This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

How-to guides

1: Trail Management

The user can check the activity history through the Samsung Cloud Platform Console, and store the corresponding activity history using the Trail service without any time restrictions. When problems such as security risks or resource change history occur, you can check this activity history to identify the cause of the problem.

Note

Activity records will be deleted after 90 days. If long-term storage is necessary, create a Trail and store it in Object Storage. For more information, see Creating a Trail.

Activity Record Inquiry

To check the list of user’s activity history, please follow the following procedure.

All services > Management > Logging&Audit menu is clicked. It moves to the Service Home page of Logging&Audit.
Service Home page, click the activity record menu. It moves to the activity record list page.

Activity Record List page where you can check the activity record.

Classification	Detailed Description
file download	save activity history list in JSON or CSV file format
Period Filter	Select the list search period All, Last 30 minutes, Last 1 hour, Last 12 hours, Direct Input to choose from Direct Input: Start and end times can be entered
Time Zone	Select a searchable time zone
Search input window	Enter search terms to search the list
Detailed Search	Search by category by entering search terms or selecting information to search the list
Setting Icon	Setting of column items to be displayed in the list

Table. List of activity record items

Guidance

The list is automatically refreshed every 1 minute.
The list will only show the list of selected regions.

Activity Record Comparison

You can select up to 5 work histories from the activity record list to compare information.
If you check and select the work history you want to compare, it will be added to the Activity Comparison page, where you can compare and check the information.

Activity record detailed information check

You can check the list of all activity records and detailed information. The activity record details page consists of work history details, activity record details tabs.

To check the detailed information of the activity record, follow the next procedure.

All services > Management > Logging&Audit menu is clicked. It moves to the Service Home page of Logging&Audit.
Service Home page, click the activity history menu. It moves to the activity history list page.
Activity Record List page, click on the activity record to check the detailed information. It moves to the Activity Record Details page.

Activity Details page consists of Work History Details, Work Details tabs.

Work History Details

Work History Details page where you can check the detailed information of the work history.

Classification	Detailed Description
Job Execution Time	Log Occurrence Time
Worker Information	Worker Account
Service	Service Name
Role Name	Role Name of the User Who Entered the Role
Resource Name	Resource Title
Region	Work Region
Resource Type	Resource Type
Work Record	Work Details
Resource ID	Resource’s unique ID
work result	work result
Event Topic	Event Content

Table. Work History Detail Tab Items

Work history details

Work History Details page where you can check the detailed information of the work history.

Classification	Detailed Description
Basic Mode JSON Mode	Select view mode for job history details
code copy	code copy available when JSON mode is selected
accountId	Account ID
productName	service name
requestedBy	Requester ID
resourceName	resource name
resourceType	Service Type
state	work result

Table. Work history detailed tab items

1 - Trail Management

Users can view activity logs through the Samsung Cloud Platform Console and store those activity logs using the Trail service without time constraints. Since activity logs are retained for 90 days, for long-term storage you must create a Trail service and store them in Object Storage.

Trail Create

You can store activity logs without time restrictions using the Trail service of Logging&Audit in the Samsung Cloud Platform Console.

To create a Trail, follow the steps below.

All Services > Management > Logging&Audit Click the menu. Navigate to Logging&Audit’s Service Home page.
Click the Trail menu on the Service Home page. Go to the Trail List page.

Click the Trail List page’s Create Trail button. It navigates to the Create Trail page.

Service Information Input Enter or select the required information in the area.

Category	Required	Detailed description
Trail name	Required	Trail name Enter 5-26 characters using English letters, numbers, and the special character (-)
Target Region	Required	Region where activity occurred Services that are created without specifying a region select the target region as All If a specific region selection is needed, select from the region list The target region can be changed after creation
Target Resource Type	Required	Resource type of activity logs to be stored in Trail

Category

Required

Detailed description

Trail name

Required

Trail name

Enter 5-26 characters using English letters, numbers, and the special character (-)

Target Region

Required

Region where activity occurred

Services that are created without specifying a region select the target region as All

If a specific region selection is needed, select from the region list

The target region can be changed after creation

Target Resource Type

Required

Resource type of activity logs to be stored in Trail

Default: **All**

If you want to change to specify only certain resource types, click the **Select** button to choose the resource types to store

