Procedure

  1. Log on to the ActionTrail console.
  2. Click Trail list in the left-side navigation pane.
  3. Select a region, then click Create Trail.

    The selected region then becomes the home region of the trail.

    Home region
  4. Enter a Trail name.
  5. You can choose to ship audit events to Log Service or an OSS Bucket.
    Note Select an event type based on your business needs.
    • Log Service: select a Log Service project region and enter a Log Service project name.Log Service
    • OSS Bucket: To create a new OSS bucket, select Yes, and enter a bucket name. To use an existing bucket, select No, and select a bucket from the drop-down OSS Bucket list.OSS Bucket
  6. Click Submit.

    If this is the first trail you create, the system prompts a message indicating that you must authorize ActionTrail to access OSS and Log Service.

    Authorize

Result

  • Log Service: ActionTrail automatically creates a Logstore named actiontrail_trail name, index, and chart, and saves the trail event in JSON format. JSON formatTrail name

    For more information, see ActionTrail access log.

  • OSS Bucket: ActionTrail records are saved to an OSS bucket as logs in a compressed JSON file. The maximum file size is 2 KB. You can further analyze the logs using E-MapReduce or a third-party log analysis service.

    The format of OSS storage path:

    oss://<bucket>/<Log file prefix>/AliyunLogs/Actiontrail/<region>/<YYYY>/<MM>/<DD>/<Log file>