Using CTS to Audit OBS
Cloud Trace Service (CTS) records operations on cloud resources in your account. You can use the logs to perform security analysis, track resource changes, audit compliance, and locate faults.
After you enable CTS and configure a tracker, CTS can record management and data traces of OBS for auditing.
For details about how to enable and configure CTS, see Enabling CTS.
For details about OBS management and data traces that can be tracked by CTS, see Cloud Trace Service.
Procedure
- Log in to the management console.
- In the upper left corner of the top navigation menu, click
to select a region. - Choose Service List > Management & Governance > Cloud Trace Service. The Trace List page is displayed.
- Configure the cloud audit for OBS by referring to Configuring a Tracker in the Cloud Trace Service User Guide.
|
Tracker Type |
Operation |
Resource |
Trace Name |
|---|---|---|---|
|
Management |
Deleting a bucket |
bucket |
deleteBucket |
|
Management |
Deleting the CORS configuration of a bucket |
bucket |
deleteBucketCors |
|
Management |
Deleting the custom domain name configuration |
bucket |
deleteBucketCustomdomain |
|
Management |
Deleting the lifecycle configuration of a bucket |
bucket |
deleteBucketLifecycle |
|
Management |
Deleting a bucket policy |
bucket |
deleteBucketPolicy |
|
Management |
Deleting the cross-region replication configuration of a bucket |
bucket |
deleteBucketReplication |
|
Management |
Deleting the tag configuration of a bucket |
bucket |
deleteBucketTagging |
|
Management |
Deleting the static website hosting configuration of a bucket |
bucket |
deleteBucketWebsite |
|
Management |
Creating a bucket |
bucket |
createBucket |
|
Management |
Configuring the bucket ACL |
bucket |
setBucketAcl |
|
Management |
Configuring the CORS rule for a bucket |
bucket |
setBucketCors |
|
Management |
Setting the custom domain name for a bucket |
bucket |
setBucketCustomdomain |
|
Management |
Configuring the bucket lifecycle rules |
bucket |
setBucketLifecycle |
|
Management |
Configuring the bucket logging function |
bucket |
setBucketLogging |
|
Management |
Configuring the event notification function for buckets |
bucket |
setBucketNotification |
|
Management |
Configuring the bucket policy |
bucket |
setBucketPolicy |
|
Management |
Configuring the bucket quota |
bucket |
setBucketQuota |
|
Management |
Configuring the cross-region replication function for buckets |
bucket |
setBucketReplication |
|
Management |
Configuring the bucket storage class |
bucket |
setBucketStorageclass |
|
Management |
Configuring the bucket tag |
bucket |
setBucketTagging |
|
Management |
Configuring the versioning function for buckets |
bucket |
setBucketVersioning |
|
Management |
Configuring the static domain name for buckets |
bucket |
setBucketWebsite |
|
Management |
Configuring server-side encryption for a bucket |
bucket |
setBucketEncryption |
|
Management |
Deleting the server-side encryption configuration of a bucket |
bucket |
deleteBucketEncryption |
|
Tracker Type |
Operation |
Resource |
Trace Name |
|---|---|---|---|
|
Data_Read |
Downloading an object |
object |
GET.OBJECT |
|
Data_Read |
Querying the object ACL |
object |
GET.OBJECT.ACL |
|
Data_Read |
Querying the bucket website configuration |
object |
GET.OBJECT.WEBSITE |
|
Data_Read |
Accessing an object through the website |
object |
HEAD.OBJECT.WEBSITE |
|
Data_Read |
Querying the object metadata |
object |
HEAD.OBJECT |
|
Data_Read |
Listing part data |
object |
LIST.OBJECT.UPLOAD |
|
Data_Write |
Deleting an object |
object |
DELETE.OBJECT |
|
Data_Write |
Canceling a part |
object |
DELETE.UPLOAD |
|
Data_Write |
Queries the cross-domain requests for objects |
object |
OPTIONS.OBJECT |
|
Data_Write |
Uploading an object |
object |
POST.OBJECT |
|
Data_Write |
Deleting objects in batches |
object |
POST.OBJECT.MULTIDELETE |
|
Data_Write |
Restoring Archive objects |
object |
POST.OBJECT.RESTORE |
|
Data_Write |
Merging parts |
object |
POST.UPLOAD.COMPLETE |
|
Data_Write |
Initializing multipart tasks |
object |
POST.UPLOAD.INIT |
|
Data_Write |
Uploading an object |
object |
PUT.OBJECT |
|
Data_Write |
Configuring the object ACL |
object |
PUT.OBJECT.ACL |
|
Data_Write |
Copying an object |
object |
PUT.OBJECT.COPY |
|
Data_Write |
Configuring the object storage class |
object |
PUT.OBJECT.STORAGECLASS |
|
Data_Write |
Uploading a part |
object |
PUT.PART |
|
Data_Write |
Copying a part |
object |
PUT.PART.COPY |
Follow-up Procedure
You can click Disable under the Operation column on the right of a tracker to disable the tracker. After the tracker is disabled, the system will stop recording operations, but you can still view existing operation records.
You can click Delete under the Operation column on the right of a tracker to delete the tracker. Deleting a tracker has no impact on existing operation records. When you enable CTS again, you can view operation records that have been generated.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