Refer to the [Service-specific Resource Type List](#서비스-별-자원-형-목록)

The target resource type can be changed after creation

| |Target User |Required |User of activity logs to be stored in Trail

Default: **All**

If you want to change to specify only certain users, click the **Select** button to choose the users to store

Target users can be changed after creation

| |Storage Bucket Region |Required |Location (region) of the Object Storage bucket where activity logs will be stored

The storage bucket cannot be changed after creation

| |Storage bucket |Required |Object Stroage bucket name to store activity logs

Storage bucket cannot be changed after creation

| |Save format |Required |File type to save (JSON, CSV)

The save format can be changed after creation

| |Log file verification| Select|Whether to use log file verification

**Use** is selected, a Digest file is stored in the same bucket to verify changes and deletions of the Trail log file

The usage of log file verification can be changed after creation

| |ServiceWatch log collection| Select|Trail logs are sent to ServiceWatch's log group. By sending Trail logs to ServiceWatch's log group, you can monitor via ServiceWatch and receive notifications when specific activities occur

If you select **Use**, you can view the automatically generated ServiceWatch log group name. You can also select the **IAM role** required for ServiceWatch log collection.

The **IAM role** for ServiceWatch log collection requires the following settings
- Select **Service** for the **Category** of the **Principal**, and set **Value** to loggingaudit.samsungsdscloud.com

Attach a policy to **Policy** with the following **Permissions**
- servicewatch:CreateBulkServiceLogEvents
- servicewatch:CollectLogGroupLogStream

The use of ServiceWatch log collection can be changed after creating the Trail

Table. Trail Service Information Input Items

Additional Information Input Enter or select the required information in the area.

Category	Required or not	Detailed description
Description	Selection	Enter additional information or description about Trail
Tag	Select	Add Tag Up to 50 can be added per resource After clicking the Add Tag button, enter or select Key, Value values

Category

Required or not

Detailed description

Description

Selection

Enter additional information or description about Trail

Tag

Select

Add Tag

Up to 50 can be added per resource

After clicking the Add Tag button, enter or select Key, Value values

Table. Trail additional information input items

Reference

If the saved file type is CSV, open the log file in a text editor (e.g., Notepad++).

Reference

If ServiceWatch is set to use log collection, refer to the following for IAM policy permissions.

{
	"Statement": [
		{
			"Action": [
				"servicewatch:CreateBulkServiceLogEvents","
				"servicewatch:CollectLogGroupLogStream"
			],
			"Effect": "Allow",
			"Resource": [
				"*""
			],
			"Sid": "VisualEditor0"
		}
	],
	"Version": "2024-07-01"
}

Summary Check the detailed information and estimated billing amount generated in the panel, and click the Complete button.
- When creation is complete, check the created resources on the Trail list page.

Trail Check detailed information

Trail service can view and edit the full list and detailed information. Trail Details page consists of Detailed Information, Tags, Activity History tabs.

To check the detailed Trail information, follow the steps below.

All Services > Management > Logging&Audit Click the menu. Navigate to Logging&Audit’s Service Home page.
Click the Trail menu on the Service Home page. Navigate to the Trail List page.

Click the resource to view detailed information on the Trail list page. You will be taken to the Trail detail page.

Trail Details page displays status information and additional feature information, and consists of Details, Tags, Activity History tabs.

Category	Detailed description
Trail status	Status of the Trail created by the user Active: Trail operating Stopped: Trail stopped
Trail Control	Button to change Trail status Start: Start a stopped Trail. Activity records are saved again from the day the Trail is started. Stop: Stop a running Trail. Activity recording is stopped, and previously saved activity records are retained.
Trail Delete	Button to delete Trail

Category

Detailed description

Trail status

Status of the Trail created by the user

Active: Trail operating

Stopped: Trail stopped

Trail Control

Button to change Trail status

Start: Start a stopped Trail. Activity records are saved again from the day the Trail is started.

Stop: Stop a running Trail. Activity recording is stopped, and previously saved activity records are retained.

