User Guide...Cloud Trace Service User Guide Contents Issue 09 (2018-01-15) ii Contents 1 Overview 1...
Transcript of User Guide...Cloud Trace Service User Guide Contents Issue 09 (2018-01-15) ii Contents 1 Overview 1...
Cloud Trace Service
User Guide
Issue 09
Date 2018-01-15
Cloud Trace Service
User Guide Contents
Issue 09 (2018-01-15) ii
Contents
1 Overview ......................................................................................................................................... 1
1.1 Basic Concepts.............................................................................................................................................................. 1
1.1.1 Cloud Trace Service ................................................................................................................................................... 1
1.1.2 Trackers ..................................................................................................................................................................... 1
1.1.3 Traces ......................................................................................................................................................................... 1
1.1.4 Trace Lists .................................................................................................................................................................. 2
1.1.5 Trace Files .................................................................................................................................................................. 2
1.1.6 Region ........................................................................................................................................................................ 3
1.1.7 Project ........................................................................................................................................................................ 3
1.2 How CTS Functions ..................................................................................................................................................... 4
1.3 Application Scenarios ................................................................................................................................................... 4
1.4 Supported Services ....................................................................................................................................................... 5
1.4.1 Computing ................................................................................................................................................................. 5
1.4.2 Network ..................................................................................................................................................................... 9
1.4.3 Storage ..................................................................................................................................................................... 11
1.4.4 Management & Deployment .................................................................................................................................... 13
1.4.5 Application ............................................................................................................................................................... 16
1.4.6 Database ................................................................................................................................................................... 18
1.4.7 Enterprise Application ............................................................................................................................................. 18
1.4.8 Data Analysis ........................................................................................................................................................... 20
1.5 Accessing CTS ............................................................................................................................................................ 21
2 Getting Started............................................................................................................................. 22
2.1 Enabling CTS ............................................................................................................................................................. 22
2.2 Querying Real-Time Traces ........................................................................................................................................ 23
2.3 Querying Archived Traces .......................................................................................................................................... 24
3 Management ................................................................................................................................. 26
3.1 Modifying a Tracker ................................................................................................................................................... 26
3.2 Disabling or Enabling a Tracker ................................................................................................................................. 27
3.3 Deleting a Tracker ....................................................................................................................................................... 27
4 CTS Application Examples ....................................................................................................... 29
4.1 Security Auditing ........................................................................................................................................................ 29
4.2 Fault Locating ............................................................................................................................................................. 30
Cloud Trace Service
User Guide Contents
Issue 09 (2018-01-15) iii
4.3 Resource Tracing ........................................................................................................................................................ 31
5 CTS Trace Reference .................................................................................................................. 32
5.1 Trace Structure ............................................................................................................................................................ 32
5.2 Trace Examples ........................................................................................................................................................... 34
6 FAQs .............................................................................................................................................. 37
6.1 Can Multiple Trackers Be Created for One Tenant? ................................................................................................... 37
6.2 Which Type of Information Is Displayed on the Trace List? ...................................................................................... 37
6.3 Can Information Be Deleted from the Trace List? ...................................................................................................... 37
6.4 Which Users May Require CTS? ................................................................................................................................ 37
6.5 How Long Can Trace Files Be Retained? ................................................................................................................... 38
6.6 What Will Happen If I Have Enabled CTS But Have Not Configured a Correct Policy for the OBS Bucket? .......... 38
6.7 Does CTS Support Authentication of Keywords of Trace Files? ................................................................................ 38
6.8 Does Enabling CTS Affect the Performance of Other Cloud Resources? .................................................................. 38
6.9 Why Are Fields IP, code, request, response, and message of Some Traces Displayed on the View Trace Page Null?38
6.10 Why Is the Resource ID of Some Traces in the Trace List a Hyperlink? .................................................................. 39
6.11 Why Do Some Operation Records Occur Twice in the Trace List? .......................................................................... 39
6.12 Why Is user_account/op_service Displayed When I Filter Traces by Operator? ...................................................... 39
6.13 Which Type of OBS Buckets Is Suitable for CTS to Store Traces, Standard Storage, Low-Frequent Access Storage,
or Archived Storage? ........................................................................................................................................................ 39
A Change History ........................................................................................................................... 40
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 1
1 Overview
1.1 Basic Concepts
1.1.1 Cloud Trace Service
The log audit module is a core component necessary for information security audit and an
important of information system security risk management and control for enterprises and
organizations. As the information system is migrating to the cloud, information and data
security management departments around the world have released multiple standards, such
as ISO IEC27000, GB/T 20945-2013, COSO, COBIT, ITIL, and NISTSP800.
Cloud Trace Service (CTS) is a log audit service intended for cloud security. It allows you to
collect, store, and query cloud resource operation records and use these records for security
analysis, compliance auditing, resource tracking, and fault locating.
CTS provides the following functions:
Log recording: CTS records operations performed on the management console or by
calling APIs, as well as operations triggered by each cloud service.
Log query: Operation records of the last seven days can be queried on the management
console from multiple dimensions, such as trace source, trace name, operation type,
resource name, resource ID, and time.
Log dumping: Logs are delivered to the Object Storage Service (OBS) buckets at a
regular basis for long time storage. In the process, logs are changed to trace files and
classified by service.
1.1.2 Trackers
A tracker is automatically created after CTS is enabled. This tracker automatically identifies
and associates with all cloud services enabled by the current tenant, and records all operations
by the tenant.
Only one tracker can be created for each tenant.
1.1.3 Traces
Traces are operations logs of cloud service resources that are captured and stored by CTS.
You can view these traces to see a history of the operations performed by a specific user on
specific resources.
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 2
There are two types of traces:
Real-time trace
An operation record generated during the last seven days
Archived trace
A historical operation record that has been stored in an OBS bucket
1.1.4 Trace Lists
A trace list displays details about the operations that have been performed by a tenant, such as
creating, modifying, and deleting cloud service resources. It contains all of the traces that
were generated during the last seven days.
1.1.5 Trace Files
Trace files are collections of traces that CTS automatically generates by service and dump
interval. These trace files are simultaneously delivered to the OBS buckets you have
specified.
Generally, all traces of a single service generated during a dump interval are compressed to
one trace file. However, if there are a large number of traces, the system will adjust the
number of traces contained in each trace file as needed.
Traces files are in JSON format. Figure 1-1 shows an example of a trace file.
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 3
Figure 1-1 Trace file example
For details about how to obtain trace files, see section 2.3 Querying Archived Traces. For
details about key fields in the structure of a trace, see section 5.1 Trace Structure.
1.1.6 Region
A region refers to the geographic area where the server for installing CTS is located. AZs in
the same geographic area can communicate with each other through the internal network.
Public cloud data centers (DCs) are scattered in different regions around the world, for
example, North America, Europe, and Asia. Enabling CTS in different regions makes
applications more user-friendly or meets laws or other requirements of different areas.
1.1.7 Project
A project is used to group and isolate OpenStack resources, including computing, storage, and
network resources. Multiple projects can be created under one account, and a project may be a
department or a project team.
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 4
1.2 How CTS Functions
CTS interconnects directly with other cloud services and records the operations performed on
cloud resources by cloud tenants and operation results in real time. It stores records in the
form of trace files to an OBS bucket.
