Updated on 2022-12-01 GMT+08:00

Audit and Logging

Audit

Cloud Trace Service (CTS) records operations on the cloud resources in your account. You can use the logs generated by CTS to perform security analysis, track resource changes, audit compliance, and locate faults.

After you enable CTS, it starts recording operations on CCE resources and stores the operation records of the last seven days. For details about CCE operations that can be recorded by CTS, see CCE Operations Supported by CTS.

For details about how to enable and configure CTS, see Enabling CTS.

For details about how to view CTS logs, see Querying CTS Logs.

Figure 1 CTS

Logs

CCE allows you to configure policies for collecting, managing, and analyzing workload logs periodically to prevent logs from being over-sized.

CCE works with AOM to collect workload logs. When a node is created, the ICAgent (the DaemonSet named icagent in the kube-system namespace of the cluster) of AOM is installed by default. After the ICAgent collects workload logs (*.log, *.trace, and *.out formats) and reports them to AOM, you can view them on the CCE or AOM console.

For details about workload logging, see Container Logs.