Checks whether at least one active trail exists in ActionTrail.
Scenarios
Multi-Level Protection Scheme (MLPS) 2.0 and laws and regulations on network security require that you retain operation logs generated in IT systems for at least 180 days. By default, ActionTrail retains operation logs that were generated within your Alibaba Cloud account in the last 90 days. Therefore, you must create a trail in ActionTrail to continuously collect operation logs and retain them for at least 180 days. You can troubleshoot issues based on the operation logs to perform O&M operations for your data.
Risk level
Default risk level: high.
You can change the risk level as required when you apply this rule.
Compliance evaluation logic
- If at least one active trail exists in ActionTrail, the evaluation result is compliant.
- If a trail is disabled in ActionTrail, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.
- If no trail exists in ActionTrail, the evaluation result is no data.
Rule details
| Item | Description |
|---|---|
| Rule name | actiontrail-enabled |
| Rule ID | actiontrail-enabled |
| Tag | Actiontrail |
| Automatic remediation | Not supported |
| Trigger type | Configuration change |
| Supported resource type | ActionTrail trail |
| Input parameter | None |
Non-compliance remediation
For more information about how to enable a trail in ActionTrail, see Enable logging for a single-account trail or Enable logging for a multi-account trail.