Before enabling CTS, you must enable OBS. After CTS is enabled, the associated tracker can
track the generated trace files and store them in OBS buckets.
You can perform two types of operations on a trace file:
Trace file creation and storage
− When adding, deletion, or modification operations are performed in services interconnected with CTS, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), and Image Management Service (IMS), the operations and their results will be automatically recorded and then delivered in the form of traces to CTS for archiving.
− Operation records of the last seven days are displayed on the CTS console and are periodically delivered to the OBS bucket that you define for long-term storage.
Trace file query
− You can query operation records of the last seven days on the Trace List page by filters, including time.
− To query operation records earlier than seven days, you can download the trace files stored in the OBS buckets.
− You can enable, disable, delete, or a tracker on the Tracker page.
For example, if you create an image using the IMS service, the IMS service will report
the image creation to CTS which will then deliver the trace to the OBS bucket for
storage. You can view a trace file on the trace list. Figure 1-2 shows how CTS functions.
Figure 1-2 How CTS functions
1.3 Application Scenarios
CTS is mainly used in the following scenarios:
Compliance auditing
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 5
CTS allows you to query all operation records for security control. This is essential for
enterprises and organizations, especially financial and payment enterprises, to obtain the
certification, such as PCI DSS, GB/T 24589.1, and COSO.
Resource tracking
By using CTS, you can search for resources and track operations on and changes to any
cloud resources during their lifecycle, as well as the source and result of each operation
or change, to better use resources.
Fault locating
When a cloud resource becomes faulty, you can use traces generated by CTS to quickly
find out the suspicious operation causing the fault and its result, greatly reducing the
time and labor costs on locating and rectifying the fault.
Security analysis
Enterprises and organizations can specify the scope of risky operations or key operations
based on their requirements, and periodically view the operator, time and IP address of
each operation request to which attention must be paid for security analysis.
1.4 Supported Services
1.4.1 Computing
Elastic Cloud Server (ECS)
An ECS is a computing server that consists of CPUs, memory, images, and EVS disks,
and that allows on-demand allocation and elastic scaling. ECS integrates virtual private
cloud (VPC), virtual firewall, and multi-data-copy capabilities to construct an efficient,
reliable, and secure computing environment. It ensures that your services are stable and
can run continuously.
With CTS, you can record operations associated with ECSs for later query, audit, and
backtrack operations.
Table 1-1 ECS operations that can be recorded by CTS
Operation Resource Type Trace Name
Creating an ECS ecs createServer
Deleting an ECS ecs deleteServer
Operating an ECS ecs serverActions
Adding NICs to an ECS ecs addNic
Deleting NICs from an ECS ecs deleteNic
Attaching EVS disks to an ECS ecs attachVolume
Detaching EVS disks from an
ECS
ecs detachVolume
Reinstalling the OS ecs reinstallOs
Changing the OS ecs changeOs
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 6
Operation Resource Type Trace Name
Modifying ECS specifications ecs resizeServer
Adding the automatic recovery tag
to VM
ecs addAutoRecovery
Deleting the automatic recovery
tag to VM
ecs deleteAutoRecovery
Deleting a security group rule ecs deleteSgRule
Creating a security group rule ecs createSgRule
Deleting a floating IP address ecs deleteFloatingIp
Creating a floating IP address ecs createFloatingIp
Updating a security group ecs updateSecurityGroup
Creating a security group ecs createSecurityGroup
Image Management Service (IMS)
IMS provides simple and convenient image management. You can use a public or private
image to create an ECS. You can also create a private image using an existing ECS or an
external image file.
With CTS, you can record operations associated with IMS for later query, audit, and
backtrack operations.
Table 1-2 IMS operations that can be recorded by CTS
Operation Resource Type Trace Name
Creating an image ims createImage
Modifying an image ims updateImage
Deleting images in batches ims deleteImage
Adding a member ims addMember
Modifying image members
in batches
ims updateMember
Deleting image members
in batches
ims deleteMember
Bare Metal Server (BMS)
BMSs are dedicated physical servers for individual tenants. BMSs provide remarkable
computing performance and stability required by core applications. In addition, BMSs
can be combined flexibly with other cloud services, such as VPC, boasting both the
stability of the traditional host service and the high elasticity of cloud resources.
With CTS, you can record operations associated with BMS for later query, audit, and backtrack operations.
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 7
Table 1-3 BMS operations that can be recorded by CTS
Operation Resource Type Trace Name
Creating a BMS bms createBareMetalServers
Deleting a BMS bms deleteBareMetalServers
Starting a BMS bms startBareMetalServers
Stopping a BMS bms stopBareMetalServers
Restarting a BMS bms rebootBareMetalServers
Attaching a data volume
to a BMS
bms attachDataVolume
Detaching a data volume
from a BMS
bms detachDataVolume
Auto Scaling (AS)
AS automatically adjusts compute resources based on your service requirements and AS
policies you have configured to ensure that the number of ECSs increases or decreases as
the service load changes over time and that services are running properly.
With CTS, you can record operations associated with AS for later query, audit, and
backtrack operations.
Table 1-4 AS operations that can be recorded by CTS
Operation Resource Type Trace Name
Creating an AS group scaling_group createScalingGroup
Modifying an AS group scaling_group modifyScalingGroup
Deleting an AS group scaling_group deleteScalingGroup
Enabling an AS group scaling_group enableScalingGroup
Disabling an AS group scaling_group disableScalingGroup
Creating an AS
configuration
scaling_configuration createScalingConfiguration
Deleting an AS
configuration
scaling_configuration deleteScalingConfiguration
Deleting AS
configurations in batches scaling_configuration batchDeleteScalingConfiguratio
n
Creating an AS policy scaling_policy createScalingPolicy
Modifying an AS policy scaling_policy modifyScalingPolicy
Deleting an AS policy scaling_policy deleteScalingPolicy
Enabling an AS policy scaling_policy enableScalingPolicy
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 8
Operation Resource Type Trace Name
Disabling an AS policy scaling_policy disableScalingPolicy
Executing an AS policy scaling_policy executeScalingPolicy
Removing instances from
an AS group
scaling_instance removeInstance
Removing instances in
batches
scaling_instance batchRemoveInstances
Adding instances in
batches
scaling_instance batchAddInstances
Cloud Container Engine (CCE)
CCE is a platform for developing, deploying, and managing containerized applications.
CCE provides a cost-efficient way to roll out new containerized applications anywhere
and at any time, shortening their time to market (TTM).
With CTS, you can record operations associated with CCE for later query, audit, and
backtrack operations.
