Trail Management

Users can view activity logs through the Samsung Cloud Platform Console and store those activity logs using the Trail service without time constraints. Since activity logs are retained for 90 days, for long-term storage you must create a Trail service and store them in Object Storage.

Trail Create

You can store activity logs without time restrictions using the Trail service of Logging&Audit in the Samsung Cloud Platform Console.

To create a Trail, follow the steps below.

1. All Services > Management > Logging&Audit Click the menu. Navigate to Logging&Audit’s Service Home page.
2. Click the Trail menu on the Service Home page. Go to the Trail List page.
3. Click the Trail List page’s Create Trail button. It navigates to the Create Trail page.
   • Service Information Input Enter or select the required information in the area.

     Category	Required	Detailed description
     Trail name	Required	Trail name Enter 5-26 characters using English letters, numbers, and the special character (-)
     Target Region	Required	Region where activity occurred Services that are created without specifying a region select the target region as All If a specific region selection is needed, select from the region list The target region can be changed after creation
     Target Resource Type	Required	Resource type of activity logs to be stored in Trail

     • Default: **All**

     • If you want to change to specify only certain resource types, click the **Select** button to choose the resource types to store

     • Refer to the [Service-specific Resource Type List](#서비스-별-자원-형-목록)

     • The target resource type can be changed after creation

     | |Target User |Required |User of activity logs to be stored in Trail

     • Default: **All**

     • If you want to change to specify only certain users, click the **Select** button to choose the users to store

     • Target users can be changed after creation

     | |Storage Bucket Region |Required |Location (region) of the Object Storage bucket where activity logs will be stored

     • The storage bucket cannot be changed after creation

     | |Storage bucket |Required |Object Stroage bucket name to store activity logs

     • Storage bucket cannot be changed after creation

     | |Save format |Required |File type to save (JSON, CSV)

     • The save format can be changed after creation

     | |Log file verification| Select|Whether to use log file verification

     • **Use** is selected, a Digest file is stored in the same bucket to verify changes and deletions of the Trail log file

     • The usage of log file verification can be changed after creation

     | |ServiceWatch log collection| Select|Trail logs are sent to ServiceWatch's log group. By sending Trail logs to ServiceWatch's log group, you can monitor via ServiceWatch and receive notifications when specific activities occur

     • If you select **Use**, you can view the automatically generated ServiceWatch log group name. You can also select the **IAM role** required for ServiceWatch log collection.

     • The **IAM role** for ServiceWatch log collection requires the following settings
       • Select **Service** for the **Category** of the **Principal**, and set **Value** to loggingaudit.samsungsdscloud.com

     • Attach a policy to **Policy** with the following **Permissions**
       • servicewatch:CreateBulkServiceLogEvents
       • servicewatch:CollectLogGroupLogStream

     • The use of ServiceWatch log collection can be changed after creating the Trail

     |

     Table. Trail Service Information Input Items
   • Additional Information Input Enter or select the required information in the area.

     Category	Required or not	Detailed description
     Description	Selection	Enter additional information or description about Trail
     Tag	Select	Add Tag Up to 50 can be added per resource After clicking the Add Tag button, enter or select Key, Value values

     Table. Trail additional information input items

{
	"Statement": [
		{
			"Action": [
				"servicewatch:CreateBulkServiceLogEvents","
				"servicewatch:CollectLogGroupLogStream"
			],
			"Effect": "Allow",
			"Resource": [
				"*""
			],
			"Sid": "VisualEditor0"
		}
	],
	"Version": "2024-07-01"
}

4. Summary Check the detailed information and estimated billing amount generated in the panel, and click the Complete button.
   • When creation is complete, check the created resources on the Trail list page.

Trail Check detailed information

Trail service can view and edit the full list and detailed information. Trail Details page consists of Detailed Information, Tags, Activity History tabs.

To check the detailed Trail information, follow the steps below.

1. All Services > Management > Logging&Audit Click the menu. Navigate to Logging&Audit’s Service Home page.
2. Click the Trail menu on the Service Home page. Navigate to the Trail List page.
3. Click the resource to view detailed information on the Trail list page. You will be taken to the Trail detail page.
   • Trail Details page displays status information and additional feature information, and consists of Details, Tags, Activity History tabs.

