable Apply to All Regions, the tracker is created in all regions of the current site to improve the completeness and accuracy of the current tenant's audit logs.

    After CTS is enabled, the system automatically assigns a tracker. You can view details about the created tracker on the Tracker page.

Disabling the Audit Log Function

If you want to disable the audit log function, disable the tracker in CTS.

  1. On the CS management console, choose Service List > Management & Deployment > Cloud Trace Service. The CTS management console is displayed.
  2. In the navigation pane on the left, click Tracker.
  3. In the tracker list, click Disable in the Operation column.
  4. In the displayed dialog box, click OK to disable the tracker.

    After the tracker is disabled, the Disable button in the Operation column is switched to Enable. To enable the tracker again, click Enable and then click OK. The system will start recording operations again.

    After the tracker is disabled, the system will stop recording operations, but you can still view existing operation records.

Key Operations

Table 1 describes the CS operations that can be recorded by CTS.

Table 1 CS operations that can be recorded by CTS

Operation

Resource Type

Event Name

Creating a job

job

createNewJob

Editing a job

job

editJob

Deleting a job

job

deleteJob

Starting a job

job

startJob

Stopping a job

job

stopJob

Deleting jobs in batches

job

deleteJobInBatch

Creating a template

template

createTemplate

Updating a template

template

updateTemplate

Deleting a template

template

deleteTemplate

Stopping jobs of an overdue account

job

stopArrearageJob

Restoring jobs of an overdue account

job

recoverArrearageJob

Deleting jobs of an overdue account

job

deleteArrearageJob

Creating a cluster

cluster

createCluster

Deleting a cluster

cluster

deleteCluster

Adding nodes to a cluster

cluster

scalaUpCluster

Downsizing a cluster

cluster

scalaDownCluster

Expanding or downsizing a cluster

cluster

scalaCluster

Creating a tenant cluster

cluster

createReservedCluster

Updating a tenant cluster

cluster

updateReservedCluster

Deleting a tenant cluster

cluster

deleteReservedCluster

Updating the user quota

cluster

updateUserQuota

Viewing Job Audit Logs

You can view the job operation records in audit logs, such as job creation, submission, running, and stop.

  1. In the navigation tree on the left pane of the CS management console, choose Job Management to switch to the Job Management page.
  2. In the Name column on the Job Management page, click the desired job name to switch to the Job Details page.
  3. Click Audit Log to view audit logs of the job.

    Figure 1 Viewing job audit logs

    A maximum of 50 logs can be displayed. For more audit logs, query them in CTS. For details about how to view audit logs in CTS, see section "Querying Real-Time Traces" in the Cloud Trace Service Quick Start.

    If no information is displayed on the Audit Log page, you need to enable CTS.

    1. Click Enable to switch to the CTS Authorization page.
    2. Click OK.

    You can also log in to the CTS management console to enable CTS. For details, see Enabling CTS.

    Table 2 Parameters related to audit logs

    Parameter

    Parameter description

    Event Name

    Name of an event.

    Resource Name

    Name of a running job.

    Resource ID

    ID of a running job.

    Type

    Job operation type.

    Level

    Event level. Available options include the following:

    • incident
    • warning
    • normal

    Operator

    Account used to run a job.

    Generated

    Time when an event occurs.

    Source IP Address

    IP address of the operator.

    Operation Result

    Operation result.

Viewing Cluster Audit Logs

Cluster management allows you to view audit logs of a cluster.

  1. In the navigation tree on the left pane of the CS management console, click Cluster Management to switch to the Cluster Management page.
  2. In the Name column on the Cluster Management page, click the desired cluster name to switch to the Cluster Details page.
  3. Click Audit Log to view audit logs of the cluster.

    Figure 2 Viewing cluster audit logs
    A maximum of 50 logs can be displayed. For more audit logs, query them in CTS. For details about how to view audit logs in CTS, see section "Querying Real-Time Traces" in the Cloud Trace Service Quick Start.
    • If no information is displayed on the Audit Log page, you need to enable CTS.
      1. Click Enable to switch to the CTS Authorization page.
      2. Click OK.

      You can also log in to the CTS management console to enable CTS. For details, see Enabling CTS.

    • If ETS has been enabled for Audit Log under Job Management, you do not need to enable it for Audit Log under Cluster Management.
    Table 3 Parameters related to audit logs

    Parameter

    Parameter description

    Event Name

    Name of an event.

    Resource Name

    Name of a running cluster.

    Resource ID

    ID of a running cluster.

    Type

    Cluster operation type.

    Level

    Event level. Available options include the following:

    • incident
    • warning
    • normal

    Operator

    Account used to run a cluster.

    Generated

    Time when an event occurs.

    Source IP Address

    IP address of the operator.

    Operation Result

    Operation result.

Viewing Job Template Audit Logs

You can view audit logs of a custom job template by performing operations on the Custom Template page.

  1. In the left navigation pane of the CS management console, click Template Management, Custom Templates.
  2. In the Name column, click the name of a job template whose audit logs you want to view to switch to the Template Details page.
  3. Click Audit Log to view audit logs of the template.

    Figure 3 Viewing job template audit logs
    A maximum of 50 logs can be displayed. For more audit logs, query them in CTS. For details about how to view audit logs in CTS, see section "Querying Real-Time Traces" in the Cloud Trace Service Quick Start.
    If no information is displayed on the Audit Log page, you need to enable CTS.
    1. Click Enable to switch to the CTS Authorization page.
    2. Click OK.

    You can also log in to the CTS management console to enable CTS. For details, see Enabling CTS.

    Table 4 Parameters related to audit logs

    Parameter

    Parameter description

    Event Name

    Name of an event.

    Resource Name

    Template name.

    Resource ID

    ID of a template.

    Type

    Template operation type.

    Level

    Event level. Available options include the following:

    • incident
    • warning
    • normal

    Operator

    Account used to operate a template.

    Generated

    Time when an event occurs.

    Source IP Address

    IP address of the operator.

    Operation Result

    Operation result.

Parent topic: Operation Guide