Table 1-5 CCE operations that can be recorded by CTS
Operation Resource Type Trace Name
Uploading a certificate aksk uploadAKSK
Creating a cluster cluster_cce createCluster
Upgrading a cluster cluster_cce upgradeCluster
Updating a cluster cluster_cce updateCluster
Deleting a cluster cluster_cce deleteCluster
Creating a node node createNode
Deleting a node node deleteNode
Creating a template component createComponent
Updating a template component updateComponent
Deleting a template component deleteComponent
Creating an application app createApp
Updating an application app updateApp
Rolling back an
application
app rollBackApp
Deleting an application app deleteApp
Creating an application
using a blueprint
app createAppByBlueprint
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 9
Operation Resource Type Trace Name
Creating a blueprint blueprint createBlueprint
Deleting a blueprint blueprint deleteBlueprint
Updating a blueprint blueprint updateBlueprint
Renaming a blueprint blueprint renameBlueprint
Validating a blueprint blueprint validateBlueprint
Deleting junk images image garbageCollectImage
Deleting a specified
image
image deleteImage
Deleting a tag image image deleteTagImage
Updating the description
of an image
image updateImageDesc
Creating a policy policy createPolicy
Updating a policy policy updatePolicy
Deleting a policy policy deletePolicy
Enabling a policy policy enablePolicy
Disabling a policy policy disablePolicy
Creating a periodic or
scheduled policy
scaling_policy_cce createScalingPolicy
Deleting a periodic or
scheduled policy
scaling_policy_cce deleteScalingPolicy
1.4.2 Network
Virtual Private Cloud (VPC)
VPC lets you provision logically isolated, configurable, and manageable virtual networks
for ECSs, improving the security of your resources in the cloud and simplifying network
deployment.
With CTS, you can record operations associated with VPC for later query, audit, and
backtrack operations.
Table 1-6 VPC operations that can be recorded by CTS
Operation Resource Type Trace Name
Modifying the bandwidth bandwidth modifyBandwidth
Creating an EIP eip createEip
Releasing an EIP eip deleteEip
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 10
Operation Resource Type Trace Name
Binding an EIP eip bindEip
Unbinding an EIP eip unbindEip
Creating a private IP
address
privateIps createPrivateIp
Deleting a private IP
address
privateIps deletePrivateIp
Creating a security group security_group createSecurityGroup
Modifying Object Groups security_group modifySecurityGroup
Creating a subnet subnet createSubnet
Deleting a subnet subnet deleteSubnet
Modifying a subnet subnet modifySubnet
Creating a VPC vpc createVpc
Deleting a VPC vpc deleteVpc
Modifying a VPC vpc modifyVpc
Creating a VPN vpn createVpn
Deleting a VPN vpn deleteVpn
Modifying a VPN vpn modifyVpn
Elastic Load Balance (ELB)
ELB automatically distributes access traffic among multiple ECSs to balance their
service loads. It improves your applications' fault tolerance and expands their service
capabilities.
With a web-based console, you can create load balancers, configure the ports required
for listening, and add backend ECSs for load balancers. ELB helps eliminate single
points of failure (SPOFs), improving availability of the whole system.
With CTS, you can record operations associated with ELB for later query, audit, and
backtrack operations.
Table 1-7 ELB operations that can be recorded by CTS
Operation Resource Type Trace Name
Configuring access logs Access Log ConfigureAccess Log
Creating a certificate certificate createcertificate
Updating a certificate certificate updatecertificate
Deleting a certificate certificate deletecertificate
Creating a health check healthmonitor createHealthmonitor
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 11
Operation Resource Type Trace Name
task
Updating a health check
task
healthmonitor updateHealthmonitor
Deleting a health check
task
healthmonitor deleteHealthmonitor
Creating a forwarding
policy
l7policy createL7policy
Updating a forwarding
policy
l7policy updateL7policy
Deleting a forwarding
policy
l7policy deleteL7policy
Creating a forwarding rule l7rule createL7rule
Updating a forwarding rule l7rule updateL7rule
Deleting a forwarding rule l7rule deleteL7rule
Creating a listener listener createListener
Updating a listener listener updateListener
Deleting a listener listener deleteListener
Creating a load balancer loadbalancer createLoadbalancer
Updating a load balancer loadbalancer updateLoadbalancer
Deleting a load balancer loadbalancer deleteLoadbalancer
Adding a backend ECS member createMember
Updating a backend ECS member updateMember
Removing a backend ECS member deleteMember
Creating a backend ECS
group
pool createPool
Updating a backend ECS
group
pool updatePool
Deleting a backend ECS
group
pool deletePool
1.4.3 Storage
Elastic Volume Service (EVS)
An EVS disk is a type of virtual block storage device that is based on the distributed
architecture and can elastically scale up or down. EVS disks can be operated online. Using them is similar to using common server hard disks. Compared with common
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 12
server hard disks, EVS disks have higher data reliability and I/O throughput capabilities.
They are also easier to use. EVS disks apply to file systems, databases, or system
software or other applications that require block storage devices.
With CTS, you can record operations associated with EVS disks for later query, audit,
and backtrack operations.
Table 1-8 EVS operations that can be recorded by CTS
Operation Resource Type Trace Name
Creating an EVS disk evs createVolume
Updating an EVS disk evs updateVolume
Expanding EVS disk
capacity
evs extendVolume
Deleting an EVS disk evs deleteVolume
Volume Backup Service (VBS)
Volume Backup Service (VBS) provides snapshot-based data protection for EVS disks
on ECSs in the public cloud environment. VBS supports both full and incremental
backups. By default, the system performs a full backup initially, and then performs
incremental backups. You can use those data backups generated in either backup mode to
restore EVS disks to the state they were in when the backup was created.
With CTS, you can record operations associated with VBS backups for later query, audit,
and backtrack operations.
Table 1-9 VBS operations that can be recorded by CTS
Operation Resource Type Trace Name
Creating a VBS backup vbs bksCreateBackup
Deleting a VBS backup vbs bksDeleteBackup
Restoring a VBS backup vbs bksRestoreBackup
Binding a backup policy autobackup addPolicyResource
Unbinding a backup policy autobackup deletePolicyResource
Executing a backup policy autobackup actionPolicy
Creating a backup policy autobackup createPolicy
Deleting a backup policy autobackup deletePolicy
Modifying a backup policy autobackup modifyPolicy
Creating backups
scheduled by a backup
policy
autobackup schedulecreateBackup
Automatically deleting
redundant backups autobackup scheduledeleteBackup
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 13
Operation Resource Type Trace Name
scheduled by a backup
policy
Object Storage Migration Service (MaaS)
MaaS enables you to migrate object storage on other cloud platforms to the OBS service.
The migration operations are simple. Users can use the console to create automatic
migration tasks or manually perform migration tasks.
With CTS, you can record operations associated with MaaS for later query, audit, and
backtrack operations.
Table 1-10 MaaS operations that can be recorded by CTS
Operation Resource Type Trace Name
Creating a task migrationTask createTask
Deleting a task migrationTask deleteTask
Starting a task migrationTask startTask
Stopping or suspending a
task
migrationTask stopTask
1.4.4 Management & Deployment
Cloud Trace Service (CTS)
CTS provides records of operations on cloud service resources. With CTS, you can query,
audit, and backtrack operations.
With CTS, you can record operations associated with CTS itself for later query, audit,
and backtrack operations.
Table 1-11 CTS operations that can be recorded by itself
Operation Resource Type Trace Name
Creating a tracker tracker createTracker
Modifying a tracker tracker updateTracker
Disabling a tracker tracker updateTracker
Enabling a tracker tracker updateTracker
Deleting a tracker tracker deleteTracker
Cloud Eye (CES)
CES is an open monitoring platform. It provides monitoring, alarm reporting, and alarm
notification for your resources in near-real time.
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 14
With CTS, you can record operations associated with CES for later query, audit, and
backtrack operations.