Trail Delete

Button to delete Trail

Table. Trail status information and additional functions

Detailed Information

Trail list page lets you view detailed information of the selected resource and, if needed, modify the information.

Category	Detailed description
Service	Service Name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform In the Trail service, it means Trail SRN
Resource Name	Resource Name In the Trail service, it means the Trail name
Resource ID	Unique resource ID in the service
Creator	User who created the service
Creation Time	Service Creation Time
Editor	User who edited the service information
Modification Date	Date/Time when service information was modified
Trail name	Trail name
Target Region	Region where activity logs occurred The target region of activity logs stored in Trail can be specified when creating a Trail, and can also be changed. It can be changed via the Edit button, and for more details see Edit Target Region.
Target Resource Type	Resource type of activity logs stored in Trail If you want to change, click the Edit button to select the resource type to save. For more details, refer to Edit Target Resource Type.
Target User	User of activity logs stored in Trail If you want to change, click the Edit button to select the user to save. See Target User Edit.
Storage Bucket Region	Region of the Object Storage bucket where activity logs are stored
Storage bucket	Object Stroage bucket name that stores activity logs
Save Format	File type saved in bucket (JSON, CSV) If you want to change the file type saved in the bucket, set it via the Edit button. For more details, see Edit Save Format.
Description	Additional information or description about the Trail Click the Edit button to change the description. For more details, refer to Edit Trail Description
Log file verification	Whether to use log file verification Use case, a Digest file is stored in the same bucket to verify changes and deletions of Trail log files Click the Edit button to change the log file verification usage. For details, see Edit Log File Verification
ServiceWatch Log Collection	Send Trail logs to ServiceWatch’s log group If you select Use, Trail logs are sent to ServiceWatch’s log group, allowing monitoring via ServiceWatch and receiving notifications when specific activities occur. For more details, see ServiceWatch Log Collection Modification.
Initial collection date and time	The initial collection date and time of activity logs stored in Trail
Final collection timestamp	Final collection timestamp of activity logs stored in Trail
Final execution result	Final execution result of the activity history stored in Trail

Table. Trail detailed information tab items

Category	Detailed description
Tag List	Tag List You can check the Key and Value information of tags Up to 50 tags can be added per resource When entering tags, search and select from the previously created Key and Value list

Work History

Trail list page allows you to view the operation history of the selected resource.

Category	Detailed description
Work History List	Resource Change History Work details, work date and time, resource type, resource name, work result, and worker information can be checked Provides detailed search function via the Detailed Search button Click the relevant resource in the Work History List. The Work History Details popup window will open.

Category

Detailed description

Work History List

Resource Change History

Work details, work date and time, resource type, resource name, work result, and worker information can be checked

Provides detailed search function via the Detailed Search button

Click the relevant resource in the Work History List. The Work History Details popup window will open.

Table. Trail Work History Tab Detailed Information Items

Trail Resource Control

Depending on the state of the Trail, you can start or stop. To control the Trail’s resources, follow the steps below.

Trail Start

You can start a stopped Trail. Activity logs from the day you started the Trail will be saved again.

All Services > Management > Logging&Audit Please click the menu. Navigate to the Service Home page of Logging&Audit.
Click the Trail menu on the Service Home page. Navigate to the Trail List page.
On the Trail 목록 page, click the resource (Trail) to restart the stopped Trail. You will be taken to the Trail 상세 page.
On the Trail Details page, click the Start button at the top to start the server. Check the status of the changed Trail in the Status Display field.
- When the Trail start is completed, the status changes from Stopped to Active.
- For detailed information about the Trail status, please refer to Check Trail detailed information.

Trail Stop

You can stop a Trail that is active. It stops recording activity history for the Trail, while preserving any previously saved activity history.

All Services > Management > Logging&Audit Click the menu. Navigate to Logging&Audit’s Service Home page.
Click the Trail menu on the Service Home page. You will be taken to the Trail List page.
Trail list page, click the resource (Trail) to stop operation. Navigate to the Trail detail page.
On the Trail Details page, click the Stop button at the top to stop the server. In the Status Display section, check the status of the changed Trail.
- When the trail stop is completed, the status changes from Active to Stopped.
- For detailed information about the Trail status, please refer to Check Trail detailed information.

