The page has been translated by Gen AI.

Managing Trails

Users can view activity logs through the Samsung Cloud Platform Console and store those logs using the Trail service without time restrictions. Since activity logs are retained for 90 days, for long-term retention you must create a Trail service and store them in Object Storage.

Create Trail

In the Samsung Cloud Platform Console, you can use the Logging&Audit Trail service to store activity logs without any time restrictions.

To create a Trail, follow the steps below.

Click the All Services > Management > Logging&Audit menu. Go to the Service Home page of Logging&Audit.
On the Service Home page, click the Trail menu. You will be taken to the Trail List page.

On the Trail List page, click the Create Trail button. You will be taken to the Create Trail page.

Enter or select the required information in the Service Information Input area.

Category	Required status	Detailed description
Trail name	Required	Trail name Enter using English letters, numbers, and the special character (-) with a length of 5 to 26 characters
Target region	Required	Region where activity occurred Services that are created without specifying a region select the target region as All If a specific region selection is required, select from the region list The target region can be changed after creation
Target resource type	Required	Resource type of activity logs to be stored in Trail Default: All If you want to change to specify only certain resource types, click the Select button to choose the resource types to store Refer to the Service-specific resource type list for selectable resource types The target resource type can be changed after creation
Target users	Required	User of the activity records to be stored in Trail Default: All If you want to change to specify only certain users, click the Select button to choose the users to be saved The target users can be modified after creation
Storage bucket region	Required	Location (region) of the Object Storage bucket for storing activity logs The storage bucket cannot be changed after creation
storage bucket	Required	Object Stroage bucket name for storing activity logs The storage bucket cannot be changed after creation
Save format	Required	File type to save (JSON, CSV) The save format can be changed after creation
Log file verification	Select	Log file verification usage If you select Use, a Digest file is stored in the same bucket to verify changes or deletions of the Trail log file Log file verification usage can be changed after creation
ServiceWatch log collection	Select	Trail logs are sent to a ServiceWatch log group. By sending Trail logs to a ServiceWatch log group, you can monitor them through ServiceWatch and receive alerts when specific activities occur If you select Use, you can view the automatically generated ServiceWatch log group name. You can also select the IAM role required for ServiceWatch log collection The IAM role for ServiceWatch log collection requires the following configuration Set the Principal’s Type to Service, and choose `loggingaudit.samsungsdscloud.com` for Value Attach a policy to Policy that includes the following permissions `servicewatch:CreateBulkServiceLogEvents` `servicewatch:CollectLogGroupLogStream` Whether ServiceWatch log collection is enabled can be changed after the Trail is created

Table. Trail service information input fields

In the Additional Information Input area, enter or select the required information.

Category	Required	Detailed description
description	Select	Enter additional information or description about the Trail
Tag	Selection	Add Tag Up to 50 can be added per resource After clicking the Add Tag button, enter or select Key and Value values

Check Trail detailed information

The Trail service allows you to view and edit the full list and detailed information. Trail Details page consists of Details, Tags, Activity Log tabs.

To view detailed information about the Trail, follow these steps.

Click the All Services > Management > Logging&Audit menu. Navigate to the Service Home page of Logging&Audit.
On the Service Home page, click the Trail menu. You will be taken to the Trail List page.

Trail List page, click the resource to view detailed information. You will be taken to the Trail Detail page.

Trail Details page displays status information and additional feature information, and consists of Details, Tags, Activity History tabs.

Category	Detailed description
Trail status	Status of the user-created Trail Active: Trail running Stopped: Trail stopped
Trail control	Button to change the Trail status Start: Starts a stopped Trail. Activity logs are saved again from the day the Trail is started. Stop: Stops a running Trail. Activity logging is halted, and previously saved activity logs are retained.
Delete Trail	Button to delete the trail

Detailed Information

On the Trail list page, you can view detailed information of the selected resource and edit the information if needed.