Table 1-12 CES operations that can be recorded by CTS
Operation Resource Type Trace Name
Creating an alarm rule alarm_rule createAlarmRule
Modifying an alarm rule alarm_rule updateAlarmRule
Enabling an alarm rule alarm_rule enableAlarmRule
Disabling an alarm rule alarm_rule disableAlarmRule
Deleting an alarm rule alarm_rule deleteAlarmRule
Changing the alarm rule status
to alarm
alarm_rule alarmStatusChangeToAlarm
(The Trace Name is alarm in
versions earlier than 1.3.0.)
Changing the alarm rule status
to ok
alarm_rule alarmStatusChangeToOk
(The Trace Name is ok in
versions earlier than 1.3.0.)
Changing the alarm rule status
to insufficientData
alarm_rule alarmStatusChangeToInsufficient
Data
(The Trace Name is
insufficientData in versions
earlier than 1.3.0.)
Identity and Access Management (IAM)
IAM enables you to centrally manage authentication information, including your
authenticated email, phone number, and password. When you invoke an interface to
apply for an ECS, manage cloud resources, or log in to the public cloud platform in
multi-tenant mode, you can query the required project ID, AK/SK, and username in real
time.
With CTS, you can record operations associated with IAM for later query, audit, and
backtrack operations.
Table 1-13 IAM operations that can be recorded by CTS
Operation Resource Type Trace Name
Creating an agency agency createAgency
Deleting an agency agency deleteAgency
Modifying agency information agency updateAgency
Updating the login policy domain updateSecurityPolicies
Updating the password policy domain updatePasswordPolicies
Updating the access control domain updateACLPolicies
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 15
Operation Resource Type Trace Name
list (ACL)
Updating the security warning
policy
domain updateWarningPolicies
Creating a domain domain createDomain
Creating an identity provider
(IDP)
identityProvider createIdentityProvider
Deleting an IDP identityProvider deleteIdentityProvider
Modifying an IDP identityProvider updateIdentityProvider
Updating the IDP metadata identityProvider updateMetadata
Updating the preset IDP
metadata
identityProvider updateSystemMetaConfigure
User login user login
User logout user logout
Resetting the login password user changePassword
Creating a user user createUser
Deleting a user user deleteUser
Modifying a user user updateUser
Creating an AK/SK user addCredential
Deleting an AK/SK user deleteCredential
Changing the email address user modifyUserEmail
Changing the mobile phone
number
user modifyUserMobile
Changing the password user modifyUserPassword
Enabling the two-factor
authentication for login
user modifySMVerify
Uploading a user picture user modifyUserPicture
Modifying latch user modifyLatchVerify
Modifying mc user modifyMCConnectVerify
Setting the user password user setPasswordByAdmin
Switching user roles user switchRole
Creating a user group userGroup createUserGroup
Deleting a user group userGroup deleteUserGroup
Modifying a user group userGroup updateUserGroup
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 16
Operation Resource Type Trace Name
Creating a project project createProject
Updating a project project updateProject
Freezing a project project suspendProject
Canceling project deletion project cancelProjectDeletion
IAM is a global-level service and IAM traces are only displayed for the central region of the current site.
Tag Management Service (TMS)
Tag Management Service (TMS) is a visualized service for fast, unified tag management
that enables you to control your resource permissions and billing more efficiently. It
allows you to tag and categorize cloud services across regions, and it can be accessed
through the TMS console or using APIs.
With CTS, you can record operations associated with TMS for later query, audit, and
backtrack operations.
Table 1-14 TMS operations that can be recorded by CTS
Operation Resource Type Trace Name
Creating or deleting a
predefined tag
application addTag/deleteTag
Modifying a predefined tag application modifyTag
Creating or deleting a
resource tag
application addResourceTage/deleteResourc
eTag
TMS is a global-level service and TMS traces are only displayed for the central region of the current
site.
1.4.5 Application
Simple Message Notification (SMN)
SMN enables you to easily publish, maintain, and send notifications on the cloud
platform.
In SMN, deleting a topic will delete all subscription information associated with the topic, and the
subscription information deletion operation will not be recorded by CTS.
With CTS, you can record operations associated with SMN for later query, audit, and
backtrack operations.
Table 1-15 SMN operations that can be recorded by CTS
Operation Resource Type Trace Name
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 17
Operation Resource Type Trace Name
Creating a topic topic createTopic
Deleting a topic topic deleteTopic
Updating a topic topic updateTopic
Updating attributes of a
topic
topic updateTopicAttribute
Deleting all topic
attributes
topic deleteTopicAttributes
Deleting a specified topic
attribute
topic deleteTopicAttributeByName
Adding a subscription subscription subscribe
Deleting a subscription subscription unsubscribe
Creating a message
template message_template createMessageTemplate
Creating message
templates in batches
message_template batchCreateMessageTemplate
Modifying a message
template
message_template updateMessageTemplate
Deleting a message
template
message_template deleteMessageTemplate
Creating an SMS
signature
sms createSmsSign
Deleting an SMS
signature
sms deleteSmsSign
Updating an SMS
message event
sms updateSmsEvent
Distributed Message Service (DMS)
DMS is a Kafka-based and high-performance message service that allows multi-user and
concurrent access and message queue isolation.
With CTS, you can record operations associated with DMS for later query, audit, and
backtrack operations.
Table 1-16 DMS operations that can be recorded by CTS
Operation Resource Type Trace Name
Creating a queue queue createQueue
Deleting a queue queue deleteQueue
Creating a group group createGroup
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 18
Operation Resource Type Trace Name
Deleting a group group deleteGroup
1.4.6 Database
Distributed Cache Service (DCS)
DCS is an online distributed database service that is based on the cloud computing
platform, available immediately after it is enabled, stable and reliable, scalable online,
and easy to manage.
With CTS, you can record operations associated with DCS for later query, audit, and
backtrack operations.
Table 1-17 DCS operations that can be recorded by CTS
Operation Resource Type Trace Name
Creating a DCS instance
(on-demand)
DCS createDCSInstance
Creating a DCS instance
(duration-based)
DCS createDCSInstance
Modifying information about
a DCS instance
DCS modifyDCSInstanceInfo
Deleting a DCS instance DCS deleteDCSInstance
Modifying configuration of a
DCS instance
DCS modifyDCSInstanceConfig
Changing the status of a DCS
instance
DCS startDCSInstance\closeDCSInstance\
restartDCSInstance
Changing the name of a DCS
instance DCS modifyDCSInstancePassword
1.4.7 Enterprise Application
Workspace
Workspace is a cloud computing–based desktop service that is superior to traditional
desktop services. Workspace supports access by various devices, including PCs running
Windows or Mac, iPad, iPhone, and Android smart devices. It enables you to access,
store, and obtain files and applications anywhere and at any time, that is, mobile working
and entertainment. Workspace provides configuration similar to a traditional desktop,
including vCPU, GPU, memory, disks, and Windows. You can use it in the same way
you use a PC.
With CTS, you can record operations associated with Workspace for later query, audit,
and backtrack operations.