Trail Resource Management

If you need control and management functions for the created Trail resource, you can perform the tasks on the Trail Details page.

Edit target region

You can modify the target region of the Trail. To modify the target region of the Trail, follow the steps below.

Click the All Services > Management > Logging&Audit menu. Go to the Service Home page of Logging&Audit.
Click the Trail menu on the Service Home page. Go to the Trail List page.
Click the resource (Trail) to change the target region on the Trail list page. You will be taken to the Trail details page.
Click the Edit button of Target Region on the Trail Detail page. It moves to the Target Region Edit popup.
From the region list, select the region to change, and click the Confirm button. It moves to the Trail Details page.
On the Trail Details page, check the changed target region.

Reference

Changes to event logs stored in Trail are applied from the time they are created or modified, and are saved in one-hour intervals.

Edit Target Resource Type

You can modify the target resource type of the Trail. To modify the target resource type of the Trail, follow the steps below.

Click the All Services > Management > Logging&Audit menu. Go to the Service Home page of Logging&Audit.
Click the Trail menu on the Service Home page. It moves to the Trail List page.
Trail list page, click the resource (Trail) whose target resource type you want to change. You will be taken to the Trail details page.
Click the Edit button of Target Resource Type on the Trail Details page. It will navigate to the Target Resource Type Edit popup.
Add or change the target resource type, select it, and verify that the selected resource type appears in the Selection Items at the bottom.
- For selectable resource types, refer to the List of resource types per service.
If you have completed adding or changing the target resource type, click the Confirm button. You will be taken to the Trail Details page.
Check the changed Target Resource Type on the Trail Details page.

Edit Target Users

You can modify the target users of Trail. To modify the target users of Trail, follow the steps below.

All Services > Management > Logging&Audit Click the menu. Navigate to the Service Home page of Logging&Audit.
Click the Trail menu on the Service Home page. Navigate to the Trail List page.
On the Trail List page, click the resource (Trail) to change the target user. It moves to the Trail Details page.
Click the edit button of the target user on the Trail details page. The target user edit popup opens.
Add or change the target user, select it, and verify that the selected user appears in the Selection at the bottom.
If you have completed adding or modifying the target user, click the Confirm button. You will be taken to the Trail Details page.
Check the changed Target User on the Trail Details page.

Edit Save Format

You can modify the log file format stored in Trail’s bucket. To modify Trail’s storage format, follow the steps below.

Click the All Services > Management > Logging&Audit menu. Navigate to the Service Home page of Logging&Audit.
Click the Trail menu on the Service Home page. Navigate to the Trail List page.
Trail List page, click the resource (Trail) to change the log file storage format. You will be taken to the Trail Details page.
Click the Edit button of Save format on the Trail Details page. The Save format Edit popup opens.
Change the file format and click the Confirm button. Move to the Trail details page.
Check the changed save format on the Trail Details page.

Trail Edit Description

Trail’s description can be edited. To edit the description of Trail, follow the steps below.

Click the All Services > Management > Logging&Audit menu. Navigate to the Service Home page of Logging&Audit.
Click the Trail menu on the Service Home page. Go to the Trail List page.
Click the resource (Trail) to modify the description on the Trail List page. It moves to the Trail Details page.
Click the Edit button of Description on the Trail Details page. Edit Description popup opens.
Complete editing the description and click the Confirm button. Navigate to the Trail Details page.
Please check the changed Description on the Trail Details page.

Modify log file verification

You can modify whether Trail’s log file verification is used. To modify the usage of Trail’s log file verification, follow the steps below.

All Services > Management > Logging&Audit Click the menu. Navigate to Logging&Audit’s Service Home page.
Click the Trail menu on the Service Home page. Navigate to the Trail List page.
Click the resource (Trail) to change the log file validation usage on the Trail list page. You will be taken to the Trail details page.
On the Trail Detail page, click the Log File Verification Edit button. It will move to the Log File Verification Edit popup.
If you select Use, a Digest file is stored in the same bucket to verify changes and deletions of the Trail log file. Choose whether to use, and click the Confirm button. You will be taken to the Trail Details page.
Please check the changed Log File Verification on the Trail Details page.

