Help Center> Cloud Trace Service> User Guide> Management Trackers> Configuring a Tracker
Updated on 2024-06-13 GMT+08:00
View PDF

Configuring a Tracker

Scenario

You can configure the created management tracker to transfer traces recorded in CTS to OBS or LTS for long-term storage.

You can select whether to send recorded traces to an OBS bucket. You can also transfer the traces of multiple accounts to the same OBS bucket for centralized management.

There are three storage classes of OBS buckets, Standard, Infrequent Access, and Archive. You must use Standard OBS buckets for trace transfer because CTS needs to frequently access the OBS buckets.

After the tracker configuration is complete, CTS will immediately start recording operations under the new settings.

This section describes how to configure the management tracker.

Prerequisites

You have enabled CTS.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner to select the desired region and project.
  3. Click in the upper left corner and choose Management & Governance > Cloud Trace Service. The CTS console is displayed.
  4. Choose Tracker List in the left navigation pane.
  5. Click Configure in the Operation column in the row of the management tracker.

    Figure 1 Configuring the tracker

  6. Configure the basic information of the tracker, and click Next.

    Figure 2 Excluding KMS traces

    Parameter

    Description

    Tracker Name

    The default value is system and cannot be changed.

    Exclude KMS traces

    Deselected by default. After this option is selected, the tracker will not transfer the data about user operations on Data Encryption Workshop (DEW).

    NOTE:

    For details about DEW audit operations, see Operations supported by CTS.

  7. On the Configure Transfer page, modify the transfer configurations of the tracker. For details, see Table 1.

    Table 1 Transfer parameters

    Parameter

    Description

    Transfer to OBS

    Select an existing OBS bucket or create one on this page and set File Prefix if Transfer to OBS is enabled.

    When Transfer to OBS is disabled, no operation is required.

    OBS Bucket

    New: If this function is enabled, an OBS bucket will be created automatically with the name you enter.

    Existing: Select an existing OBS bucket.

    Select Bucket

    If you select New for OBS Bucket, enter an OBS bucket name. The OBS bucket name cannot be empty. It can contain 3 to 63 characters, including only lowercase letters, digits, hyphens (-), and periods (.). It cannot contain two consecutive periods (for example, my..bucket). A period (.) and a hyphen (-) cannot be adjacent to each other (for example, my-.bucket and my.-bucket). Do not use an IP address as a bucket name.

    If you select Existing for OBS Bucket, select an existing OBS bucket.

    Retention Period

    For the management tracker, the retention period configured on the OBS console is used by default and cannot be changed.

    File Prefix

    A prefix is used to mark a transferred trace file. Your specified prefix will be automatically added to the beginning of the name of a transferred file, helping you quickly filter files. Enter 0 to 64 characters. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.

    Compression
    The usage of object storage space can be reduced.
    • Do not compress: Transfer files in the *.json format.
    • gzip: Transfer files in *.json.gz format.

    Sort by Cloud Service
    • When this function is enabled, the cloud service name is added to the transfer file path, and multiple small files are generated in OBS. Example: /CloutTrace/cn-north-7/2022/11/8/doctest/Cloud service/_XXX.json.gz
    • When this function is disabled, the cloud service name will not be added to the transfer file path. Example: /CloutTrace/cn-north-7/2022/11/8/doctest/_XXX.json.gz

    Transfer Path

    Log transfer path is automatically set by the system.

    Verify Trace File

    When this function is enabled, integrity verification will be performed to check whether trace files in OBS buckets have been tampered with. For details about file integrity verification, see Verifying Trace File Integrity.

    Encrypt Trace File

    When OBS Bucket Account is set to Logged-in user, you can configure an encryption key for the traces.

    When Encrypt Trace File is enabled, CTS obtains the key IDs of the current login user from DEW. You can select a key from the drop-down list.

    Transfer to LTS

    When Transfer to LTS is enabled, traces are transferred to the log stream.

    Log Group

    When Transfer to LTS is enabled, the default log group name CTS is set. When Transfer to LTS is disabled, no operation is required.

  8. Click Next > Configure to complete the configuration of the tracker.

    You can then view the tracker details on the Tracker List page.

    Traces recorded by CTS are delivered periodically to the OBS bucket for storage. If you configure an OBS bucket for a tracker, traces generated during the current cycle (usually several minutes) will be delivered to the configured OBS bucket. For example, if the current cycle is from 12:00:00 to 12:05:00 and you configure an OBS bucket for a tracker at 12:02:00, traces received from 12:00:00 to 12:02:00 will also be delivered to the configured OBS bucket for storage at 12:05:00.

  9. (Optional) On the Tracker List page, click in the Tag column to add tags to the tracker.

    Tags are key-value pairs, which are used to identify, classify, and search for trackers. Tracker tags are used to filter and manage trackers only. A maximum of 20 tags can be added to a tracker.

    If your organization has configured tag policies for CTS, add tags to trackers based on the policies. For details about tag policies, see Overview of a Tag Policy. For details about tag management, see Overview of a Tag.
    Table 2 Tag parameters

    Parameter

    Description

    Example

    Tag key

    A tag key of a tracker must be unique. You can customize a key or select the key of an existing tag created in Tag Management Service (TMS).

    A tag key:

    • Can contain 1 to 128 characters.
    • Can contain letters, digits, spaces, and special characters _.:=+-@, but cannot start or end with a space or start with _sys_.

    Key_0001

    Tag value

    A tag value can be repetitive or left blank.

    A tag value:

    • Can contain 0 to 255 characters.
    • Can contain letters, digits, spaces, and special characters _.:=+-@, but cannot start or end with a space.

    Value_0001

Parent topic: Management Trackers