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 19
Table 1-18 Workspace operations that can be recorded by CTS
Operation Resource Type Trace Name
Updating the status of a
cloud service
workspace updateDesktopMetadata
Order a desktop workspace orderVm
Restarting a VM workspace rebootDesktop
Stopping a VM workspace shutdownDesktop
Starting a VM workspace startDesktop
Deleting a VM workspace deleteDesktop
Updating the status of a
desktop
workspace updateDesktopStatus
Deleting user information workspace deleteUser
Exporting user
information
workspace exportUserInfo
Unlocking a user workspace unlockUser
Resetting a password workspace resetUserPassword
Downloading a user
template
workspace downloadUserModel
Deleting an on-demand
task
workspace deleteJob
Applying for modifying
the password (the domain
user)
workspace updateDomainUserPassword
Synchronizing the
resource tenants (Identity
and Access Management)
workspace synIamResourceTenant
Updating the policy
group
workspace updatePolicy
Enabling Workspace workspace openService
Changing the domain
password
workspace updateAdPwd
Disabling Workspace workspace tenantClose
Retrying failed
Workspace enabling and
disabling tasks
workspace tenantRetryServiceTask
Restoring the
infrastructure VM
workspace restoreManagerVmBackup
Modifying the desktop workspace modifyDesktopAttributes
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 20
Operation Resource Type Trace Name
attributes
Updating the domain
name
workspace updateRecordSet
1.4.8 Data Analysis
MapReduce Service (MRS)
MRS is a data processing and analysis service that is based on a cloud computing
platform. It is stable, reliable, scalable, and easy to manage.
With CTS, you can record operations associated with MRS for later query, audit, and
backtrack operations.
Table 1-19 MRS operations that can be recorded by CTS
Operation Resource Type Trace Name
Creating a cluster cluster createCluster
Deleting a cluster cluster deleteCluster
Expanding a cluster cluster scaleOutCluster
Downsizing a cluster cluster scaleInCluster
Data Pipeline Service (DPS)
DPS helps you move data among different services and convert data formats. With DPS,
you can predefine the data processing task, execution sequence task, and scheduling plan.
DPS can process complex data according to predefined tasks.
With CTS, you can record operations associated with DPS for later query, audit, and
backtrack operations.
Table 1-20 DPS operations that can be recorded by CTS
Operation Resource Type Trace Name
Creating a pipeline pipeline createPipeline
Deleting a pipeline pipeline deletePipeline
Editing a pipeline pipeline putPipelineDefinition
Verifying a pipeline pipeline validatePipelineDefinition
Starting a pipeline pipeline activatePipeline
Stopping a pipeline pipeline deactivatePipeline
Starting a pipeline pipeline schedulePipeline
Restoring a pipeline pipeline restorePipeline
Cloud Trace Service
User Guide 1 Overview
Issue 09 (2018-01-15) 21
Operation Resource Type Trace Name
Stopping a pipeline pipeline stopSchedulePipeline
Terminating pipeline
scheduling
pipeline endSchedulePipeline
Verifying the user status pipeline customerVerifiedStatus
Submitting a pipeline
order
pipeline orderPeriodicPipeline
Setting a quota certificate setQuotas
1.5 Accessing CTS
A web-based service management console is provided for you to access CTS. If you have
registered on the public cloud platform, log in to the management console and click Cloud
Trace Service under Management & Deployment.
Cloud Trace Service
User Guide 2 Getting Started
Issue 09 (2018-01-15) 22
2 Getting Started
2.1 Enabling CTS
Scenarios
A tracker will be automatically created after CTS is enabled. All traces recorded by CTS are
associated with a tracker. Currently, only one tracker can be created for each tenant.
Trace files need to be stored in the OBS bucket. Therefore, before enabling CTS, you must
enable OBS first and have full permissions of the OBS bucket you are to use. By default, only
the owner of an OBS bucket has access to the bucket and the objects in it, but the owner can
grant other services and users access to the OBS bucket by configuring the access policy.
The tracker created in a multi-project scenario can only track resources under current projects.
If tracking cloud resources under another project is required, you need to create a tracker
under the project.
This section describes how to enable CTS.
Prerequisites
OBS has been enabled.
Procedure
1. Log in to the management console.
2. Click in the upper left corner of the management console and select the region and
project.
3. Click and select Cloud Trace Service under Management & Deployment.
4. Click Tracker in the left pane.
5. Click Enable CTS.
6. Specify , OBS Bucket, and File Prefix. Table 2-1 lists the parameters.
Table 2-1 Parameter description
Parameter Description Example Value
Cloud Trace Service
User Guide 2 Getting Started
Issue 09 (2018-01-15) 23
Parameter Description Example Value
OBS Bucket Name of the OBS bucket in which trace files are to
be stored
buckert-00
1
File Prefix Used for identifying the logs stored in the OBS
bucket. This parameter is optional. The value is a
string of 0–64 characters, and can contain
uppercase and lowercase letters, digits, hyphens
(-), underscores (_), and dots (.). If a tracker is
created, a value will be generated automatically in
the same way as you specify the value manually.
N/A
7. Click OK.
After CTS is enabled, you can view details of the established trackers on the Tracker page.
2.2 Querying Real-Time Traces
Scenarios
After CTS is enabled, the tracker starts recording operations on cloud resources. Operation
records for the last seven days can be viewed on the CTS console.
This section describes how to query operation records of the last seven days on the CTS
console.
Procedure
1. Log in to the management console.
2. Click in the upper left corner of the management console and select the region and
project.
3. Click and select Cloud Trace Service under Management & Deployment.
4. Click Trace List in the left pane.
5. Specify the filters used for querying traces. The following four filters are available:
− Trace Source, Resource Type, and Search By
Select the filter from the drop-down list.
When you select Trace name for Search By, you also need to select a specific trace
name.
When you select Resource ID for Search By, you also need to select or enter a
specific resource ID.
When you select Resource name for Search By, you also need to select or enter a
specific resource name.
− Operator: Select a specific operator (a user other than tenant).
− Trace Rating: Available options include All trace status, normal, warning, and
incident. You can only select one of them.
Cloud Trace Service
User Guide 2 Getting Started
Issue 09 (2018-01-15) 24
− Start time and end time: You can specify the time period to query traces.
6. Click on the left of a trace to expand its details.
7. Click View Trace in the Operation column. In the displayed View Trace dialog box,
the trace structure details are displayed.
For details about the key fields in the CTS trace structure, see sections 5.1 Trace
Structure and 5.2 Trace Examples.
2.3 Querying Archived Traces
Scenarios
CTS stores the recorded traces in the form of trace files to an OBS bucket in real time. Trace
files are collections of traces that CTS automatically generates by service and dump interval.
CTS adjusts the number of traces contained in a trace file as the service load changes.
This section describes how to obtain historical operation records from the trace files
downloaded from the OBS bucket.
Procedure
1. Log in to the management console.
2. Click in the upper left corner of the management console and select the region and
project.
3. Click and select Cloud Trace Service under Management & Deployment.
4. Click Tracker in the left pane.
5. Click the OBS bucket name in the OBS Bucket column. You are redirected to the
Manage Objects page on the OBS console that contains the OBS bucket.
6. Select the target trace. Choose OBS bucket name > CloudTraces > Region > Year >
Month > Day > Service type directory. Click Download in the Operation column to
download the trace file to the default path. To download the trace file to a customized
path, click Download As.
− The trace file storage path is as follows:
OBS bucket name > CloudTraces > Region > Year > Month > Day > Service type
directory
An example is User Define > CloudTraces > region > 2016 > 5 > 19 > ECS.
