Function Overview

Cloud Trace Service (CTS) is a log audit service, which allows you to collect, store, and query cloud resource operation records (traces). You can use these traces to perform security analysis, track resource changes, audit compliance, and locate faults.

• Trace recording: CTS records operations performed on the management console, API calls, and system-triggered operations.
• Trace query: Traces of the last seven days can be queried on the CTS console by multiple dimensions, such as trace type, trace source, resource type, operator, and trace status.
• Trace transfer: Traces can be transferred to Object Storage Service (OBS) buckets periodically. During transfer, traces are compressed into trace files by service.
• Trace file encryption: Trace files can be encrypted using keys provided by Data Encryption Workshop (DEW) during transfer.

Before using CTS, you need to enable it, and a tracker will be automatically created. The tracker identifies and associates with all cloud services you are using, and records all operations on the services.

Traces are cloud resource operation records captured and stored by CTS. You can view traces to identify when operations were performed by which users.

There are two types of traces. Management traces are operation records reported by cloud services, whereas data traces are read/write operation records reported by OBS.

A trace file is a collection of traces. CTS generates trace files based on services and transfer cycle and sends these files to your specified OBS bucket. In most cases, all traces of a service generated in a transfer cycle are compressed into one trace file. However, if there are a large number of traces, CTS will adjust the number of traces contained in each trace file.

During a security audit, operation records will not be able to serve as effective and authentic evidence if they have been deleted or otherwise tampered with. You can enable the integrity verification in CTS to ensure the authenticity of trace files.