Help Center/ Cloud Trace Service/ FAQs/ How Do I Configure the Storage Duration of CTS Audit Logs to 180 Days?
Updated on 2023-11-15 GMT+08:00

How Do I Configure the Storage Duration of CTS Audit Logs to 180 Days?

Background

Audit logs may need to be stored for 180 days for query and backtracking purposes. You can perform the following steps to configure the storage duration of audit logs and query and analyze audit logs:

Procedure

  • Configuring a transfer

    After being enabled, CTS automatically creates a management tracker named system and records all operations of your tenant account in the tracker. Configure the tracker for CTS to transfer logs to Log Tank Service (LTS). After the configuration is complete, LTS creates a log group and a log stream automatically and stores CTS audit logs in the log stream for 30 days by default. To store them for 180 days, change the log retention duration setting of the log stream to 180 days on LTS.

    1. Log in to the management console.
      • If you log in to the console using a Huawei Cloud account, go to 3.
      • If you log in to the console as an IAM user, contact the administrator (Huawei Cloud account or a user in the user group admin) to grant the following permissions to the IAM user. For details, see .
        • CTS FullAccess
    2. Click in the upper left corner to select the desired region and project.
    3. Click in the upper left corner and choose Management & Governance > Cloud Trace Service.
    4. Click Configure in the Operation column of the system tracker to configure the tracker to transfer audit logs to LTS.
      Figure 1 Configuring a tracker
    5. Enable Transfer to LTS. The system automatically creates a log group CTS and a log stream system-trace on LTS.
      Figure 2 Transfer to LTS
    6. Go to the LTS console, change the storage duration of LTS log streams to 180 days, and configure the structuring rule to CTS.
      1. Click in the upper left corner and choose Management & Governance > Log Tank Service to access the LTS console.
      2. On the Log Management page, click the modifying button in the Operation column of the system-trace log stream created in 5. On the displayed page, enable Log Retention Duration and change the duration to 180 days.
        Figure 3 Modifying the log stream
        Figure 4 Changing the retention period
      3. Choose Log Ingestion and click CTS (Cloud Trace Service). On the displayed page, select CTS for Log Group and system-trace for Log Stream.
        Figure 5 Selecting a log stream
      4. Click Next: Configure Log Stream to configure the CTS log structuring.
      5. Click Submit to complete the log ingestion configuration.
      6. Click Log Streams. The log stream details page is displayed.
        Figure 6 Log stream details
  • Log search and analysis
    After you configure audit log transferring to LTS, you can search for and analyze audit logs on LTS.
    • Method 1: Enter LTS in the search box to search for logs.
      Figure 7 Searching for logs
    • Method 2: In the Quick Analysis area, locate service_type and click LTS to quickly search for logs.
      Figure 8 Searching for logs
    • Method 3: Enter a SQL statement in Visualization to filter audit logs and calculate the total number of audit logs.
      Figure 9 Querying logs using a SQL statement