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform In the Trail service, it refers to the Trail SRN
Resource Name	Resource name In the Trail service, it refers to the Trail name
Resource ID	Unique resource ID in the service
constructor	User who created the service
Creation date and time	Service creation date and time
Editor	User who edited the service information
Modification date and time	Date and time the service information was modified
Trail name	Trail name
Target region	The region where the activity log occurred You can specify the target region for the activity logs stored in the Trail when creating a Trail, and you can also modify it. Edit button allows you to change it, and for more details, see 대상 리전 수정하기
Target resource type	If you want to change the resource type of the activity history stored in Trail , click the Edit button and select the resource type to save. For more information, see Modify resource type.
Target users	If you want to change the user of the activity log stored in Trail , click the Edit button to select the user to be saved. Refer to Modify Target User
Storage bucket region	Region of the Object Storage bucket storing activity logs
storage bucket	Object Stroage bucket name storing activity logs
Save format	File types stored in the bucket (JSON, CSV) If you want to change the file types stored in the bucket, set them via the Edit button. For details, see 저장 형식 수정하기
description	Additional information or description about the Trail Click the Edit button to change the description. For more details, see Edit Trail description
Log file verification	Log file verification usage Enabled When enabled, a Digest file is stored in the same bucket to verify changes and deletions of Trail log files Click the Edit button to change the log file verification usage. For details, see 로그파일 검증 수정하기
ServiceWatch log collection	Send Trail logs to a ServiceWatch log group If you select Use, Trail logs are sent to a ServiceWatch log group, allowing monitoring through ServiceWatch and receiving alerts when specific activities occur. For more details, see Modify ServiceWatch log collection
Initial collection timestamp	The initial collection timestamp of activity logs stored in Trail
Final collection date and time	The most recent collection timestamp of activity logs stored in Trail
Final execution result	Final execution result of the activity log stored in Trail

Table. Trail detailed information tab items

Category	Detailed description
Tag list	Tag list You can view the Key and Value information of the tag Up to 50 tags can be added per resource When entering a tag, you can search and select from the list of previously created Keys and Values

Job History

On the Trail list page, you can view the operation history of the selected resource.

Category	Detailed description
Task History List	Resource Change History You can view operation details, operation time, resource type, resource name, operation result, and operator information Provides detailed search functionality via the Detailed Search button Click the relevant resource in the Operation History List. The Operation History Details popup will open.

Managing Trail Resources

Depending on the Trail’s state, you can start or stop it. To control the Trail’s resources, follow the steps below.

Getting Started with Trail

You can start a Stopped Trail. Activity history will be saved again from the day you start the Trail.

Click the All Services > Management > Logging&Audit menu. You will be taken to the Service Home page of Logging&Audit.
On the Service Home page, click the Trail menu. You will be taken to the Trail List page.
On the Trail List page, click the resource (Trail) to restart the stopped Trail. You will be taken to the Trail Details page.
On the Trail Details page, click the Start button at the top to start the server. Check the status of the changed Trail in the Status Display item.
- When the Trail start is complete, the status changes from Stopped to Active.
- For detailed information about the Trail status, please refer to Check Trail details.

Stop Trail

You can stop a Trail that is active. Stopping a Trail halts the recording of activity history, while preserving any previously saved activity history.

Click the All Services > Management > Logging&Audit menu. Go to the Service Home page of Logging&Audit.
On the Service Home page, click the Trail menu. You will be taken to the Trail List page.
Trail List page, click the resource (Trail) you want to stop. You will be taken to the Trail Details page.
Trail Details page, click the Stop button at the top to stop the server. In the Status Display section, check the status of the updated Trail.
- When the trail stop is complete, the status changes from Active to Stopped.
- For detailed information about the Trail status, refer to Check Trail detailed information.

Managing Trail Resources

If you need control and management functions for the created Trail resource, you can perform tasks on the Trail Details page.

Modify target region

You can modify the target region of a Trail. To modify the target region of a Trail, follow the steps below.

Click the All Services > Management > Logging&Audit menu. Navigate to the Service Home page of Logging&Audit.
On the Service Home page, click the Trail menu. You will be taken to the Trail List page.
On the Trail List page, click the resource (Trail) whose target region you want to change. You will be taken to the Trail Details page.
On the Trail Details page, click the Edit button of the Target Region. You will be taken to the Edit Target Region popup.
Select the region to modify from the region list, and click the Confirm button. You will be taken to the Trail Details page.
Check the changed target region on the Trail Details page.

Reference

Changes to event logs stored in Trail are applied from the time they are created or modified and are saved in one‑hour intervals.

Edit target resource type

You can modify the target resource type of a Trail. To modify the target resource type of a Trail, follow the steps below.

