• Cloud Trace Service

cts
  1. Help Center
  2. Cloud Trace Service
  3. API Reference
  4. API Description
  5. Tracker Management
  6. Creating a Tracker

Creating a Tracker

All API URLs described in this section are case-sensitive.

Function

This API is used to create a tracker.

A tracker will be automatically created after CTS is enabled. All traces recorded by CTS are associated with the tracker. Currently, only one management tracker is created for each account in a region.

On the management console, you can query the last seven days of operation records. To obtain more operation records, you can enable Object Storage Service (OBS) and deliver operation records to OBS buckets for long-term storage in real time.

Configuring Key Event Notification: You can select whether to send an email, a text message, or an HTTP/HTTPS notification in the event of a key operation. This function is triggered by CTS, but notifications are sent by Simple Message Notification (SMN). Therefore, you need to enable SMN and create a notification topic before enabling this configuration item. You can select Typical or All based on actual requirements:
  • Typical: CTS is suitable for routine audit of enterprises. Currently, CTS can enable text notifications pertaining to key operations such as logging in to IAM or creating or deleting core resources of ECS, VPC, EVS, or KMS.
    NOTE:

    Because IAM is a global service, the Login function is only provided for the central region of the current site. After this function is enabled, notifications will be sent upon the login of any region.

  • All: CTS is suitable for interconnecting with your own audit system. It can enable text notifications through SMN for operations of creating, deleting, or changing resources of ECS, IMS, EVS, CSBS, VBS, VPC, DNS, ELB, IAM, KMS, RDS, DDS, SFS, or DMS, or relevant operations triggered by invoking IaaS OpenStack APIs. In All scenario, you cannot modify any settings, and CTS sends text notifications for all traces sent from interconnected services by default. You are advised to use an SMN topic for which HTTPS is selected.

URI

POST /v1.0/{project_id}/tracker

For details about the parameters, see Creating a Tracker.
Table 1 Parameters in the URI

Parameter

Mandatory

Type

Description

project_id

Yes

String

Specifies the project ID.

Request

  • Parameters
    Table 2 Parameters in the request

    Parameter

    Sub-Parameter

    Mandatory

    Type

    Description

    bucket_name

    N/A

    Yes

    String

    Specifies the OBS bucket name. Starts with a digit or letter and contains 3 to 63 characters, including lowercase letters, digits, hyphens (-), and periods (.)

    file_prefix_name

    N/A

    No

    String

    Specifies the prefix of a log that needs to be stored in an OBS bucket. The value is a string of 0 to 64 characters and can contain uppercase and lowercase letters (a to z and A to Z), digits (0 to 9), hyphens (-), underscores (_), or periods (.)

    smn

    is_support_smn

    Yes

    Boolean

    Specifies whether SMN is supported. When the value is false, topic_id and operations can be left empty.

    topic_id

    Yes

    String

    topic_id is obtained from SMN and in the format of urn:smn:([a-z]|[A-Z]|[0-9]|\-){1,32}:([a-z]|[A-Z]|[0-9]){32}:([a-z]|[A-Z]|[0-9]|\-|\_){1,256}.

    operations

    Yes

    Array

    • Specifies trigger conditions for sending a notification when Typical is selected. You can select Delete, Create, or Login or all of them.
    • Specifies trigger conditions for sending a notification when All is selected. All conditions including Delete, Create, Change, and OpenStack API Event are selected by default. Modification is not allowed.

    is_send_all_key_operation

    Yes

    Boolean

    You can select Typical or All for Trigger Condition.

    • When the value is false, operations cannot be left empty.
    • When the value is true, operations is not supported.

    need_notify_user_list

    No

    Array

    In Typical scenario, you can specify the users using the login function. When these users log in, notifications will be sent.

    • After this function is enabled, the value is the list of the specified users. Separate them with a comma (,). A maximum of 50 users is supported.
    • If the value is null, the target objects are all users by default.
  • Example request
    {
     "bucket_name": "obs-f1da",
     "file_prefix_name": "yO8Q",
     "smn": {
      "is_support_smn": true,
      "topic_id": "urn:smn:regionId:ea79855fbe0642718cb4df1551c3cb4e:hh",
      "is_send_all_key_operation":false,
      "operations": ["delete","create","login"],
      "need_notify_user_list": ["user1","user2"]
    
     }
    }

Response

  • Parameters
    Table 3 Parameters in the response

    Parameter

    Sub-Parameter

    Type

    Description

    bucket_name

    N/A

    String

    Specifies the OBS bucket name. Starts with a digit or letter and contains 3 to 63 characters, including lowercase letters, digits, hyphens (-), and periods (.)

    file_prefix_name

    N/A

    String

    Specifies the prefix of a log that needs to be stored in an OBS bucket.

    status

    N/A

    String

    Specifies the status of a tracker. The value is enabled.

    tracker_name

    N/A

    String

    Specifies the tracker name. Currently, only tracker "system" is available.

    smn

    is_support_smn

    Boolean

    Specifies whether a notification is sent.

    topic_id

    String

    Specifies the theme of the SMN service.

    operations

    Array

    • Specifies trigger conditions for sending a notification when Typical is selected. You can select Delete, Create, or Login but at least one of them.
    • Specifies trigger conditions for sending a notification when All is selected. All conditions including Delete, Create, Change, and OpenStack API Event are selected by default. Modification is not allowed.

    is_send_all_key_operation

    Boolean

    You can select Typical or All for Trigger Condition.

    • When the value is false, operations cannot be left empty.
    • When the value is true, operations is not supported.

    need_notify_user_list

    Array

    In Typical scenario, you can specify the users using the login function. When these users log in, notifications will be sent.

    • After this function is enabled, the value is the list of the specified users. Separate them with a comma (,). A maximum of 50 users is supported.
    • If the value is null, the target objects are all users by default.
  • Example response
    {
     "bucket_name": "obs-f1da",
     "file_prefix_name": "yO8Q",
     "smn": {
      "is_support_smn": true,
      "topic_id": "urn:smn:regionId:ea79855fbe0642718cb4df1551c3cb4e:hh",
      "is_send_all_key_operation":false,
      "operations": ["delete","create","login"],
      "need_notify_user_list": ["user1","user2"]
     },
     "tracker_name": "system",
     "status": "enabled"
    } 

Returned Value

  • Normal
    Table 4 Return code for successful requests

    Returned Value

    Description

    201

    The request is successfully processed.

  • Abnormal
    Table 5 Return code for failed requests

    Returned Value

    Description

    400

    The server failed to process the request.

    403

    You are forbidden to access the requested page.

    500

    Failed to complete the request because of an internal service error.

    401

    Your access request is rejected.

    404

    The requested OBS bucket does not exist.