By default, ActionTrail records the events that occurred within your Alibaba Cloud account in the last 90 days. You can query these events in the ActionTrail console. To query the events that occurred 90 days ago, you must create a trail first to record these events. This topic describes how a single-account trail works and its benefits.

After you create a single-account trail, the trail delivers events to the Object Storage Service (OSS) bucket or Log Service Logstore that you specify for the trail in the JSON format for query and analysis. The following figure shows how a single-account trail works. Single-account trail
Note We recommend that you do not set the same event delivery destination for different single-account trails. Otherwise, events might be repeatedly delivered, which wastes the storage space.

You can create multiple single-account trails to achieve the following goals:

  • Deliver events to different storage objects based on event types. Then, you can grant enterprise roles the permissions to audit the events in specific storage objects.
  • Deliver events to the storage objects that are deployed in the regions of one or more countries. Then, you can check whether the audit data is compliant with related regulations in multiple regions.
  • Generate backups for an event to prevent the audit data from being lost.

ActionTrail applies the following rules to global events to avoid repeated recording:

  • You can view all the global events in the ActionTrail console, regardless of the region that you specify.
  • After you create a single-account trail to deliver events to a specified OSS bucket, global events are recorded in the same file as the events that occur in the home region of the trail.