Click the All Services > Management > Logging&Audit menu. Go to the Service Home page of Logging&Audit.
Service Home page, click the Trail menu. You will be taken to the Trail List page.
On the Trail List page, click the resource (Trail) whose target resource type you want to change. You will be taken to the Trail Details page.
On the Trail Details page, click the Edit button of the Target Resource Type. You will be taken to the Edit Target Resource Type popup.
Add or modify the target resource type, select it, and verify that the selected resource type appears in the selected item at the bottom.
- Refer to the Service-specific resource type list for selectable resource types.
If you have completed adding or modifying the target resource type, click the Confirm button. You will be taken to the Trail Details page.
On the Trail Detail page, check the changed Target Resource Type.

Edit target user

You can modify the target users of a Trail. To modify the target users of a Trail, follow these steps.

Click the All Services > Management > Logging&Audit menu. Go to the Service Home page of Logging&Audit.
On the Service Home page, click the Trail menu. You will be taken to the Trail List page.
Trail List page, click the resource (Trail) whose target user you want to change. You will be taken to the Trail Details page.
On the Trail Details page, click the Edit button of the Target User. The Target User Edit popup opens.
Add or modify the target user, select them, and verify that the selected user appears in the Selection Item at the bottom.
If you have completed adding or modifying the target user, click the Confirm button. You will be taken to the Trail Details page.
On the Trail Details page, check the changed Target Users.

Modify Save Format

You can modify the format of log files stored in Trail’s bucket. To change Trail’s storage format, follow these steps.

Click the All Services > Management > Logging&Audit menu. You will be taken to the Service Home page of Logging&Audit.
On the Service Home page, click the Trail menu. You will be taken to the Trail List page.
Trail List page, click the resource (Trail) whose log file storage format you want to change. You will be taken to the Trail Details page.
On the Trail Details page, click the Edit button of the Save Format. The Edit Save Format popup window opens.
Change the file format and click the Confirm button. You will be taken to the Trail Details page.
On the Trail Detail page, check the changed Save Format.

Edit Trail description

You can edit the description of a Trail. To edit the description of a Trail, follow these steps.

Click the All Services > Management > Logging&Audit menu. Go to the Service Home page of Logging&Audit.
On the Service Home page, click the Trail menu. You will be taken to the Trail List page.
Trail List page, click the resource (Trail) whose description you want to edit. You will be taken to the Trail Detail page.
Click the Edit button of the Description on the Trail Details page. The Edit Description popup opens.
Complete editing the description and click the Confirm button. You will be taken to the Trail Details page.
Check the updated description on the Trail Detail page.

Modify log file verification

You can modify whether Trail’s log file verification is enabled. To modify the usage of Trail’s log file verification, follow the steps below.

Click the All Services > Management > Logging&Audit menu. Navigate to the Service Home page of Logging&Audit.
On the Service Home page, click the Trail menu. You will be taken to the Trail List page.
Click the resource (Trail) whose log file verification setting you want to change on the Trail List page. You will be taken to the Trail Details page.
Click the Edit button of Log File Verification on the Trail Details page. You will be taken to the Log File Verification Edit popup.
If you select Use, a Digest file is stored in the same bucket to verify whether the Trail log file has been modified or deleted. Choose whether to use it and click the Confirm button. You will be taken to the Trail Details page.
On the Trail Details page, check the updated log file verification.

Modify ServiceWatch Log Collection

You can modify whether ServiceWatch log collection is enabled. To modify the ServiceWatch log collection setting for a Trail, follow these steps.

Click the All Services > Management > Logging&Audit menu. Proceed to the Service Home page of Logging&Audit.
On the Service Home page, click the Trail menu. You will be taken to the Trail List page.
On the Trail List page, click the resource (Trail) to change the ServiceWatch log collection setting. You will be taken to the Trail Details page.
On the Trail Details page, click the Edit button of ServiceWatch log collection. You will be taken to the Edit ServiceWatch log collection popup.

When you select Use, the ServiceWatch log group name that will receive the Trail logs is automatically generated and can be viewed. Also select the IAM role required for ServiceWatch log collection, and click the Confirm button. You will be taken to the Trail Details page.

ServiceWatch log collection requires the following configuration for the IAM role.

Select Service for the Category of Actor, and select loggingaudit.samsungsdscloud.com for Value.

In the policy, link a policy configured with the following permissions.

servicewatch:CreateBulkServiceLogEvents
servicewatch:CollectLogGroupLogStream

To create the authentication type as all authentication, write it as follows.

