Viewing Elasticsearch Cluster Audit Logs
To ensure data security and compliance, enterprises must routinely record and audit operations performed on their cloud service resources. With Cloud Trace Service (CTS), you can record operations associated with CSS Elasticsearch clusters for later query, auditing, and backtracking.
Prerequisites
CTS has been enabled.
Key Operations That Can Be Audited Using CTS
|
Operation |
Resource Type |
Event Name |
|---|---|---|
|
Querying product dynamics on the Overview page |
cluster |
listByGraph |
|
Querying cluster and disk information on the Dashboards page |
cluster |
showDashboard |
|
Querying supported engine types |
cluster |
listDatastores |
|
Querying flavors supported by a specified engine type |
cluster |
getSingleDatabaseFlavors |
|
Querying supported AZs |
user |
getAZInfo |
|
Querying available disk types |
cluster |
listDiskTypes |
|
Obtaining the node flavor list |
cluster |
listFlavors |
|
Querying details about a specified flavor |
cluster |
showFlavorDetail |
|
Querying feature availability |
user |
showFunctionSwitch |
|
Querying available resource quotas |
user |
queryQuota |
|
Creating a cluster |
cluster |
createCluster |
|
Querying the cluster list |
cluster |
listClusters |
|
Querying cluster details |
cluster |
showClusterDetail |
|
Querying the storage capacity of a cluster |
cluster |
getClusterDiskInfos |
|
Performing authentication for a yearly/monthly cluster and obtaining allowed operations |
cluster |
serviceAuthentication |
|
Changing the billing mode of a cluster from pay-per-use to yearly/monthly |
cluster |
updateOndemandClusterToPeriod |
|
Querying the price of a yearly/monthly subscription when switching from pay-per-use |
cluster |
onDemandToPeriodInquiry |
|
Updating resource status |
cluster |
updateServiceStatus |
|
Updating resource metadata |
cluster |
updateServiceMetadata |
|
Changing the cluster name |
cluster |
updateClusterName |
|
Modifying the cluster description |
cluster |
updateClusterDesc |
|
Deleting a failed snapshot task |
cluster |
deleteFailedTaskByTaskId |
|
Deleting all failed snapshot tasks |
cluster |
deleteAllFailedTask |
|
Querying all failed snapshot tasks |
cluster |
listAllFailedTasks |
|
Clearing the status of a specified task for a cluster |
cluster |
clearClusterAction |
|
Quickly restarting a cluster |
cluster |
restartCluster |
|
Performing a rolling restart on a cluster |
cluster |
rollingRestart |
|
Deleting a cluster |
cluster |
deleteCluster |
|
Creating a cluster (V2) |
cluster |
createClusterV2 |
|
Querying the cluster list |
cluster |
listClustersDetails |
|
Querying the cluster list (V2) |
cluster |
listClustersDetailsV2 |
|
Changing the security group |
cluster |
changeSecurityGroup |
|
Changing the password of a cluster |
cluster |
resetPassword |
|
Downloading a security certificate |
cluster |
downloadCert |
|
Changing the subnet of a cluster |
cluster |
changeClusterSubnet |
|
Obtaining a cluster route |
cluster |
getRoutes |
|
Updating cluster routes |
cluster |
updateRoute |
|
Obtaining private network access control policies |
cluster |
getAccessPolicy |
|
Modifying private network access control policies |
cluster |
updateAccessPolicy |
|
Adding data nodes to a cluster |
cluster |
updateExtendCluster |
|
Adding more nodes and storage capacity |
cluster |
updateExtendInstanceStorage |
|
Changing the specifications of data nodes in a cluster |
cluster |
updateFlavor |
|
Changing the flavor of a specified node type |
cluster |
updateFlavorByType |
|
Querying available flavors |
cluster |
queryResizeFlavors |
|
Removing specified nodes |
cluster |
updateShrinkNodes |
|
Removing nodes of a specific type |
cluster |
updateShrinkCluster |
|
Querying information about nodes to be deleted |
cluster |
queryNeedDeleteInstances |
|
Changing the security mode |
cluster |
changeMode |
|
Querying the system indexes of a security-mode cluster |
cluster |
getSecurityIndex |
|
Adding new node types |
cluster |
addIndependentNode |
|
Enabling master nodes |
cluster |
addIndependentMasterNode |
|
Enabling client nodes |
cluster |
addIndependentClientNode |
|
Enabling cold data nodes |
cluster |
addIndependentColdNode |
|
Replacing a specified node |
cluster |
updateInstance |
|
Changing AZs for cluster nodes |
cluster |
updateAzByInstanceType |
|
Upgrading the cluster kernel |
cluster |
upgradeCore |
|
Obtaining information about the target image to upgrade to |
cluster |
listImages |
|
Obtaining upgrade details |
cluster |
upgradeDetail |
|
Retrying a failed kernel upgrade or AZ change task |
cluster |
retryAction |
|
Terminating a failed kernel upgrade or AZ change task |
cluster |
abortAction |
|
Querying all tags |
cluster |
listClustersTags |
|
Querying the tags of a specified cluster |
cluster |
showClusterTag |
|
Adding tags for a cluster |
cluster |
createClustersTags |
|
Deleting the tags of a cluster |
cluster |
deleteClustersTags |
|
Adding or deleting cluster tags in batches |
cluster |
updateBatchClustersTags |
|
Loading a custom word dictionary |
cluster |
createLoadIkThesaurus |
|
Viewing custom word dictionary configurations |
cluster |
showIkThesaurus |
|
Deleting a custom word dictionary |
cluster |
deleteIkThesaurus |
|
Enabling or disabling public network access |
cluster |
bindOrUnbindPublicIp |
|
Enabling public network access |
cluster |
createBindPublic |
|