ServiceWatch Modify log collection

You can modify whether ServiceWatch log collection is used. To modify the ServiceWatch log collection usage for a Trail, follow these steps.

All Services > Management > Logging&Audit Click the menu. Navigate to Logging&Audit’s Service Home page.
Click the Trail menu on the Service Home page. It moves to the Trail List page.
Click the resource (Trail) to change the ServiceWatch log collection usage on the Trail List page. You will be taken to the Trail Details page.
Click the Edit button of ServiceWatch log collection on the Trail Detail page. You will be taken to the ServiceWatch log collection Edit popup.
If you select Use, a ServiceWatch log group name that will receive the Trail logs is automatically generated and can be viewed. Also select the IAM role required for ServiceWatch log collection, and click the Confirm button. It navigates to the Trail details page.
- ServiceWatch log collection IAM role requires the following settings.
  - Performer’s type is selected as Service, and Value is set to loggingaudit.samsungsdscloud.com.
  - Policy connects a policy set configured with the following permissions.
    - servicewatch:CreateBulkServiceLogEvents
    - servicewatch:CollectLogGroupLogStream
      Color mode
      { "Statement": [ { "Action": [ "servicewatch:CreateBulkServiceLogEvents", "servicewatch:CollectLogGroupLogStream" ], "Effect": "Allow", "Resource": [ "* ], "Sid": "VisualEditor0" } ], "Version": "2024-07-01" }
      { "Statement": [ { "Action": [ "servicewatch:CreateBulkServiceLogEvents", "servicewatch:CollectLogGroupLogStream" ], "Effect": "Allow", "Resource": [ "* ], "Sid": "VisualEditor0" } ], "Version": "2024-07-01" }
      Code block. IAM policy > Permissions
Trail Details page where ServiceWatch log collection has changed. Please check.

Trail Delete

You can reduce operating costs by deleting unused Trails. However, deleting a Trail may cause the running service to stop immediately, so you should consider the impact of service interruption thoroughly before proceeding with the termination.

Caution

After deleting the trail, data cannot be recovered, so please be careful.

To delete the Trail, follow the steps below.

Click the All Services > Management > Logging&Audit menu. Navigate to the Service Home page of Logging&Audit.
Click the Trail menu on the Service Home page. You will be taken to the Trail list page.
Click the resource (Trail) you want to delete on the Trail List page. You will be taken to the Trail Details page.
Click the Delete Trail button on the Trail Details page.
When deletion is complete, check if the resource has been deleted on the Trail list page.

Caution

If you delete Trail, activity history saving will stop. Proceed with the deletion after fully considering the impact that occurs during service interruption.

List of resource types by service

Service-specific resource type list. When Trail creation and Target Resource Type are modified, this is the list of selectable target resource types.

