You can create a single-account trail in the ActionTrail console. A single-account trail can continuously deliver operations logs to the specified Object Storage Service (OSS) bucket or Log Service Logstore for analysis. If no trail is created, you can only view the operations logs of the last 90 days in the ActionTrail console.

After a single-account trail is created, events will be logged to the specified OSS bucket or Log Service Logstore in the JSON format for query and analysis. The following figure shows how a single-account trail works.Single-account trail
Note We recommend that you do not set the same event delivery destination for different single-account trails. Otherwise, events might be repeatedly delivered, wasting storage space.

Using multiple single-account trails can:

  • Deliver different types of events to different storage objects. Then, you can grant permissions to enterprise roles accordingly so that different roles can audit different types of events.
  • Deliver events to storage objects deployed in regions of one or more countries. Then, you are able to check the compliance of audit data for multiple regions.
  • Generate backups for an event to prevent data loss.

ActionTrail applies the following rules to global events to avoid repeated logging:

  • You can view all the global events in the ActionTrail console, regardless of the region that you specify.
  • After you create a single-account trail to deliver events to a specific OSS bucket, global events are logged in the same file as the events that occur in the home region of the trail.