检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
A data tracker records details of user operations on data in OBS buckets. It records data traces reported by OBS, detailing user operations on data in OBS buckets, including uploads and downloads.
Trace file encryption: After enabling trace transfer, you can use Data Encryption Workshop (DEW) to encrypt trace files stored in OBS buckets. Trace analysis: This function is provided by CTS and is free to use.
READ: read operations of an OBS object; WRITE: write operations of an OBS object.
If trace transfer to OBS or LTS has been configured, the retention period is then determined by the settings on those respective consoles. For details about how to configure a tracker to transfer traces to OBS or LTS, see Configuring a Tracker.
To audit, query, and analyze traces in the future, you can configure an OBS bucket for storing these traces and encrypt them with DEW. When cloud resources change, CTS archives audit traces to OBS buckets. For details, see Configuring a Tracker.
Obtain the latest digest file within the time range to be verified from the OBS bucket. Check whether the location where the digest file is stored in the OBS bucket matches with the location recorded in the file.
What Will Happen If I Have Enabled Trace Transfer But Have Not Configured an Appropriate Policy for an OBS Bucket?
Other APIs Querying the Tracker Quota of a Tenant Querying All Operations on a Cloud Service Querying Audit Log Operators Checking Whether Data Can Be Transferred to the Configured OBS Bucket Querying the Resources Involved in the Traces Parent topic: V3 APIs (Recommended)
To store operation records for longer than seven days, configure transfer to OBS or Log Tank Service (LTS) so that you can view them in OBS buckets or LTS log groups.
Does the cts_admin_trust Agency Include OBS Authorization? Does CTS Support Integrity Verification of Trace Files? Can I Disable CTS? How Will CTS Be Affected If My Account Balance Is Insufficient?
Data trackers record data traces, that is, logs of tenant operations (such as upload and download) on data in OBS buckets. This section describes how to use a data tracker. Creating a Tracker Configuring a Tracker Disabling or Enabling a Tracker Deleting a Tracker
Data trackers record data traces, which are operations performed by tenants on data in OBS buckets, such as upload and download. This section describes how to use the management tracker. Creating a Tracker Configuring a Tracker Disabling or Enabling a Tracker Deleting a Tracker
Downloading Operation Traces from CTS This section describes how to download traces from CTS, Object Storage Service (OBS), and LTS.
CTS can save the recorded traces as trace files to OBS buckets or LTS log streams. This section takes cloud server creation (operation name: createServer) as an example to describe how to store and query audit traces using LTS. Prerequisite You have enabled CTS.
Trace transfer: Traces can be transferred to Object Storage Service (OBS) buckets periodically. During transfer, traces are compressed into trace files by service.
Set parameters in the request body as follows: POST /v1.0/{project_id}/tracker { "bucket_name": "obs-f1da", //Name of an OBS bucket to which traces will be transferred. This parameter is mandatory and its value is a string.
However, new traces recorded after you disable the tracker cannot be viewed and transferred to OBS or LTS, and key event notifications will not be sent. Prerequisites A data tracker has been created. Deleting a Data Tracker Log in to the management console.
CTS supports integrity verification of trace files for trackers configured with OBS transfer. Enabling Verification of Trace File Integrity Log in to the management console. Click in the upper left corner to select the desired region and project.
Other APIs Other CTS APIs, including those for querying the tracker quota, querying all operations on a cloud service, querying audit log operator list, checking whether data can be transferred to the configured OBS bucket, and querying the resources involved in the traces.
However, new traces recorded after you disable the tracker cannot be viewed and transferred to OBS or LTS, and key event notifications will not be sent. Enable CTS again to restore the management tracker. Prerequisites You have enabled CTS.