− The trace file naming format is as follows:
Operation trace file prefix_CloudTrace_Region_/Region-projectTime when the log
was uploaded to OBS: year-month-dayThour-minute-secondZ_Character randomly
generated.json.gz
An example is File
Prefix_CloudTrace_region_2016-05-30T16-20-56Z_21d36ced8c8af71e.json.gz.
The OBS bucket name and trace file prefix are user-defined, and other parameters are automatically
generated.
For details about the key fields in the CTS trace structure, see sections 5.1 Trace
Structure and 5.2 Trace Examples.
Cloud Trace Service
User Guide 2 Getting Started
Issue 09 (2018-01-15) 25
7. Extract a JSON file with the same name as the downloaded trace file shown in Figure
2-1 and open the JSON file using a text file editor to view the trace logs.
Figure 2-1 JSON file extracted from the downloaded trace file
Cloud Trace Service
User Guide 3 Management
Issue 09 (2018-01-15) 26
3 Management
3.1 Modifying a Tracker
Scenarios
This section describes how to modify the OBS bucket or file prefix of a created tracker on the
Cloud Trace Service console. If you modify the OBS bucket in the tracker, CTS will
automatically add a policy to the new OBS bucket so that trace files can be delivered to the
new OBS bucket for storage. If you modify the operation trace file prefix in the tracker, the
OBS policy will not be affected. After the modification is complete, the system will
immediately start recording operations under the new rule.
This section describes how to modify the tracker configuration.
Prerequisites
You have created a tracker for CTS.
Procedure
1. Log in to the management console.
2. Click in the upper left corner of the management console and select the region and
project.
3. Click and select Cloud Trace Service under Management & Deployment.
4. Click Tracker in the left pane.
5. Click Modify in the Operation column. You can specify an existing OBS bucket for
storing trace files, or rename File Prefix.
6. Click OK.
After the tracker configuration is modified, you can view its new configuration on the
Tracker page.
Traces recorded by CTS are periodically delivered to the OBS bucket for storage. If you change the OBS
bucket for a tracker, traces generated during the current period (generally several minutes) will be
delivered to the new OBS bucket. For example, if the current period is from 12:00 to 12:05 and you
change the OBS bucket for the tracker at 12:02, traces received from 12:00 to 12:02 will be delivered to
the new OBS bucket at 12:05 for storage.
Cloud Trace Service
User Guide 3 Management
Issue 09 (2018-01-15) 27
3.2 Disabling or Enabling a Tracker
Scenarios
You can disable a created tracker on the Cloud Trace Service console. After the tracker is
disabled, the system will stop recording operations, but you can still view operation records
that have been recorded.
This section describes how to disable a tracker.
Prerequisites
You have created a tracker for CTS.
Procedure
1. Log in to the management console.
2. Click in the upper left corner of the management console and select the region and
project.
3. Click and select Cloud Trace Service under Management & Deployment.
4. Click Tracker in the left pane.
5. Click Disable in the Operation column.
6. Click OK.
7. After the tracker is disabled, Disable in the Operation column changes to Enable. To
enable the tracker again, click Enable. In the displayed dialog box, click OK. The
system will start recording operations again.
3.3 Deleting a Tracker
Scenarios
This section describes how to delete a created tracker on the Cloud Trace Service console.
Deleting the tracker has no impact on the operation records that have been generated. When
you enable CTS again, you can view operation records that have been generated.
This section describes how to delete the tracker.
Prerequisites
You have created a tracker for CTS.
Procedure
1. Log in to the management console.
2. Click in the upper left corner of the management console and select the region and
project.
3. Click and select Cloud Trace Service under Management & Deployment.
Cloud Trace Service
User Guide 3 Management
Issue 09 (2018-01-15) 28
4. Click Tracker in the left pane.
5. Click Delete in the Operation column.
6. Click OK.
Cloud Trace Service
User Guide 4 CTS Application Examples
Issue 09 (2018-01-15) 29
4 CTS Application Examples
4.1 Security Auditing
Scenarios
This section describes how to query records matching a specified characteristic and to
perform security analysis on the records to check whether the operations are performed by
authorized users.
Prerequisites
CTS has been enabled and the tracker is normal. For details about how to enable CTS, see
section 2.1 Enabling CTS.
Procedure
The following steps take the creation and deletion of EVS disks during the last two weeks as
an example.
1. Log in to the management console using the administrator account.
2. Click in the upper left corner of the management console and select the region and
project.
3. Click and select Cloud Trace Service under Management & Deployment.
4. Click Trace List in the left pane.
5. On the trace list page, click Filter. In the displayed box, specify Trace Source,
Resource Type, and Search By, and click Query to query the specified traces. For
example, you can select EVS for Trace Source, evs for Resource Type, and Trace
Name and createVolume (or deleteVolume) for Search By, and click Query to query
all the EVS creation (or deletion) operations.
6. Click Tracker in the left pane to switch to the Tracker page and obtain the OBS bucket
name.
7. Download archived or all trace files by following the instructions in section 2.3 Querying
Archived Traces.
8. In the trace files, search traces using keywords createVolume and deleteVolume.
Cloud Trace Service
User Guide 4 CTS Application Examples
Issue 09 (2018-01-15) 30
9. Obtain information about the user who performs the operation from the results in steps 5
and 8. Check whether the user performs any unauthorized operation or operation that
does not conform to the security operation rules.
4.2 Fault Locating
Scenarios
If a specified resource or an operation encounters an exception, you can query operation
records for the resource in the specified time period and view the request and response, which
may support fault locating.
Prerequisites
CTS has been enabled and the tracker is normal. For details about how to enable CTS, see
section 2.1 Enabling CTS.
Procedure
The following steps take the locating of an ECS fault after it occurred on one morning as an
example.
1. Log in to the management console using the administrator account.
2. Click in the upper left corner of the management console and select the region and
project.
3. Click and select Cloud Trace Service under Management & Deployment.
4. Click Trace List in the left pane.
5. On the trace list page, click Filter. In the displayed box, specify Trace Source,
Resource Type, and Search By, and click Query.
For example, you can select ECS for Trace Source, ecs for Resource Type, and Resource ID and ID of
the faulty VM for Search By, and set the time range to 06:00 to 12:00 at a certain date.
6. Check the query result. Pay special attention to the request type and response of each
trace, and traces whose Trace Status is warning or incident and traces whose response
showed a failure.
The following steps use the fault locating after an ECS creation task fails as an example.
1. Log in to the management console using the administrator account.
2. Click in the upper left corner of the management console and select the region and
project.
3. Click and select Cloud Trace Service under Management & Deployment.
4. Click Trace List in the left pane.
5. Specify the filter based on the failed ECS creation task. For example, you can select
ECS for Trace Source, ecs for Resource Type, and warning for Trace Status to query
the operation trace named createSingleServer.
6. Locate the fault based on the error code or error message in the trace.
Cloud Trace Service
User Guide 4 CTS Application Examples
Issue 09 (2018-01-15) 31
4.3 Resource Tracing
Scenarios
This section describes how to view operation records for any cloud resource in its life cycle
and how to check the operation details.
Prerequisites
CTS has been enabled and the tracker is normal. For details about how to enable CTS, see
section 2.1 Enabling CTS.
