Help Center/ Cloud Trace Service/ User Guide/ Overview
Updated on 2025-02-27 GMT+08:00
View PDF
Share

Overview

Scenarios

If you log in to Cloud Trace Service (CTS) for the first time, click Enable CTS on the Tracker List page. A management tracker named system will be automatically created. Then you can create data trackers on this page. Th management tracker identifies and associates with all cloud services your tenant account is using, and records all operations of your tenant account. Data trackers record details of the tenant's operations on data in Object Storage Service (OBS) buckets.

You can only query operation records of the last seven days on the CTS console. To query operation records generated in the past seven days, store trace files in an OBS bucket or Log Tank Service (LTS) log stream. Ensure that you have enabled OBS and LTS and have full permissions for the OBS bucket and LTS log stream you are going to use. By default, only the owner of OBS buckets can access the buckets and all objects contained in the buckets, but the owner can grant access permissions to other services and users by configuring access policies.

Prerequisites

  • To configure the trace transfer function, you must enable OBS and LTS.
  • To enable the key event notification function, you must enable Simple Message Notification (SMN).

Associated Services

  • OBS: used to store trace files.
  • Data Encryption Workshop (DEW): Provides keys that can be used to encrypt trace files.
  • LTS: stores logs.
  • SMN: Sends email or SMS message notifications to users when key operations are performed.

Enabling CTS for the First Time

  1. Log in to the management console.
  2. If you log in to the console using a Huawei Cloud account, go to 3. If you log in to the console as an Identity and Access Management (IAM) user, first contact your CTS administrator (account owner or a user in the admin user group) to obtain the CTS FullAccess permissions.

    For details, see Assigning Permissions to an IAM User.

  3. Click in the upper left corner and choose Management & Governance > Cloud Trace Service. The CTS console is displayed.
  4. Choose Tracker List in the navigation pane on the left and click Enable CTS in the upper right corner. A management tracker named system will be automatically created.

    The management tracker logs user operations like creation, login, and deletion on all cloud service resources. For details about the cloud services supported by CTS, see Supported Services and Operations.

  5. Create trackers (data trackers only). Data trackers record details of the tenant's operations on data in OBS buckets.
  6. Choose Tracker List in the navigation pane to view operation records of the last seven days.

Related Information

CTS provides the following functions:
  • Trace recording: CTS records system-triggered operations and operations performed on the management console or by calling APIs.
  • Trace query: You can query operation records of the last seven days on the CTS console using filters such as trace type, trace source, resource type, filter, operator, and trace status.
  • Trace transfer: CTS compresses traces into trace files by service and periodically transfers them to OBS buckets or LTS log stream.
  • Trace file encryption: Trace files are encrypted using keys provided by DEW during transfer.
  • Key event notification: SMN sends messages to users' mobile phones or email addresses when specific operations are performed.