     Category	Detailed description
     Trail status	Status of the Trail created by the user Active: Trail operating Stopped: Trail stopped
     Trail Control	Button to change Trail status Start: Start a stopped Trail. Activity records are saved again from the day the Trail is started. Stop: Stop a running Trail. Activity recording is stopped, and previously saved activity records are retained.
     Trail Delete	Button to delete Trail

     Table. Trail status information and additional functions

Detailed Information

Trail list page lets you view detailed information of the selected resource and, if needed, modify the information.

Tag

On the Trail list page, you can view the tag information of the selected resource, and you can add, modify, or delete it.

Work History

Trail list page allows you to view the operation history of the selected resource.

Trail Resource Control

Depending on the state of the Trail, you can start or stop. To control the Trail’s resources, follow the steps below.

Trail Start

You can start a stopped Trail. Activity logs from the day you started the Trail will be saved again.

1. All Services > Management > Logging&Audit Please click the menu. Navigate to the Service Home page of Logging&Audit.
2. Click the Trail menu on the Service Home page. Navigate to the Trail List page.
3. On the Trail 목록 page, click the resource (Trail) to restart the stopped Trail. You will be taken to the Trail 상세 page.
4. On the Trail Details page, click the Start button at the top to start the server. Check the status of the changed Trail in the Status Display field.
   • When the Trail start is completed, the status changes from Stopped to Active.
   • For detailed information about the Trail status, please refer to Check Trail detailed information.

Trail Stop

You can stop a Trail that is active. It stops recording activity history for the Trail, while preserving any previously saved activity history.

1. All Services > Management > Logging&Audit Click the menu. Navigate to Logging&Audit’s Service Home page.
2. Click the Trail menu on the Service Home page. You will be taken to the Trail List page.
3. Trail list page, click the resource (Trail) to stop operation. Navigate to the Trail detail page.
4. On the Trail Details page, click the Stop button at the top to stop the server. In the Status Display section, check the status of the changed Trail.
   • When the trail stop is completed, the status changes from Active to Stopped.
   • For detailed information about the Trail status, please refer to Check Trail detailed information.

Trail Resource Management

If you need control and management functions for the created Trail resource, you can perform the tasks on the Trail Details page.

Edit target region

You can modify the target region of the Trail. To modify the target region of the Trail, follow the steps below.

1. Click the All Services > Management > Logging&Audit menu. Go to the Service Home page of Logging&Audit.
2. Click the Trail menu on the Service Home page. Go to the Trail List page.
3. Click the resource (Trail) to change the target region on the Trail list page. You will be taken to the Trail details page.
4. Click the Edit button of Target Region on the Trail Detail page. It moves to the Target Region Edit popup.
5. From the region list, select the region to change, and click the Confirm button. It moves to the Trail Details page.
6. On the Trail Details page, check the changed target region.

Edit Target Resource Type

You can modify the target resource type of the Trail. To modify the target resource type of the Trail, follow the steps below.

1. Click the All Services > Management > Logging&Audit menu. Go to the Service Home page of Logging&Audit.
2. Click the Trail menu on the Service Home page. It moves to the Trail List page.
3. Trail list page, click the resource (Trail) whose target resource type you want to change. You will be taken to the Trail details page.
4. Click the Edit button of Target Resource Type on the Trail Details page. It will navigate to the Target Resource Type Edit popup.
5. Add or change the target resource type, select it, and verify that the selected resource type appears in the Selection Items at the bottom.
   • For selectable resource types, refer to the List of resource types per service.
6. If you have completed adding or changing the target resource type, click the Confirm button. You will be taken to the Trail Details page.
7. Check the changed Target Resource Type on the Trail Details page.

Edit Target Users

You can modify the target users of Trail. To modify the target users of Trail, follow the steps below.

1. All Services > Management > Logging&Audit Click the menu. Navigate to the Service Home page of Logging&Audit.
2. Click the Trail menu on the Service Home page. Navigate to the Trail List page.
3. On the Trail List page, click the resource (Trail) to change the target user. It moves to the Trail Details page.
4. Click the edit button of the target user on the Trail details page. The target user edit popup opens.
5. Add or change the target user, select it, and verify that the selected user appears in the Selection at the bottom.
6. If you have completed adding or modifying the target user, click the Confirm button. You will be taken to the Trail Details page.
7. Check the changed Target User on the Trail Details page.

Edit Save Format

You can modify the log file format stored in Trail’s bucket. To modify Trail’s storage format, follow the steps below.