Procedure
The following steps take the records of operations on an ECS as an example.
1. Log in to the management console using the administrator account.
2. Click in the upper left corner of the management console and select the region and
project.
3. Click and select Cloud Trace Service under Management & Deployment.
4. Click Trace List in the left pane.
5. On the trace list page, click Filter. In the displayed box, specify Trace Source,
Resource Type, and Search By, and click Query to query the specified traces.
For example, you can select ECS for Trace Source, ecs for Resource Type, and Resource ID and ID of
the faulty ECS for Search By, and click Query to query traces of the last seven days.
6. Click Tracker in the left pane to switch to the Tracker page and obtain the OBS bucket
name.
7. Download archived or all trace files by following the instructions in section 2.3 Querying
Archived Traces.
8. Check the operation and change records of the ECS in the results of steps 5 and 7.
Cloud Trace Service
User Guide 5 CTS Trace Reference
Issue 09 (2018-01-15) 32
5 CTS Trace Reference
5.1 Trace Structure
Table 5-1 provides the key fields used by CTS to mark each operation trace.
Formats of some fields displayed on the management console are optimized so that you can
understand them easily.
This section describes the key fields of traces displayed on the management console.
Table 5-1 Key fields of traces
Field Mandatory Type Description
time Yes Date Time when a trace occurred
The value is the local standard time
(GMT+local time zone), for
example, 12/08/2016 11:24:04
GMT+08:00. This field is
transmitted and stored in the form
of a timestamp. It is the total
number of milliseconds from
00:00:00 on January 1, 1970
(UTC), or 08:00:00 on January 1,
1970 (CST) to the current time.
user Yes Structure Cloud account used to perform an
operation
This field is displayed in the
Operator column on the Trace
List page.
This field is transmitted and stored
in the API in the form of a string.
request No Structure Content requested by an operation
This field is transmitted and stored
in the API in the form of a string.
response No Structure Response to the request by an
operation
Cloud Trace Service
User Guide 5 CTS Trace Reference
Issue 09 (2018-01-15) 33
Field Mandatory Type Description
This field is transmitted and stored
in the API in the form of a string.
service_type Yes String Operation source
resource_type Yes String Resource type
resource_name No String Resource name
resource_id No String Unique resource ID
source_ip Yes String IP address of the user that performs
an operation
The value of this parameter is
empty if the operation is triggered
by the system.
trace_name Yes String Operation name
trace_status Yes String Trace level
The value can be All trace status,
normal, warning, or incident.
trace_type Yes String Operation type
There are three types of operations:
ConsoleAction: operations
performed on the management
console
SystemAction: operations triggered
by the system
ApiCall: operations triggered by
invoking ApiGateway.
api_version No String API version of the cloud service on
which an operation is performed
message No Structure Supplementary information
record_time Yes Number Record time (time stamp) of an
operation
trace_id Yes String Unique operation ID
code No Number Trace HTTP return code, for
example, 200 or 400
request_id No String Record the ID of the request.
location_info No String Additional information required for
fault locating after a request
recording error occurs
endpoint No String Endpoint of the page that displays
details of cloud resources involved
in this operation
Cloud Trace Service
User Guide 5 CTS Trace Reference
Issue 09 (2018-01-15) 34
Field Mandatory Type Description
resource_url No String Access link (excluding the
endpoint) of the page that displays
details of cloud resources involved
in this operation
5.2 Trace Examples
This section provides pages of two example traces collected by CTS to help you understand
the trace information. You can understand traces of other services in the similar way.
For details about the fields in a trace file, see section 5.1 Trace Structure.
Create an ECS
{
"time": "12/01/2016 11:07:28 GMT+08:00",
"user": {
"name": "aaa/op_service",
"id": "f2fe9fac63414a35a7d03108d5f1ea73",
"domain": {
"name": "aaa",
"id": "1f9b9ba51f6b4061bd5c1736b28469f8"
}
},
"request": {
"server": {
"name": "as-config-15f1_XWO68TFC",
"imageRef": "b2b2c7dc-bbb0-4d6b-81dd-f0904023d54f",
"flavorRef": "m1.tiny",
"personality": [],
"vpcid": "e4c374b9-3675-482c-9b81-4acd59745c2b",
"nics": [
{
"subnet_id": "fff89132-88d4-4e5b-9e27-d9001167d24f",
"nictype": null,
"ip_address": null,
"binding:profile": null,
"extra_dhcp_opts": null
}
],
"adminPass": "********",
"count": 1,
"metadata": {
"op_svc_userid": "26e96eda18034ae9a44130bacb967b96"
},
"availability_zone": "az1.dc1",
"root_volume": {
"volumetype": "SATA",
"extendparam": {
"resourceSpecCode": "SATA"
Cloud Trace Service
User Guide 5 CTS Trace Reference
Issue 09 (2018-01-15) 35
},
"size": 40
},
"data_volumes": [],
"security_groups": [
{
"id": "dd597fd7-d119-4994-a22c-891fcfc54be1"
}
],
"key_name": "KeyPair-3e51"
}
},
"response": {
"status": "SUCCESS",
"entities": {
"server_id": "42d39b4a-19b7-4ee2-b01b-a9f1353b4c54"
},
"job_id": "4010b39d58b855980158b8574b270018",
"job_type": "createSingleServer",
"begin_time": "2016-12-01T03:04:38.437Z",
"end_time": "2016-12-01T03:07:26.871Z",
"error_code": null,
"fail_reason": null
},
"service_type": "ECS",
"resource_type": "ecs",
"resource_name": "as-config-15f1_XWO68TFC",
"resource_id": "42d39b4a-19b7-4ee2-b01b-a9f1353b4c54",
"source_ip": "",
"trace_name": "createSingleServer",
"trace_status": "normal",
"trace_type": "SystemAction",
"api_version": "1.0",
"record_time": "12/01/2016 11:07:28 GMT+08:00",
"trace_id": "4abc3a67-b773-11e6-8412-8f0ed3cc97c6"
}
Key fields in the preceding information are as follows:
time: indicates the time when the trace occurred. In this example, the time is 11:07:28 on
December 1.
user: indicates the user who performs the operation. In this example, the user is aaa
(name field) under the enterprise account aaa (domain field).
request: indicates the request to create an ECS. It contains some basic information about
the ECS, such as name (as-config-15f1_XWO68TFC) and resource ID
(e4c374b9-3675-482c-9b81-4acd59745c2b).
response: indicates the response to the ECS creation request. It contains status (Success
in this example), error_code (null in this example), and fail_reason (null in this
example).
Create an EVS Disk
{
"time": "12/01/2016 11:24:04 GMT+08:00",
"user": {
Cloud Trace Service
User Guide 5 CTS Trace Reference
Issue 09 (2018-01-15) 36
"name": "aaa",
"id": "26e96eda18034ae9a44130bacb967b96",
"domain": {
"name": "aaa",
"id": "1f9b9ba51f6b4061bd5c1736b28469f8"
}
},
"request": "",
"response": "",
"service_type": "EVS",
"resource_type": "evs",
"resource_name": "volume-39bc",
"resource_id": "229142c0-2c2e-4f01-a1b4-2dfdf1c678c7",
"source_ip": "10.146.230.124",
"trace_name": "deleteVolume",
"trace_status": "normal",
"trace_type": "ConsoleAction",
"api_version": "1.0",
"record_time": ""12/01/2016 11:24:04 GMT+08:00",
"trace_id": "c529254f-bcf5-11e6-a89a-7fc778a6c92c"
}
Key fields in the preceding information are as follows:
time: indicates the time when the trace occurred. In this example, the time is 11:24:04 on
December 1.
user: indicates the user who performs the operation. In this example, the user is aaa
(name field) under the enterprise account aaa (domain field).
request: optional. It is null in this example.
response: optional. It is null in this example.
trace_status: indicates the level of the trace. It can replace the response field in
indicating the operation result. In this example, the value is normal, indicating that the
operation is successful.
