Creating a Tracker
Function
When you enable CTS, a tracker is automatically created to associate with the cloud services you are using and record all operations on the services. A management tracker and multiple data trackers can be created by an account in a region. Traces are retained in the CTS console for seven days. For long-term storage, you can enable Object Storage Service (OBS) and deliver real-time operation records to OBS buckets.
API Calling
For details, see Calling APIs.
URI
POST /v3/{project_id}/tracker
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Project ID. For details, see Obtaining an Account ID and Project ID. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
tracker_type |
Yes |
String |
Tracker type. The value can be system (management tracker), or data (data tracker). Both data and management trackers have the following parameters: is_lts_enabled, obs_info and is_support_validate. Parameters for management trackers: is_support_trace_files_encryption and kms_id. Parameters for data trackers: tracker_name and data_bucket. Values: |
tracker_name |
Yes |
String |
Tracker name. When tracker_type is set to system, the default value system is used. When tracker_type is set to data, you need to set this parameter to a tracker name. |
is_lts_enabled |
No |
Boolean |
Whether to enable trace analysis. |
is_organization_tracker |
No |
Boolean |
Whether to apply the tracker configuration to the organization. This parameter is valid only for the management tracker. If the value is set to true, the audit logs of all members in the ORG organization in the current region will be transferred to the OBS bucket or LTS log stream configured for the management tracker. However, audit logs of other members cannot be viewed on the Trace List page. |
management_event_selector |
No |
ManagementEventSelector object |
Management trace selector. |
obs_info |
No |
TrackerObsInfo object |
Configurations of an OBS bucket to which traces will be transferred. |
is_support_trace_files_encryption |
No |
Boolean |
Whether trace files are encrypted during transfer to an OBS bucket. This parameter is valid when tracker_type is set to system. This parameter must be used with kms_id. |
kms_id |
No |
String |
Key ID used for transferring and encrypting trace files. This key ID is obtained from Key Management Service (KMS). This parameter is valid when tracker_type is set to system. This parameter is mandatory when is_support_trace_files_encryption is set to true. |
is_support_validate |
No |
Boolean |
Whether trace file verification is enabled for trace transfer. |
data_bucket |
No |
DataBucket object |
Information of an OBS bucket to be tracked. This parameter is valid when tracker_type is set to data. |
agency_name |
No |
String |
Name of a cloud service agency. If this parameter is set to cts_admin_trust, a cloud service agency named cts_admin_trust is automatically created during tracker creation. Value: |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
exclude_service |
No |
Array of strings |
Cloud services whose traces will not be transferred. Currently, the value can only be set to KMS, indicating that the createDatakey traces of KMS will not be transferred. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
bucket_name |
No |
String |
OBS bucket name. The value contains 3 to 63 characters and must start with a digit or lowercase letter. Only lowercase letters, digits, hyphens (-), and periods (.) are allowed. |
file_prefix_name |
No |
String |
Prefix of trace files that need to be stored in OBS buckets. The value can contain 0 to 64 characters, including letters, digits, hyphens (-), underscores (_), and periods (.). |
is_obs_created |
No |
Boolean |
Whether an OBS bucket is created. If the value is true, an OBS bucket will be created to store trace files. If the value is false, trace files will be stored in an existing OBS bucket. |
bucket_lifecycle |
No |
Integer |
Duration that traces are stored in the OBS bucket. This parameter is valid when tracker_type is set to data. Values: |
compress_type |
No |
String |
Compression type. The value can be JSON (no compression) or GZIP (compression). The default format is GZIP. Values: |
is_sort_by_service |
No |
Boolean |
Whether to sort the path by cloud service. If this option is enabled, the cloud service name is added to the transfer file path. The default value is true. |
Response Parameters
Status code: 201
Parameter |
Type |
Description |
---|---|---|
id |
String |
Unique tracker ID. |
create_time |
Long |
Timestamp when the tracker was created. |
kms_id |
String |
Key ID used for transferring and encrypting trace files. This key ID is obtained from Key Management Service (KMS). This parameter is mandatory when tracker_type is set to system and is_support_trace_files_encryption is set to true. |
is_support_validate |
Boolean |
Whether to enable trace file verification. |
is_organization_tracker |
Boolean |
Whether to apply the tracker configuration to the organization. This parameter is valid only for the management tracker. If the value is set to true, the audit logs of all members in the ORG organization in the current region will be transferred to the OBS bucket or LTS log stream configured for the management tracker. However, audit logs of other members cannot be viewed on the Trace List page. |
management_event_selector |
ManagementEventSelector object |
Management trace selector. |
lts |
Lts object |
Detail about trace analysis. |
tracker_type |
String |
Tracker type. The value can be system (management tracker), or data (data tracker). Values: |
domain_id |
String |
Account ID. For details, see section "Obtaining an Account ID and Project ID" in Cloud Trace Service API Reference. |
