This topic was translated by AI and is currently in queue for revision by our editors. Alibaba Cloud does not guarantee the accuracy of AI-translated content. Request expedited revision
Home PageContainer RegistryUser GuideAudit management
Search for Help Content

Instance audit

Updated at: 2025-03-13 07:13
Product
Community

The instance audit feature in the ACR service allows tracking and analysis of instance usage to enhance security and controllability. This topic describes how to enable instance audit and provides detailed explanations of the log fields.

Prerequisites

Note

To use the instance audit feature, you can submit a ticket to request.

Enable and view instance audit

Once instance audit is enabled, you can select the appropriate push or pull logs by period to facilitate real-time monitoring and analysis of user activities, enhance security, support compliance management, and perform quick troubleshooting when issues arise.

  1. Log on to the Container Registry console.

  2. In the top navigation bar, select a region.

  3. In the left-side navigation pane, click Instances.

  4. On the Instances page, click the Enterprise Edition instance that you want to manage.

  5. In the left-side navigation pane of the instance management page, select Instance Management > Audit Center, then click the Instance Audit tab, and then click Enable Use.

    Note

    • The console will create a project named aliyun-product-data-<UID>-<region> in Simple Log Service and create a Logstore named acr_access_log.

    • Multiple instances in the same region will be stored in the same Logstore after delivery is enabled. You can use the instance ID to filter logs.

    • The default data retention period is 365 days. You can modify it as needed in Simple Log Service. For more information, see Manage Logstore.

    image

Audit field details

Below are detailed explanations of the fields in instance audit.

Field name

Example

Detailed explanation

Field name

Example

Detailed explanation

access_credential_type

Password

Type of credential.

  • Password: Fixed password.

  • TemporaryToken: Temporary password.

action

GetImageManifest

Type of operation.

  • GetImageManifest: Retrieve image Manifest.

  • GetBlob: Retrieve image Blob.

  • PutImageManifest: Push image Manifest.

  • DeleteTag: Delete image version.

blob_digest

sha256:4f4fxxxx

A unique identifier generated based on the hash of the Blob content.

http_request_host

demo-registry.cn-hangzhou.cr.aliyuncs.com

Request endpoint.

http_request_id

718e09d1-aab5-xxxxx

Request ID.

http_request_method

GET

HTTP request method.

http_request_remote_vpc_id

vpc-xxxxxx

Client VPC address.

http_request_remoteaddr

140.xx.xx.xx

Client IP address.

http_request_useragent

docker/24.0.2

The User-Agent header in the HTTP request.

http_response_status

200

The HTTP status code.

instance_id

cri-xxx

The ID of the instance.

namespace

test-ns

The namespace to which the image repository belongs.

repo

test-repo

The name of the image repository.

namespace_repo

test-ns/test-repo

The full name of the image repository.

network_type

Internet

Type of access network.

  • Internet: Public network.

  • VPC: Virtual private cloud (VPC).

tag

v1

Image version.

time

2024-04-12T16:58:30.855892463+08:00

The time when the server received the request.

user_identity_account_id

135668xxxxxxx

The ID of the Alibaba Cloud account of the requester.

user_identity_player_account_id

149134xxxxxxx

The ID of the player account.

user_identity_principal_id

300786xxxxxxx:Alice

The ID of the current requester. You need to combine it with user_identity_user_type to uniquely identify the requester.

  • If the value of the event.userIdentity.type field is root-account, this field is set to the ID of the Alibaba Cloud account.

  • If the value of the event.userIdentity.type field is ram-user, this field is set to the ID of the Resource Access Management (RAM) user.

  • If the value of the event.userIdentity.type field is assumed-role, this field is set to RoleID:RoleSessionName.

user_identity_role_id

300786xxxxxxx

The role ID.

user_identity_role_name

teststs

The role name.

user_identity_user_type

assumed-role

The type of the identity.

  • root-account: indicates an Alibaba Cloud account.

  • ram-user: indicates a RAM user.

  • assumed-role: indicates a RAM role.

  • system: indicates an ACR service call.

user_name

sub_user@xxxx

The instance logon name.

Previous: Modify an event notification templateNext: OCI Artifacts
  • On this page (1)
  • Prerequisites
  • Enable and view instance audit
  • Audit field details
Feedback
phone Contact Us

Chat now with Alibaba Cloud Customer Service to assist you in finding the right products and services to meet your needs.

alicare alicarealicarealicare