Color mode

{
	"Statement": [
		{
			"Action": [
				servicewatch:CreateBulkServiceLogEvents
				servicewatch:CollectLogGroupLogStream
			],
			"Effect": "Allow"
			"Resource": [
				*
			],
			"Sid": "VisualEditor0"
		}
	],
	"Version": "2024-07-01"
}

{
	"Statement": [
		{
			"Action": [
				servicewatch:CreateBulkServiceLogEvents
				servicewatch:CollectLogGroupLogStream
			],
			"Effect": "Allow"
			"Resource": [
				*
			],
			"Sid": "VisualEditor0"
		}
	],
	"Version": "2024-07-01"
}

Code block. IAM policy > Permission (authentication type: all credentials)

If you want to create the authentication type as temporary authentication, Console login, you need a Condition clause as shown below.

Color mode

{
	"Statement": [
		{
			"Action": [
				servicewatch:CreateBulkServiceLogEvents
				servicewatch:CollectLogGroupLogStream
			],
			"Effect": "Allow"
			"Resource": [
				*
			],
			"Sid": "VisualEditor0"
            "Condition": {
                "Bool": {
                        "scp:MultiFactorAuthPresent": [
                            True
                    ]
                }
            }
		}
	],
    "Version": "2024-07-01"
}

{
	"Statement": [
		{
			"Action": [
				servicewatch:CreateBulkServiceLogEvents
				servicewatch:CollectLogGroupLogStream
			],
			"Effect": "Allow"
			"Resource": [
				*
			],
			"Sid": "VisualEditor0"
            "Condition": {
                "Bool": {
                        "scp:MultiFactorAuthPresent": [
                            True
                    ]
                }
            }
		}
	],
    "Version": "2024-07-01"
}

Code block. IAM policy > permissions (authentication type: temporary key authentication, Console login)

Caution

When creating IAM policy permissions for setting up ServiceWatch log collection, please note that authentication type of authentication key authentication is not supported.

Check the updated ServiceWatch log collection on the Trail Details page.

Delete Trail

You can reduce operational costs by deleting unused Trails. However, deleting a Trail may cause the running service to stop immediately, so you should carefully consider the impact of service interruption before proceeding with the termination.

Caution

Please note that data cannot be recovered after deleting a Trail.

To delete a Trail, follow these steps.

Click the All Services > Management > Logging&Audit menu. Navigate to the Service Home page of Logging&Audit.
On the Service Home page, click the Trail menu. You will be taken to the Trail List page.
Trail List page, click the resource (Trail) you want to delete. You will be taken to the Trail Details page.
On the Trail Details page, click the Trail Delete button.
After deletion is complete, check the Trail list page to confirm the resource has been removed.

Caution

Deleting the Trail will stop saving activity logs. Proceed with the deletion only after fully considering the impact that may occur during service interruption.

List of resource types by service

Resource type list per service. When creating a Trail or modifying the target resource type, this is the list of selectable target resource types.

