This topic describes how to collect logs from a server across Alibaba Cloud accounts.
Background information
For example, an e-commerce enterprise has two e-commerce applications that are deployed
on Elastic Compute Service (ECS) clusters in the China (Hangzhou) region. The enterprise
uses two Log Service projects that reside in the China (Hangzhou) region to manage
logs.
- Application A is deployed on a Linux ECS cluster that belongs to Alibaba Cloud Account A (12****456) and Log Service is activated for the account to manage logs.
- Application B is deployed on a Linux ECS cluster that belongs to Alibaba Cloud Account B (17****397) and Log Service is activated for the account to manage logs.
The enterprise wants to use Log Service that is activated for Alibaba Cloud Account A (12****456) to collect the logs of the two applications and store the logs in two Logstores of the same project. In this case, you must create a Logtail configuration, a machine group, and a Logstore to collect and store the logs of Application B. The Logtail configuration, machine group, and Logstore that are configured for Application A remain unchanged.
Step 1: Create a user identifier file
Step 2: Create a custom identifier-based machine group
Step 3: Collect logs
Related operations
If you want to migrate historical data from Alibaba Cloud Account B to the current
Logstore, you can create a data transformation job in the original Logstore, and then
replicate the data to the current Logstore. For more information, see Replicate data from a Logstore.
Important
If you create a data transformation job to transform data across Alibaba Cloud accounts,
you must use a custom role or an AccessKey pair to grant the required permissions
for the job. In this example, a custom role is used.
- The first role ARN is used to grant the custom role or AccessKey pair the required permissions to read data from a source Logstore. For information about how to grant the required permissions to a RAM role, see Grant the RAM role the permissions to read data from a source Logstore.
- The second role ARN is used to grant the custom role or AccessKey pair the required permissions to write transformation results to a destination Logstore. For information about how to grant the required permissions to a RAM role, see Grant the RAM role the permissions to write data to destination Logstores across Alibaba Cloud accounts.