Disabling public network access |
cluster |
updateUnbindPublic |
|
Modifying public network bandwidth |
cluster |
updatePublicBandWidth |
|
Enabling the public network access control whitelist |
cluster |
startPublicWhitelist |
|
Disabling the public network access control whitelist |
cluster |
stopPublicWhitelist |
|
Enabling public network access to Kibana |
cluster |
startKibanaPublic |
|
Disabling public network access to Kibana |
cluster |
updateCloseKibana |
|
Modifying the public network bandwidth for Kibana |
cluster |
updateAlterKibana |
|
Modifying public network access control for Kibana |
cluster |
updatePublicKibanaWhitelist |
|
Disabling public network access control for Kibana |
cluster |
stopPublicKibanaWhitelist |
|
Modifying the public network bandwidth for the cluster or Kibana |
cluster |
updateBandWidth |
|
Modifying the public network access control whitelist for the cluster or Kibana |
cluster |
updateWhitelist |
|
Querying the public network or Kibana public network to be unbound |
cluster |
queryNeedDeleteBandwidth |
|
Enabling logging |
cluster |
startLogs |
|
Disabling logging |
cluster |
stopLogs |
|
Querying the log backup task list |
cluster |
listLogsJob |
|
Querying basic log configurations |
cluster |
showGetLogSetting |
|
Modifying basic log configurations |
cluster |
updateLogSetting |
|
Enabling automatic log backup |
cluster |
startLogAutoBackupPolicy |
|
Disabling automatic log backup |
cluster |
stopLogAutoBackupPolicy |
|
Backing up logs |
cluster |
createLogBackup |
|
Querying logs |
cluster |
showLogBackup |
|
Checking the network connectivity between the current cluster and the destination cluster |
cluster |
detectClusterConnectivity |
|
Automatically configuring basic cluster snapshot settings |
cluster |
startAutoSetting |
|
Configuring basic cluster snapshot settings |
cluster |
openSnapshotFunction |
|
Modifying the basic settings of a cluster snapshot |
cluster |
updateSnapshotSetting |
|
Manually creating a snapshot |
snapshot |
createSnapshot |
|
Restoring a snapshot |
snapshot |
restoreSnapshot |
|
Deleting a specified snapshot |
snapshot |
deleteSnapshot |
|
Setting an automatic snapshot creation policy |
cluster |
createAutoCreatePolicy |
|
Querying cluster snapshot policies |
cluster |
queryClustersBackupPolicy |
|
Querying automatic snapshot creation policies |
cluster |
showAutoCreatePolicy |
|
Querying the cluster snapshot list |
cluster |
listSnapshots |
|
Querying the cluster snapshot list |
cluster |
listClusterBackups |
|
Disabling snapshots |
cluster |
stopSnapshot |
|
Enabling automatic snapshot creation |
cluster |
startAutoCreateSnapshots |
|
Disabling automatic snapshot creation |
cluster |
stopAutoCreateSnapshots |
|
Querying the destination cluster for snapshot restoration |
cluster |
queryTargetRestoreCluster |
|
Enabling or disabling VPC Endpoint |
cluster |
bindOrUnbindEIP |
|
Enabling VPC Endpoint |
cluster |
startVpecp |
|
Disabling VPC Endpoint |
cluster |
stopVpecp |
|
Obtaining a VPCEP connection |
cluster |
showVpcepConnection |
|
Updating a VPCEP connection |
cluster |
updateVpcepConnection |
|
Modifying the VPCEP whitelist |
cluster |
updateVpcepWhitelist |
|
Obtaining the parameter settings list |
cluster |
listYmls |
|
Obtaining the parameter settings task list |
cluster |
listYmlsJob |
|
Modifying parameter settings |
cluster |
updateYmls |
|
Querying dedicated load balancers supported by a cluster |
cluster |
listElbs |
|
Enabling or disabling a cluster load balancer |
cluster |
enableOrDisableElb |
|
Configuring a cluster load balancer listener |
cluster |
createElbListener |
|
Updating load balancer listeners for a cluster |
cluster |
updateEsListener |
|
Obtaining information about a cluster's load balancers |
cluster |
showElbDetail |
|
Querying certificates supported by a load balancer |
cluster |
listElbCerts |
|
Querying historical reports and details for intelligent diagnostics |
cluster |
listAiOps |
|
Creating an intelligent diagnostics task |
cluster |
createAiOps |
|
Deleting an intelligent diagnostics task |
cluster |
deleteAiOps |
|
Obtaining SMN topics available for intelligent O&M alarms |
cluster |
listSmnTopics |
|
Updating the scheduled diagnostics configuration for intelligent O&M |
cluster |
updateAiOpsSetting |
|
Disabling scheduled diagnostics for intelligent O&M |
cluster |
closeAiOpsSetting |
|
Viewing the scheduled diagnostics configuration for intelligent O&M |
cluster |
showAiOpsSetting |
|
Viewing intelligent O&M diagnostics items |
cluster |
showAiOpsDetector |
|
Querying default plug-ins |
cluster |
getDefaultPlugins |
|
Creating an agency |
user |
createAgency |
|
Querying the agency list |
cluster |
listAgencies |
|
Querying available OBS buckets |
user |
getAvailableBuckets |
|
Querying files in a specified OBS bucket |
cluster |
listObjects |
|
Querying resources by tag |
cluster |
getResourceByTags |
Querying Real-Time Traces
After a management tracker is created on the CTS console, the system starts recording operations performed on cloud service resources. After a data tracker is created, the system starts recording operations performed on data in OBS buckets. CTS retains operation records generated in the latest seven days.
To view or export operation records of the last seven days on the CTS console, see Querying Real-Time Traces.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