1. Click the All Services > Management > Logging&Audit menu. Navigate to the Service Home page of Logging&Audit.
2. Click the Trail menu on the Service Home page. Navigate to the Trail List page.
3. Trail List page, click the resource (Trail) to change the log file storage format. You will be taken to the Trail Details page.
4. Click the Edit button of Save format on the Trail Details page. The Save format Edit popup opens.
5. Change the file format and click the Confirm button. Move to the Trail details page.
6. Check the changed save format on the Trail Details page.

Trail Edit Description

Trail’s description can be edited. To edit the description of Trail, follow the steps below.

1. Click the All Services > Management > Logging&Audit menu. Navigate to the Service Home page of Logging&Audit.
2. Click the Trail menu on the Service Home page. Go to the Trail List page.
3. Click the resource (Trail) to modify the description on the Trail List page. It moves to the Trail Details page.
4. Click the Edit button of Description on the Trail Details page. Edit Description popup opens.
5. Complete editing the description and click the Confirm button. Navigate to the Trail Details page.
6. Please check the changed Description on the Trail Details page.

Modify log file verification

You can modify whether Trail’s log file verification is used. To modify the usage of Trail’s log file verification, follow the steps below.

1. All Services > Management > Logging&Audit Click the menu. Navigate to Logging&Audit’s Service Home page.
2. Click the Trail menu on the Service Home page. Navigate to the Trail List page.
3. Click the resource (Trail) to change the log file validation usage on the Trail list page. You will be taken to the Trail details page.
4. On the Trail Detail page, click the Log File Verification Edit button. It will move to the Log File Verification Edit popup.
5. If you select Use, a Digest file is stored in the same bucket to verify changes and deletions of the Trail log file. Choose whether to use, and click the Confirm button. You will be taken to the Trail Details page.
6. Please check the changed Log File Verification on the Trail Details page.

ServiceWatch Modify log collection

You can modify whether ServiceWatch log collection is used. To modify the ServiceWatch log collection usage for a Trail, follow these steps.

1. All Services > Management > Logging&Audit Click the menu. Navigate to Logging&Audit’s Service Home page.
2. Click the Trail menu on the Service Home page. It moves to the Trail List page.
3. Click the resource (Trail) to change the ServiceWatch log collection usage on the Trail List page. You will be taken to the Trail Details page.
4. Click the Edit button of ServiceWatch log collection on the Trail Detail page. You will be taken to the ServiceWatch log collection Edit popup.
5. If you select Use, a ServiceWatch log group name that will receive the Trail logs is automatically generated and can be viewed. Also select the IAM role required for ServiceWatch log collection, and click the Confirm button. It navigates to the Trail details page.
   • ServiceWatch log collection IAM role requires the following settings.
     • Performer’s type is selected as Service, and Value is set to loggingaudit.samsungsdscloud.com.
     • Policy connects a policy set configured with the following permissions.
       • servicewatch:CreateBulkServiceLogEvents
       • servicewatch:CollectLogGroupLogStream
         Sample Code Download

         Copy Code

         Color mode

         {
         	"Statement": [
         		{
         			"Action": [
         				"servicewatch:CreateBulkServiceLogEvents",
         				"servicewatch:CollectLogGroupLogStream"
         			],
         			"Effect": "Allow",
         			"Resource": [
         				"*
         			],
         			"Sid": "VisualEditor0"
         		}
         	],
         	"Version": "2024-07-01"
         }

         {
         	"Statement": [
         		{
         			"Action": [
         				"servicewatch:CreateBulkServiceLogEvents",
         				"servicewatch:CollectLogGroupLogStream"
         			],
         			"Effect": "Allow",
         			"Resource": [
         				"*
         			],
         			"Sid": "VisualEditor0"
         		}
         	],
         	"Version": "2024-07-01"
         }

6. Trail Details page where ServiceWatch log collection has changed. Please check.

Trail Delete

You can reduce operating costs by deleting unused Trails. However, deleting a Trail may cause the running service to stop immediately, so you should consider the impact of service interruption thoroughly before proceeding with the termination.

To delete the Trail, follow the steps below.

1. Click the All Services > Management > Logging&Audit menu. Navigate to the Service Home page of Logging&Audit.
2. Click the Trail menu on the Service Home page. You will be taken to the Trail list page.
3. Click the resource (Trail) you want to delete on the Trail List page. You will be taken to the Trail Details page.
4. Click the Delete Trail button on the Trail Details page.
5. When deletion is complete, check if the resource has been deleted on the Trail list page.

List of resource types by service

Service-specific resource type list. When Trail creation and Target Resource Type are modified, this is the list of selectable target resource types.