Using LTS to Store and Query Audit Traces
Cloud Trace Service (CTS) interconnects with other services on the Huawei Cloud platform to record real-time operations on cloud resources and the operation results. CTS can save the recorded traces as trace files to OBS buckets or LTS log streams. This section takes cloud server creation (operation name: createServer) as an example to describe how to store and query audit traces using LTS.
Prerequisite
You have enabled CTS. For details, see Enabling CTS.
Configuring LTS Transfer
- Log in to the CTS console.
- In the navigation pane on the left, choose Tracker List.
- Click Configure in the Operation column in the row of the management tracker (named system).
Figure 1 Configuring the tracker
- Configure the basic information of the tracker and click Next.
Parameter
Description
Requirements
Tracker Name
The default value is system and cannot be changed.
system
Enterprise Project
If you have enabled enterprise project management for your account, select an enterprise project.
NOTE:Enterprise projects allow you to manage cloud resources and users by project.
For details about how to enable them, see Creating an Enterprise Project.
default
Excluding DEW traces
This parameter is deselected by default. If this parameter is selected, the createDataKey and decryptDatakey operations on DEW will not be transferred to OBS/LTS.
NOTE:For details about DEW audit operations, see Operations supported by CTS.
Deselect
- On the transfer configuration page, enable Transfer to LTS. The system automatically creates CTS for Log Group and system-trace for the log stream. Operation traces will be transferred to the log stream.
Figure 2 Enabling transfer to LTS
- Click Next and click Configure. The system tracker is configured. You can then check the tracker details on the Tracker List page.
Querying Audit Traces in LTS
- On the Tracker List page, click the LTS log stream name on the right of the system tracker. The system-trace log stream details page is displayed.
Figure 3 Clicking the log stream nameFigure 4 system-trace log stream page
- Click 15 minutes (From now) in the upper right corner to set the query time range.
- Enter trace_name : createServer in the search box and click Search to query trace details of creating an ECS.
Figure 5 Searching for trace createServer
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot