Elastic Desktop Service (EDS) logs operations performed by the administrator who uses an Alibaba Cloud account to access and use cloud desktops in the EDS console and calls APIs. You can query the operation logs based on your business requirements to check whether potential exceptions exist.

Background information

The administrator operation logs are provided by the Alibaba Cloud ActionTrail service, which helps monitor and log the activities of your Alibaba Cloud account for security analysis, behavior tracing on resource change, and behavior compliance audit. You can view the administrator operation logs in the following modes:
  • Event query: allows you to query events within 90 days in the current region.
  • Advanced query: allows you to query events beyond 90 days across multiple regions. You can configure filter conditions to search for more logs.

Event query

  1. Log on to the EDS console.
  2. In the upper-left corner of the top navigation bar, select a region.
  3. Configure the query conditions and time range based on your business requirements and click Query to query logs.
    • Query conditions: You can query the operation logs by read/write type, username, and resource type.
    • Time range: By default, the operation logs of the previous day (24 hours before the current time) are displayed. You can specify a time range to query.
  4. View the information about an event.
    Take note of the following items:
    • By default, the event time, username, event name, resource type, and resource name are displayed for each event.
    • Click the row in which the event resides to unfold the event details panel. In the event details panel, view more information about the event, including the event source, error code, and request ID. If you want to view the code description of the event, click Event Detail in the lower part of the panel.
      Note For more information about each field in the event log, see Management event log reference.

Advanced query

  1. Log on to the EDS console.
  2. In the upper-left corner of the top navigation bar, select a region.
  3. Enable the advanced event query feature.
    1. On the Administrator Operation Logs page, click Enable Advanced Event Query.
    2. Configure parameters for a logstore and click OK.
  4. Configure query conditions based on your business requirements, or enter query statements for queries.
    You can perform advanced event queries in common mode or simple mode. In common mode, you can query events in a visualized manner. In simple mode, you can enter SQL statements to query events in a flexible manner.
    • Common mode
      1. Configure the query conditions and time range and click Query.

        You can query an event by event name, resource name, resource type, and region. You can specify multiple regions.

      2. Based on the filtered results, the qualified event logs are displayed. Click the row in which the event resides in the event list to query the event details.

        If you want to view the code description of the event, click Event Detail in the lower part of the panel.

    • Simple mode
      1. Enter a search field or a query statement, specify a time range, and then click Query.

        You can directly enter SQL statements for queries. You can also specify usernames, operations, related resources, regions, or other types of conditions for queries.

      2. Based on the filter results, the qualified event logs are displayed. Click the row in which the event resides in the event list to query the event details.

        If you want to view the code description of the event, click Event Detail in the lower part of the panel.

    Note For more information about each field in the event log, see Management event log reference.