All Products
Search
Document Center

Simple Log Service:Elastic Desktop Service operation logs

Last Updated:Dec 20, 2024

Simple Log Service and Elastic Desktop Service jointly launch the log delivery feature that allows you to deliver operation logs from Elastic Desktop Service to Simple Log Service. Simple Log Service allows you to audit, monitor, and manage user operation logs and generates alerts for suspicious operation logs. This helps prevent information leaks and ensure business data security. This topic describes the assets and billing of the log delivery feature.

Introduction

Operation logs of Elastic Desktop Service record the operations that are performed on Elastic Desktop Service by using an Alibaba Cloud account. Operation logs consist of administrator operation logs and user operation logs.

  • Administrator operation logs record the access to and usage of Elastic Desktop Service by using consoles and APIs.

  • User operation logs record the following behavior: startup, shutdown, restart, and reset of devices, session connection and disconnection, and connection to Elastic Desktop Service.

Operation logs provide valid records for the following operations: security analysis, resource change tracing, and behavior compliance audit.

Assets

  • Project and Logstore

    After you enable the log delivery feature, Simple Log Service creates a project and Logstore. The names of the project and Logstore start with elastic-desktop-.

    Important
    • Before you disable the log delivery feature, do not delete the project or Logstore that is related to operation logs. Otherwise, operation logs cannot be sent to Simple Log Service.

    • If you have enabled the pay-by-ingested-data billing mode, Simple Log Service creates a dedicated Logstore that uses the pay-by-ingested-data billing mode by default. If you want to switch the billing mode from pay-by-ingested-data to pay-by-feature, you can modify the configuration of the Logstore. For more information, see Modify the configuration of a Logstore.

  • Dashboard

    Simple Log Service does not generate a dedicated dashboard after you enable the feature. You can create a custom dashboard based on your business requirements.

Billing

  • You are not charged for the log delivery feature on the Elastic Desktop Service side.

  • If your Logstore uses the pay-by-feature billing mode, you are charged for storage, read traffic, number of requests, data transformation, and data shipping after the logs are collected from Elastic Desktop Service to Simple Log Service. The fees are included in the bills of Simple Log Service. For more information, see Billable items of pay-by-feature.

  • If your Logstore uses the pay-by-ingested-data billing mode, you are charged only for read traffic over the Internet after the logs are collected from Elastic Desktop Service to Simple Log Service. The fees are included in the bills of Simple Log Service. For more information, see Billable items of pay-by-ingested-data.

Deliver logs from Elastic Desktop Service to Simple Log Service

  1. Log on to the Elastic Desktop Service console.

  2. In the top navigation bar, select a region based on your business requirements.

  3. In the left-side navigation pane, choose Security & Audits > Logs.

  4. On the User Operation Logs tab, click Deliver to Logstore.

  5. Complete authorization. This step is required if this is your first time to use the feature. In this case, the Elastic Desktop Service Service-linked Role dialog box appears.

    After you complete the authorization, the AliyunServiceRoleForGwsLogDelivery service-linked role is created. Elastic Desktop Service assumes this role to access Simple Log Service resources. For more information, see Permissions.

    If you use a Resource Access Management (RAM) user to perform this operation, you must grant the CreateServiceLinkedRole permission to the RAM user. For more information, see Why does the Elastic Desktop Service system fail to create AliyunServiceRoleForGwsLogDelivery when I use a RAM user to deliver logs?

    Warning

    Do not delete the RAM role or revoke the required permissions from the RAM role. Otherwise, operation logs cannot be delivered to Simple Log Service.

  6. In the Deliver to Logstore panel, configure the parameters and click OK. The following table describes the parameters.

    Parameter

    Description

    Deliver To

    • New Logstore: The system creates a Logstore whose name starts with elastic-desktop-.

      If you select this option, the system automatically creates a project with the same name.

    • Existing Logstore: Select an existing Logstore whose name starts with elastic-desktop-.

    Region

    The region where the destination Logstore resides.

    Name

    The name of the destination Logstore.

    Data Retention Period

    If you select New Logstore for Deliver To, you must also specify a data retention period for the new Logstore.

Related operations

Operation

Description

View delivery information

After you enable the log delivery feature, you can view the time when data delivery starts and the destination project on the User Operation Logs tab.

Cancel log delivery

On the User Operation Logs tab, click Cancel Delivery.

Important

If you cancel log delivery, the project that is used to store operation logs and the delivered operation logs are not automatically deleted. To prevent additional fees, you can delete the project in the Simple Log Service console after you cancel delivery. For more information, see Delete a project.

What to do next

After operation logs are delivered from Elastic Desktop Service to Simple Log Service, you can query, analyze, download, ship, and transform the logs. You can also create alert rules for the logs. For more information, see Common operations on logs of Alibaba Cloud services.