• Data Warehouse Service

dws
  1. Help Center
  2. Data Warehouse Service
  3. User Guide
  4. Audit Logs
  5. Viewing Audit Logs of Key Operations on the Management Console

Viewing Audit Logs of Key Operations on the Management Console

DWS uses CTS to record key operation events on the DWS management console. The generated logs can be used in scenarios such as security analysis, compliance audit, resource tracing, and problem locating. This section is organized as follows:

Enabling the Audit Service

A tracker will be automatically created after CTS is enabled. All traces recorded by CTS are associated with a tracker. Currently, only one tracker can be created for each account.

For details about how to enable CTS, see Getting Started > Enabling CTS in the Cloud Trace Service User Guide.

  1. On the DWS management console, choose Service List > Management & Deployment > Cloud Trace Service. The CTS management console is displayed.
  2. In the navigation pane on the left, click Tracker.
  3. Click Enable CTS.
  4. On the page that is displayed, set the OBS bucket and event file prefix.

    • Select the OBS bucket to be dumped from the OBS Bucket drop-down list. You can also click View Bucket to go to the OBS console and click Create Bucket to create a bucket. For details, see section "Creating a Bucket" in the Object Storage Service Console Operation Guide.
    • Enter the prefix of the operation event dump file in File Prefix. The value is a string of 0 to 64 characters consisting of letters, digits, hyphens (-), underscores (_), and dots (.).
    Figure 1 Enabling CTS

  5. Click OK to enable CTS.

    After CTS is enabled, you can view details about the created tracker on the tracker page.

Disabling the Audit Log Function

If you want to disable the audit log function, disable the tracker in CTS.

  1. On the DWS management console, choose Service List > Management & Deployment > Cloud Trace Service. The CTS management console is displayed.
  2. In the navigation pane on the left, click Tracker.
  3. In the tracker list, click Disable in the Operation column.
  4. In the displayed dialog box, click Yes to disable the tracker.

    After the tracker is disabled, the Disable button in the Operation column is switched to Enable. To enable the tracker again, click Enable and then click Yes. The system will start recording operations again.

    After the tracker is disabled, the system will stop recording operations, but you can still view existing operation records.

Key Operations

With CTS, you can record operations associated with DWS for later query, audit, and backtrack operations.

Table 1 DWS operations that can be recorded by CTS

Operation

Resource

Event Name

Creating/Restoring a cluster

cluster

createCluster

Deleting a cluster

cluster

deleteCluster

Scaling out a cluster

cluster

growCluster

Restarting a cluster

cluster

rebootCluster

Creating a snapshot

backup

createBackup

Deleting a snapshot

backup

deleteBackup

Setting security parameters

configurations

updateConfigurations

Creating an MRS data source

dataSource

createExtDataSource

Deleting an MRS data source

dataSource

deleteExtDataSource

Updating an MRS data source

dataSource

updateExtDataSource

Viewing Traces

  1. On the DWS management console, choose Service List > Management & Deployment > Cloud Trace Service. The CTS management console is displayed.
  2. In the navigation pane on the left, choose Trace List.
  3. In the upper right corner of the trace list, click Filter to set the search criteria.

    The following filters are available:

    • Trace Source, Resource Type, and Search By
      • Trace Source: Select DWS.
      • Resource Type: Select All resource types or specify a resource type.
      • Search By: Select All filters or any of the following options:
        • Trace name: If you select this option, you also need to select a specific trace name.
        • Resource ID: If you select this option, you also need to select or enter a specific resource ID.
        • Resource name: If you select this option, you also need to select or enter a specific resource name.
    • Operator: Select a specific operator (at user level rather than tenant level).
    • Trace Status: Available options include All trace statuses, normal, warning, and incident. You can only select one of them.
    • Start Date and End Date: You can specify the time period to query traces.
      Figure 2 Querying traces

  4. Click Query.
  5. Click on the left of the trace to be queried to extend its details.

    Figure 3 Traces

  6. Locate the row containing the target trace and click View Trace in the Operation column.

    Figure 4 Viewing a trace

    For details about the key fields in the CTS trace structure, see sections "Trace Structure" and "Trace Examples" in the Cloud Trace Service User Guide.