View operation logs

更新时间:
复制 MD 格式

The operation logs feature in EDS Enterprise Edition includes administrator operation logs and end user operation logs, which capture actions performed by your Alibaba Cloud accounts and EDS end user accounts. This topic describes how to view these logs.

Background information

Operation logs let you monitor and audit what administrators and end users do. Administrator operation logs capture how cloud computers are accessed and managed — through the console, OpenAPI, and other channels. End user operation logs capture actions such as starting, stopping, restarting, resetting, connecting to, and disconnecting from cloud computers. Together, the logs give you a reliable basis for security analysis, resource change tracking, and compliance audits.

View administrator operation logs

Administrator operation logs are powered by Alibaba Cloud ActionTrail. Use them to monitor and audit activity in your Alibaba Cloud account for security analysis, resource change tracking, and compliance audits.

  1. Log on to the EDS enterprise console.

  2. In the left-side navigation pane, choose Security & Audits > Logs.

  3. In the top navigation bar, select a region.

  4. On the Administrator Operation Logs tab, set the filter criteria and time range.

    • Filter criteria: filter by Read/Write Type, Event Name, Operator, Resource Types, Resource Name, Event Type, or Sensitive Action.

    • Time range: the console shows the last 7 days of logs by default. You can specify a custom range and query logs from up to the past 90 days.

  5. Review event information.

    • Each event record shows the event time, operator, event name, and source IP.

    • In the Actions column, click View Details to open a side panel with details such as the API request ID, event source, and error code. The Event Record section shows the full event in JSON. For field-level descriptions, see Management event structure.

View end user operation logs

End user operation logs capture activity such as connecting to cloud computers and powering them on or off. Query the logs to spot abnormal behavior.

  1. Log on to the EDS enterprise console.

  2. In the left-side navigation pane, choose Security & Audits > Logs.

  3. In the top navigation bar, select a region.

  4. On the User Operation Logs tab, set the filter criteria and time range.

    Records that match your filters appear in the table below. Each entry includes:

    • Event information: the action performed, including event ID, type, and time.

    • User information: the end user who performed the action, including the username.

    • Cloud computer information: the cloud computer that was acted on, including its ID and name, the ID and name of its cloud computer pool, and the ID and name of the office network it belongs to.

    • Client information: the client used for the action, including its operating system, version, and IP address.

    Note

    To export the results, click the image icon in the upper-right corner. The records are exported as an Excel file and downloaded to your device.

View file transfer logs

File transfer logs capture detailed records of files that end users move between cloud computers and their local devices — including transfers made through the clipboard and the file transfer module. Query the logs to spot abnormal behavior.

  1. Log on to the EDS enterprise console.

  2. In the left-side navigation pane, choose Security & Audits > Logs.

  3. In the top navigation bar, select a region.

  4. On the File Transfer Log tab, set the query conditions, values, and time range.

    Records that match your filters appear in the table below, with details such as username, cloud computer name and ID, and operation type.

    Note

    To export the results, click the image icon in the upper-right corner. The records are exported as an Excel file and downloaded to your device.

What to do next

You can deliver end user operation logs to a Logstore in Simple Log Service (SLS) so you can use SLS to audit, monitor, and manage them, and trigger alerts on suspicious activity to help prevent information leaks. For more information, see Deliver end user operation logs.