Procedure

  1. Log on to the ActionTrail console.
  2. Click Trail list in the left-side navigation pane.
  3. Select a region, then click Create Trail.
    Note The selected region then becomes the home region of the trail.
    choose_region
  4. Enter a Trail name.
  5. You can choose to ship audit events to Log Service or an OSS Bucket.
    Note Select an event type based on your business needs.
    • Log Service: select a Log Service project region and enter a Log Service project name.
      delivery_to_sls
    • OSS Bucket: To create a new OSS bucket, select Yes, and enter a bucket name. To use an existing bucket, select No, and select a bucket from the drop-down OSS Bucket list.
      delivery_to_oss
  6. Click Submit.
    Note If this is the first trail you create, the system prompts a message indicating that you must authorize ActionTrail to access OSS and Log Service.
    Authorized access to OSS

Result

  • Log Service: ActionTrail automatically creates a Logstore named actiontrail_trail name, index, and chart, and saves the trail event in JSON format.
    sls_index

    sls_event

For more information, see ActionTrail access log.

  • OSS Bucket: ActionTrail records are saved to an OSS bucket as logs in a compressed JSON file. The maximum file size is 2 KB. You can further analyze the logs using E-MapReduce or a third-party log analysis service.

The format of OSS storage path:

oss://<bucket>/<Log file prefix>/AliyunLogs/Actiontrail/<region>/<YYYY>/<MM>/<DD>/<Log file>