Cloud Trace Service
User Guide 6 FAQs
Issue 09 (2018-01-15) 37
6 FAQs
6.1 Can Multiple Trackers Be Created for One Tenant?
Currently, only one tracker can be created for each tenant.
6.2 Which Type of Information Is Displayed on the Trace List?
The trace list displays details about operations, such as creation, modification, and deletion of
cloud service resources, in your account. The trace list does not record information about
query operations.
6.3 Can Information Be Deleted from the Trace List?
This operation is not allowed. According to the regulations of SAC/TC and international
information and data security management departments, logs used for auditing must be
objective, comprehensive, and accurate. For this reason, the deletion and modification
functions are not provided.
6.4 Which Users May Require CTS?
All cloud users should enable CTS.
From the perspective of policies and industry standards, CTS is essential to information
security audit. It is also important to information system security risk control of
enterprises and organizations, and necessary for many industry standards and audit
specifications.
In terms of application, you can use CTS to accurately locate all operations when the
problem occurs. This narrows the fault locating scope, shortens the fault locating time,
and reduces labor costs.
Cloud Trace Service
User Guide 6 FAQs
Issue 09 (2018-01-15) 38
6.5 How Long Can Trace Files Be Retained?
By default, trace files of the last seven days can be retained on the management console.
Archived trace files stored in the OBS bucket can be permanently retained.
6.6 What Will Happen If I Have Enabled CTS But Have Not Configured a Correct Policy for the OBS Bucket?
In this case, CTS will deliver trace files based on the existing OBS bucket policy. If the policy
is incorrectly configured, CTS cannot deliver trace files to the OBS bucket.
If an OBS bucket has been deleted or encounters an exception, an error message will be
displayed on the management console. In this case, you can choose to create an OBS bucket
or reconfigure the access permissions of the OBS bucket. For detailed operations, see section
"Bucket Management" in the Object Storage Service User Guide.
6.7 Does CTS Support Authentication of Keywords of Trace Files?
Yes. The following fields must be included: time, service_type, resource_type, trace_name,
trace_status, and trace_type. Other fields are defined by different services.
6.8 Does Enabling CTS Affect the Performance of Other Cloud Resources?
Enabling CTS will not affect the performance of other cloud resources.
6.9 Why Are Fields IP, code, request, response, and message of Some Traces Displayed on the View Trace Page Null?
This is because these fields are not mandatory in CTS.
IP: If SystemAction is selected for Trace Type, the operation is triggered by the system.
It is normal that the content of the IP field is left blank.
request, response, and code: The three fields indicate the request content, request result,
and HTTP return code of an operation. In some cases, these fields are empty or have no
service meaning. Therefore, they are left blank based on actual situations.
message: This is a reserved field. Additional information of other cloud services will be
added in this field when necessary. It is normal that it is left blank.
Cloud Trace Service
User Guide 6 FAQs
Issue 09 (2018-01-15) 39
6.10 Why Is the Resource ID of Some Traces in the Trace List a Hyperlink?
For ECS, EVS, VBS, IMS, AS, CES, and VPC, you can click Resource ID of some traces to
go to the resource details page of the corresponding service. Resource ID of these traces is a
hyperlink. More traces will be supported in the future.
6.11 Why Do Some Operation Records Occur Twice in the Trace List?
For an asynchronously invoked trace, two records with the same trace name, resource type,
and resource name will be generated. In the trace list, two records are displayed for the same
trace, for example, the deleteDesktop trace of Workspace. The two records are associated, but
have different content because they are not invoked at the same time. Details are as follows:
The first record contains the request of a user to perform an operation.
The second record contains the response to the user request and operation result, and is
usually several minutes later than the first record.
The two records together indicate the operation result.
6.12 Why Is user_account/op_service Displayed When I Filter Traces by Operator?
If you submit a request that involves operations requiring high permissions or invocation of
other services, you may not have the required permissions. In this case, your permissions will
be elevated temporarily on condition that security requirements are met. Your permissions
will be resumed after the request is processed, but the permissions elevation will be recorded
in CTS logs and the operation user is recorded as user_account/op_service.
6.13 Which Type of OBS Buckets Is Suitable for CTS to Store Traces, Standard Storage, Low-Frequent Access Storage, or Archived Storage?
You must select a standard OBS bucket because CTS needs to frequently access the OBS
bucket that stores traces.
Cloud Trace Service
User Guide A Change History
Issue 09 (2018-01-15) 40
A Change History
Release Date What's New
2018-01-15 This is the ninth official release,
which added the following content:
Description that only standard storage
buckets can be selected for dumping
traces
2017-08-30 This is the eighth official release, which
incorporates the following changes:
Added section 1.1.6 Region.
Added section 1.1.7 Project.
Added the step of selecting the desired
region and project.
Added DCS.
2017-07-27 This is the seventh official release, which
incorporates the following change:
Interconnected CTS with Object Storage
Migration Service.
2017-03-30 This issue is the sixth official release, which
incorporates the following changes:
Interconnected with Cloud Container
Engine (CCE).
Interconnected with Distributed Message
Service (DMS).
Interconnected with Workspace.
Interconnected with MapReduce Service
(MRS).
2017-02-27 This issue is the fifth official release, which
incorporates the following changes:
Optimized filtering of traces and
modified the description in section 2.2
Querying Real-Time Traces.
Cloud Trace Service
User Guide A Change History
Issue 09 (2018-01-15) 41
Release Date What's New
Modified the description of the user
field in section 5.1 Trace Structure.
2017-02-08 This issue is the fourth official release,
which incorporates the following changes:
Optimized filtering of traces and
modified the description in section 2.2
Querying Real-Time Traces.
Added the description of the trace
delivery period in section3.1 Modifying
a Tracker.
Added the description perspective in
section 5 CTS Trace Reference and
optimized descriptions of some fields of
traces.
2017-02-03 This issue is the third official release, which
incorporates the following changes:
Added section 6.11 Why Do Some
Operation Records Occur Twice in the
Trace List?to provide a description of
the asynchronous operation scenarios.
Added the description: The subscription
information deletion operation in the
topic deletion operation in the SMN
service is not recorded by CTS.
Modified the description in section 2.1
Enabling CTS to: The tracker records
operations on cloud resources performed
by the tenant used to create the tracker.
Modified descriptions of parameters
user, request, and response in section
5.1 Trace Structure.
2017-01-20 This issue is the second official release,
which incorporates the following changes:
Allowed CTS to interconnect with ELB
and VBS.
Added redirection to the resource page
of the VBS and IMS console through the
hyperlink in the Resource ID column on
the Trace List page.
2016-12-30 This issue is the first official release.