Category	Target Resource Type	Scope
AI&MLOps Platform	aiml-brightix:aimlops-platform	Region
API Gateway	apigateway:api	region
Archive Storage	archivestorage:bucket	Region
Backup	backup:backup	region
Backup	backup:backup-agent	region
Bare Metal Server	baremetal:baremetal	Region
Block Storage(BM)	baremetal-blockstorage:volume	Region
Block Storage(BM)	baremetal-blockstorage:volume-group	Region
CacheStore	cachestore:cache-store	region
Certificate Manager	certificatemanager:certificate	region
Cloud Functions	scf:cloud-function	Region
Cloud LAN-Campus	clancampus:campus-network	Region
Cloud LAN-Datacenter	clandc:cloud-lan-network	region
Cloud LAN-Datacenter	clandc:interface	region
Cloud LAN-Datacenter	clandc:vcable	region
Cloud LAN-Datacenter	clandc:vdevice	region
Cloud WAN	clanwan:attachment	Region
Cloud WAN	clanwan:network	region
Cloud WAN	clanwan:segment	region
Cloud WAN	clanwan:segment-location	region
Cloud WAN	clanwan:segment-sharing	region
CloudML	aiml-brightix:cloud-ml	region
Config Inspection	configinspection:config-inspection	Region
Container Registry	scr:container-registry	Region
Cost Savings	billingplan:cost-savings	region
Data Flow	dataanalytics-brightix:data-flow	region
Data Flow Service	dataanalytics-brightix:data-flow-service	Region
Data Ops	dataanalytics-brightix:data-ops	region
Data Ops Service	dataanalytics-brightix:data-ops-service	Region
DevOps Service	devopsservice:devops-service	Region
Direct Connect	direct-connect:direct-connect	Region
EPAS(DBaaS)	epas:epas	region
Edge Server	edgeserver:edge-server	region
Event Streams	eventstreams:event-streams	Region
File Storage	filestorage:volume	Region
Firewall	firewall:firewall	region
GPU Server	gpuserver:image	Region
GPU Server	gpuserver:server	Region
GSLB	gslb:gslb	region
Global CDN	cdn:cdn	region
Hosted Zone	dns:hosted-zone	Region
Identity Access Management	iam:access-key	region
Identity Access Management	iam:group	region
Identity Access Management	iam:policy	region
Identity Access Management	iam:role	region
Identity Access Management	iam:user	region
Key Management Service	kms:kms	region
Kubernetes Engine	ske:cluster	region
Kubernetes Engine	ske:nodepool	region
LB Health Check	loadbalancer:lb-health-check	region
LB Listener	loadbalancer:lb-listener	region
LB Server Group	loadbalancer:lb-server-group	region
Load Balancer Listener Old	loadbalancer-old:listener	Region
Load Balancer Old	loadbalancer-old:loadbalancer	Region
Load Balancer Pool	loadbalancer-old:pool	region
Load Balancer	loadbalancer:loadbalancer	region
Logging&Audit	loggingaudit:tral	region
MariaDB(DBaaS)	mariadb:mariadb	region
Marketplace	marketplace:product-service	region
Microsoft SQL Server(DBaaS)	sqlserver:sqlserver	Region
Multi-node GPU Cluster	multinodegpucluster:gpu-node	Region
Multi-node GPU Cluster	multinodegpucluster:cluster-fabric	Region
MySQL(DBaaS)	mysql:mysql	region
Network Logging	network-logging:network-logging	Region
Object Storage	objectstorage:bucket	Region
Organization	organization:delegation-policy	region
Organization	organization:invitationi	region
Organization	organization:organization	region
Organization	organization:organization-account	region
Organization	organization:ou	Region
Organization	organization:service-control-policy	Region
Planned Compute	billingplan:planned-compute	region
PostgreSQL(DBaaS)	postgresql:postgresql	region
Private 5G Cloud	private-fivegen-cloud:private-fivegen-cloud	Region
Private DNS	dns:private-dns	Region
Private NAT	vpc:private-nat	Region
Public Domain Name	dns:public-domain-name	Region
Public IP	vpc:publicip	region
Quick Query	dataanalytics-brightix:quick-query	Region
Repository	scr:repository	Region
Search Engine	searchengine:search-engine	Region
Secret Vault	secretvault:secretvault	region
Security Group	security-group:security-group	Region
SingleID	singleid:singleid	Region
Support Plan	billingplan:support-plan	Region
Trail	loggingaudit:trail	region
Transit Gateway	vpc:trasit-gateway	Region
VPC	vpc:vpc	region
VPC	vpc:internet-gateway	region
VPC	vpc:vpc-endpoint	region
VPC	vpc:vpc-peering	region
VPC	vpc:nat-gateway	region
VPC	vpc:port	region
VPC	vpc:subnet	region
VPC	vpc:private-nat	region
VPC	vpc:privatelink-endpoint	region
VPC	vpc:privatelink-service	region
VPC	vpc:publicip	region
VPC	vpc:transit-gateway	region
VPN	vpn:vpn-gateway	region
VPN	vpn:vpn-tunnel	region
Vertica	vertica:vertica	region
Virtual Server	virtualserver:server	Region
Virtual Server	virtualserver:auto-scaling-group	Region
Virtual Server	virtualserver:launch-configuration	Region
Virtual Server	virtualserver:image	region
Virtual Server	virtualserver:keypair	Region
Virtual Server	virtualserver:server-group	Region
Virtual Server	virtualserver:volume	region

Table. List of resource types by service