Category	Target resource type	Scope
AI&MLOps Platform	aiml-brightix:aimlops-platform	Region
API Gateway	apigateway:api	Region
Archive Storage	archivestorage:bucket	Region
Backup	backup:backup	Region
Backup	backup:backup-agent	Region
Bare Metal Server	baremetal:baremetal	Region
Block Storage(BM)	baremetal-blockstorage:volume	Region
Block Storage(BM)	baremetal-blockstorage:volume-group	Region
CacheStore	cachestore:cache-store	Region
Certificate Manager	certificatemanager:certificate	Region
Cloud Functions	scf:cloud-function	Region
Cloud LAN-Campus	clancampus:campus-network	Region
Cloud LAN-Datacenter	clandc:cloud-lan-network	Region
Cloud LAN-Datacenter	clandc:interface	Region
Cloud LAN-Datacenter	clandc:vcable	Region
Cloud LAN-Datacenter	clandc:vdevice	Region
Cloud WAN	clanwan:attachment	Region
Cloud WAN	clanwan:network	Region
Cloud WAN	clanwan:segment	Region
Cloud WAN	clanwan:segment-location	Region
Cloud WAN	clanwan:segment-sharing	Region
CloudML	aiml-brightix:cloud-ml	Region
Config Inspection	configinspection:config-inspection	Region
Container Registry	scr:container-registry	Region
Cost Savings	billingplan:cost-savings	Region
Data Flow	dataanalytics-brightix:data-flow	Region
Data Flow Service	dataanalytics-brightix:data-flow-service	Region
Data Ops	dataanalytics-brightix:data-ops	Region
Data Ops Service	dataanalytics-brightix:data-ops-service	Region
DevOps Service	devopsservice:devops-service	Region
Direct Connect	direct-connect:direct-connect	Region
EPAS(DBaaS)	epas:epas	Region
Edge Server	edgeserver:edge-server	Region
Event Streams	eventstreams:event-streams	Region
File Storage	filestorage:volume	Region
Firewall	firewall:firewall	Region
GPU Server	gpuserver:image	Region
GPU Server	gpuserver:server	Region
GSLB	gslb:gslb	Region
Global CDN	cdn:cdn	Region
Hosted Zone	dns:hosted-zone	Region
Identity Access Management	iam:access-key	Region
Identity Access Management	iam:group	Region
Identity Access Management	iam:policy	Region
Identity Access Management	iam:role	Region
Identity Access Management	iam:user	Region
Key Management Service	kms:kms	Region
Kubernetes Engine	ske:cluster	Region
Kubernetes Engine	ske:nodepool	Region
LB Health Check	loadbalancer:lb-health-check	Region
LB Listener	loadbalancer:lb-listener	Region
LB Server Group	loadbalancer:lb-server-group	Region
Load Balancer Listener Old	loadbalancer-old:listener	Region
Load Balancer Old	loadbalancer-old:loadbalancer	Region
Load Balancer Pool	loadbalancer-old:pool	Region
Load Balancer	loadbalancer:loadbalancer	Region
Logging&Audit	loggingaudit:tral	Region
MariaDB(DBaaS)	mariadb:mariadb	Region
Marketplace	marketplace:product-service	Region
Microsoft SQL Server(DBaaS)	sqlserver:sqlserver	Region
Multi-node GPU Cluster	multinodegpucluster:gpu-node	Region
Multi-node GPU Cluster	multinodegpucluster:cluster-fabric	Region
MySQL(DBaaS)	mysql:mysql	Region
Network Logging	network-logging:network-logging	Region
Object Storage	objectstorage:bucket	Region
Organization	organization:delegation-policy	Region
Organization	organization:invitationi	Region
Organization	organization:organization	Region
Organization	organization:organization-account	Region
Organization	organization:ou	Region
Organization	organization:service-control-policy	Region
Planned Compute	billingplan:planned-compute	Region
PostgreSQL(DBaaS)	postgresql:postgresql	Region
Private 5G Cloud	private-fivegen-cloud:private-fivegen-cloud	Region
Private DNS	dns:private-dns	Region
Private NAT	vpc:private-nat	Region
Public Domain Name	dns:public-domain-name	Region
Public IP	vpc:publicip	Region
Quick Query	dataanalytics-brightix:quick-query	Region
Repository	scr:repository	Region
Search Engine	searchengine:search-engine	Region
Secret Vault	secretvault:secretvault	Region
Security Group	security-group:security-group	Region
SingleID	singleid:singleid	Region
Support Plan	billingplan:support-plan	Region
Trail	loggingaudit:trail	Region
Transit Gateway	vpc:trasit-gateway	Region
VPC	vpc:vpc	Region
VPC	vpc:internet-gateway	Region
VPC	vpc:vpc-endpoint	Region
VPC	vpc:vpc-peering	Region
VPC	vpc:nat-gateway	Region
VPC	vpc:port	Region
VPC	vpc:subnet	Region
VPC	vpc:private-nat	Region
VPC	vpc:privatelink-endpoint	Region
VPC	vpc:privatelink-service	Region
VPC	vpc:publicip	Region
VPC	vpc:transit-gateway	Region
VPN	vpn:vpn-gateway	Region
VPN	vpn:vpn-tunnel	Region
Vertica	vertica:vertica	Region
Virtual Server	virtualserver:server	Region
Virtual Server	virtualserver:auto-scaling-group	Region
Virtual Server	virtualserver:launch-configuration	Region
Virtual Server	virtualserver:image	Region
Virtual Server	virtualserver:keypair	Region
Virtual Server	virtualserver:server-group	Region
Virtual Server	virtualserver:volume	Region

Table. List of resource types by service

How-to guides

Release Note

Managing Trails

Create Trail

Check Trail detailed information

Detailed Information

tag

Job History

Managing Trail Resources

Getting Started with Trail

Stop Trail

Managing Trail Resources

Modify target region

Edit target resource type

Edit target user

Modify Save Format

Edit Trail description

Modify log file verification

Modify ServiceWatch Log Collection

Delete Trail

List of resource types by service