project_id |
String |
Project ID. |
tracker_name |
String |
Tracker name. The default value is system. |
status |
String |
Tracker status. The value can be enabled, disabled, or error. If the value is set to error, the detail field is required for specifying the source of the error. Values: |
detail |
String |
This parameter is returned only when the tracker status is error. It indicates the cause of the abnormal status, and its value can be bucketPolicyError, noBucket, or arrears. |
is_support_trace_files_encryption |
Boolean |
Whether trace files are encrypted during transfer to an OBS bucket. This parameter must be used with kms_id. This function is supported only when the value of tracker_type is system. |
obs_info |
ObsInfo object |
Information about the bucket to which traces are transferred. |
data_bucket |
DataBucketQuery object |
Information about the bucket tracked by a data tracker. This parameter is valid when tracker_type is set to data. |
agency_name |
String |
Name of a cloud service agency. If this parameter is set to cts_admin_trust, a cloud service agency named cts_admin_trust is automatically created during tracker creation. Value: |
Parameter |
Type |
Description |
---|---|---|
exclude_service |
Array of strings |
Cloud services whose traces will not be transferred. Currently, the value can only be set to KMS, indicating that the createDatakey traces of KMS will not be transferred. |
Parameter |
Type |
Description |
---|---|---|
is_lts_enabled |
Boolean |
Specifies whether to enable the LTS search function. |
log_group_name |
String |
Name of the log group that CTS creates in LTS. |
log_topic_name |
String |
Name of the log topic that CTS creates in LTS. |
Parameter |
Type |
Description |
---|---|---|
bucket_name |
String |
OBS bucket name. The value contains 3 to 63 characters and must start with a digit or lowercase letter. Only lowercase letters, digits, hyphens (-), and periods (.) are allowed. |
file_prefix_name |
String |
Prefix of trace files that need to be stored in OBS buckets. The value can contain 0 to 64 characters, including letters, digits, hyphens (-), underscores (_), and periods (.). |
is_obs_created |
Boolean |
Whether the OBS bucket is automatically created by the tracker. |
is_authorized_bucket |
Boolean |
Whether CTS has been granted permissions to perform operations on the OBS bucket. |
bucket_lifecycle |
Long |
Duration that traces are stored in the OBS bucket. This parameter is valid when tracker_type is set to data. |
compress_type |
String |
Compression type. The value can be JSON (no compression) or GZIP (compression). The default format is GZIP. Values: |
is_sort_by_service |
Boolean |
Whether to sort the path by cloud service. If this option is enabled, the cloud service name is added to the transfer file path. The default value is true. |
Status code: 400
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. Format: CTS.XXX. |
error_msg |
String |
Error message. |
Status code: 401
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. Format: CTS.XXX. |
error_msg |
String |
Error message. |
Status code: 403
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. Format: CTS.XXX. |
error_msg |
String |
Error message. |
Status code: 404
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. Format: CTS.XXX. |
error_msg |
String |
Error message. |
Status code: 500
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. Format: CTS.XXX. |
error_msg |
String |
Error message. |
Status code: 503
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. Format: CTS.XXX. |
error_msg |
String |
Error message. |
Example Request
-
POST https://{endpoint}/v3/{project_id}/tracker { "tracker_type" : "system", "tracker_name" : "system", "agency_name" : "cts_admin_trust", "obs_info" : { "is_obs_created" : false, "bucket_name" : "test-data-tracker", "file_prefix_name" : "11" }, "is_lts_enabled" : true, "is_support_trace_files_encryption" : true, "kms_id" : "13a4207c-7abe-4b68-8510-16b84c3b5504", "is_support_validate" : true }
-
{ "tracker_type" : "data", "tracker_name" : "data-tracker-name", "agency_name" : "cts_admin_trust", "obs_info" : { "is_obs_created" : false, "bucket_name" : "saveTraceBucket", "file_prefix_name" : "11", "bucket_lifecycle" : 30 }, "is_lts_enabled" : true, "data_bucket" : { "data_event" : [ "READ", "WRITE" ], "data_bucket_name" : "cstest0423" } }
Example Response
Status code: 201
The request is successful.
{ "id" : "2e6fa9b8-8c6e-456d-b5d3-77be972d220b", "create_time" : 1587958482923, "domain_id" : "aexxxxxxxx4d4fb4bexxxxxxx791fbf", "is_support_trace_files_encryption" : true, "kms_id" : "13a4207c-7abe-4b68-8510-16b84c3b5504", "agency_name" : "cts_admin_trust", "obs_info" : { "is_obs_created" : false, "bucket_name" : "test-bucket", "is_authorized_bucket" : false, "file_prefix_name" : "11", "bucket_lifecycle" : 30 }, "project_id" : "bb1xxxxxxxxe4f498cbxxxxxxxx35634", "lts" : { "is_lts_enabled" : true, "log_group_name" : "CTS", "log_topic_name" : "system-trace" }, "is_support_validate" : true, "tracker_name" : "system", "tracker_type" : "system", "status" : "enabled" }
Status Codes
Status Code |
Description |
---|---|
201 |
The request is successful. |
400 |
The server failed to process the request. |
401 |
The request is rejected due to authentication failure. |
403 |
The server understood the request but refused to authorize it. |
404 |
The requested resource does not exist. |
500 |
Failed to complete the request because of an internal service error. |
503 |
The requested service is invalid. The client should not repeat the request without modifications. |
Error Code
For details, see Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.