Create a single-account trail

This topic describes how to create a single-account trail in the ActionTrail console. A single-account trail can continuously deliver events to the specified Object Storage Service (OSS) bucket or Log Service Logstore for analysis. If no trail is created, you can only view the events of the last 90 days in the ActionTrail console.

1. Log on to the ActionTrail console.
2. In the top navigation bar, select the region where you want to create a single-account trail.
   Note The region that you select becomes the home region of the trail to be created.
3. In the left-side navigation pane, choose ActionTrail > Trails.
4. Click Create Trail. On the page that appears, enter a name in the Trail Name field.
5. Set Apply Trail to All Regions to Yes or No as needed.
   • If you select Yes, the single-account trail will be available in all regions.
     Note We recommend that you select this option unless otherwise specified to avoid event omission.
   • If you select No, select a target region from the Region drop-down list.
6. Set Event Type to Write, Read, or All.
   • Write: the type of event that can affect the running of cloud resources, which requires special attention.
   • Read: the type of event that does not affect the running of cloud resources. Generally, this type of event occurs in abundance and occupies a large amount of storage space.
   • All: all events related to resource behaviors.
7. Turn on the Enable Logging switch.
   Note After the switch is turned on, you must select at least one service to which events are delivered.
8. Set Deliver Events To to OSS bucket or SLS Logstore.
   Note The events to be delivered are those generated after the single-account trail takes effect, excluding the existing events generated in the last 90 days. In the future, ActionTrail will deliver events generated in the last 90 days to you at a time to meet your requirements to the greatest extent.
   • OSS bucket: If you select this option, events will be delivered to an existing OSS bucket that you specify or a newly created OSS bucket.
     • If you set Create OSS Bucket to Yes, enter the bucket name and log file prefix in the OSS Bucket and Log File Prefix fields respectively.

       Then, set Server Encryption. Supported encryption methods for the events to be delivered include AES256 and KMS. For more information about the server-side encryption feature of OSS, see Server-side encryption.

     • If you set Create OSS Bucket to No, select an OSS bucket from the OSS Bucket drop-down list.

       Then, you can go to the OSS console and enable server-side encryption for the events to be delivered. For more information, see Configure server-side encryption.

   • SLS Logstore: If you select this option, events will be delivered to an existing Log Service project that you specify or a newly created Log Service project.
     • If you set Create Log Service Project to Yes, select a region from the Project Region drop-down list, and then enter a project name in the Log Service Project field.
     • If you set Create Log Service Project to No, select the region and project from the Project Region and Log Service Project drop-down lists respectively.
9. Click Confirm.