You can call this operation to update the configuration of a trail.

Note By updating the configuration of a trail, you can change the destination Log Service project or Object Storage Service (OSS) bucket to which events are delivered. The request for calling this operation must be sent to the API server in the home region of the trail.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes UpdateTrail

The operation that you want to perform. Set the value to UpdateTrail.
Name String Yes trail-test

The name of the trail for which you want to update the configuration.

The name must be 6 to 36 characters in length. It must start with a letter and can contain letters, digits, hyphens (-), and underscores (_).

Note The name must be unique under the account.
OssBucketName string No yuanch****

The name of the OSS bucket to which events are delivered.

The name must be 3 to 63 characters in length. It must start with a lowercase letter or digit and can contain lowercase letters, digits, and hyphens (-).

Note Make sure that the bucket exists before you update the configuration of the trail.
OssKeyPrefix string No at-product-account-audit-B

The name prefix of objects to be written to the OSS bucket. This parameter can be left empty.

The name must be 6 to 32 characters in length. It must start with a letter and can contain letters, digits, hyphens (-), forward slashes (/), and underscores (_).

RoleName string No aliyunactiontraildefaultrole

The name of the Resource Access Management (RAM) role that ActionTrail is allowed to assume. Default value: aliyunactiontraildefaultrole.

SlsProjectArn string No acs:log:cn-shanghai:1162142976628***:project/at-product-account-audit

The unique Alibaba Cloud Resource Name (ARN) of the Log Service project to which events are delivered.

SlsWriteRoleArn string No acs:ram::1162142976628***:role/aliyunactiontraildefaultrole

The unique ARN of the RAM role assumed by ActionTrail for delivering logs to the destination Log Service project.

EventRW string No Write

The read/write type of the delivered events. Valid values:

  • Write(Default)
  • Read
  • All
TrailRegion string No All

The regions to which the trail is applied. Valid values:

  • All(Default): tracks events in all regions
  • cn-hangzhou : tracks events only in China (Hangzhou).
  • cn-beijing: only events in Beijing are tracked.
MnsTopicArn string No acs:mns:cn-hangzhou:1111:/topics/your-topic-name

The ARN of the Message Service topic to which ActionTrail sends messages. The ARN is in the acs:mns:<Region>:<Account ID>:/topics/<topicName> format. After you specify this parameter, a message is generated and delivered to the MNS Topic when an event is delivered to OSS.

Response parameters

Prameter Type Sample response Description
Name String trail-test

The name of the trail.
EventRW String Write

The read/write type of the delivered events. Valid values:

  • Write(Default)
  • Read
  • All
HomeRegion Boolean cn-hangzhou

The home region of the trail.
OssBucketName String yuanch****

The name of the OSS bucket to which events are delivered.
OssKeyPrefix String at-product-account-audit-B

The name prefix of objects to be written to the OSS bucket.
RoleName String aliyunactiontraildefaultrole

The name of the RAM role that ActionTrail is allowed to assume.
SlsProjectArn String acs:log:cn-shanghai::project/***

The unique ARN of the Log Service project to which events are delivered.
SlsWriteRoleArn String acs:ram::***:role/aliyunactiontraildefaultrole

The unique ARN of the role assumed by ActionTrail for delivering logs to the destination Log Service project.

RequestId String 145318BE-DEE1-4C57-AA7C-5BE7D34A6AE0

The ID of the request.
MnsTopicArn String acs:mns:cn-hangzhou:1111:/topics/your-topic-name

The ARN of the Message Service topic to which ActionTrail sends messages. The ARN is in the acs:mns:<Region>:<Account ID>:/topics/<topicName> format. After you specify this parameter, a message is generated and delivered to the MNS Topic when an event is delivered to OSS.

TrailRegion String All

The regions to which the trail is applied. Valid values:

  • All(Default): tracks events in all regions
  • cn-hangzhou : tracks events only in China (Hangzhou).
  • cn-beijing: only events in Beijing are tracked.

Examples

Sample requests

http(s)://[Endpoint]/? Action=UpdateTrail
&Name=trail-test
&<Common request parameters>

Sample success responses

XML format 

<RequestId>145318BE-DEE1-4C57-AA7C-5BE7D34A6AE0</RequestId>
<Name>trail-test</Name>
<HomeRegion>cn-hangzhou</HomeRegion>
<OssBucketName>yuanch****</OssBucketName>
<OssKeyPrefix>at-product-account-audit-B</OssKeyPrefix>
<RoleName>aliyunactiontraildefaultrole</RoleName>
<SlsProjectArn>acs:log:cn-shanghai::project/***</SlsProjectArn>
<SlsWriteRoleArn>acs:ram::***:role/aliyunactiontraildefaultrole</SlsWriteRoleArn>

JSON format 

{
  "RequestId":"145318BE-DEE1-4C57-AA7C-5BE7D34A6AE0",
  "Name": "trail-test",
  "HomeRegion": "cn-hangzhou",
  "OssBucketName": "yuanch****",
  "OssKeyPrefix": "at-product-account-audit-B",
  "RoleName": "aliyunactiontraildefaultrole",
  "SlsProjectArn":"acs:log:cn-shanghai::project/***",
  "SlsWriteRoleArn":"acs:ram::***:role/aliyunactiontraildefaultrole"
}

Error codes

HTTP status code Error code Error message Description 
400 RepeatOssBucket The specified OSS bucket is already in use. We recommend that you modify the existing Trail or specify another bucket. The error message returned because the specified OSS bucket has been used by an existing trail. We recommend that you update the existing trail or specify another OSS bucket.
400 SlsProjectDoesNotExistException The specified Log Service project does not exist. The error message returned because the specified Log Service project does not exist.
404 TrailNotFoundException The specified Trail does not exist. The error message returned because the specified trail does not exist.
404 BucketDoesNotExistException The specified OSS bucket does not exist. The error message returned because the specified OSS bucket does not exist.
400 IncompleteSignature The request signature does not conform to Alibaba Cloud standards. The error message returned because the request signature does not conform to the standards of Alibaba Cloud. Check whether the AccessKey ID and AccessKey secret are correct and whether the signature method is appropriate. For more information, see Signature method.
403 InsufficientBucketPolicyException Access to the specified OSS bucket was denied. The error message returned because you are not authorized to access the specified OSS bucket.
403 InsufficientSlsPolicyException Access to the specified Log Service project was denied. The error message returned because you are not authorized to access the specified Log Service project.
400 InvalidDeliveryConfigurationException You must specify at least one Log Service project or OSS bucket for a Trail. The error message returned because you did not specify a Log Service project or an OSS bucket as the event delivery destination.
400 InvalidPrefixException The specified OSS bucket prefix is invalid. The error message returned because the object name prefix specified for the destination OSS bucket is invalid.

For a list of error codes, visit the API Error Center.