The operation log module in Elastic Desktop Service (EDS) records administrator operation logs and end user operation logs. These logs track activities of Alibaba Cloud accounts and end users in EDS. This topic describes how to view operation logs.
Background information
Operation logs help you monitor and audit the operations performed by administrators and end users. Administrator operation logs record the behavior when administrators access and use cloud computers in the EDS console or call the EDS API. User operation logs record the behavior when end users start, stop, reset, connect to, and disconnect from cloud computers. Operation logs can be used to analyze security risks, trace resource change behavior, and audit behavior compliance.
View administrator operation logs
Administrator operation logs are generated based on Alibaba Cloud ActionTrail to monitor and record the activities of Alibaba Cloud accounts. You can use the administrator logs to analyze security risks, trace resource changes, audit behavior compliance.
Log on to the Elastic Desktop Service console.
In the left-side navigation pane, choose
.In the upper-left corner of the top navigation bar, select a region.
On the Administrator Operation Logs tab, specify a query condition and period of time and click the icon to query logs.
Query conditions: You can query events by read/write type, resource type, sensitive operation, event name, or operator.
Time range: By default, the operation logs of the previous 7 days before the current point in time are displayed. You can specify a time range.
View the information about an event.
Each event records the occurrence time, operator, event name, and related resource.
Click View Event Details in the Actions column to view details, including API request ID, event source, event source IP address, and more. In the Event Record section, you can view event details in the JSON format. For more information about the fields of an event, see Management event structure.
View end user operation logs
Operations performed by end users on cloud computers, such as connecting to, starting, and stopping cloud computers, are recorded in user operation logs. You can query and use user operation logs to audit user behavior based on your business requirements.
Log on to the Elastic Desktop Service console.
In the left-side navigation pane, choose
.In the upper-left corner of the top navigation bar, select a region.
On the User Operation Logs tab, select or enter a query condition, value, or time to filter logs.
Logs that meet the filtering conditions are displayed. Each user operation logs include the following information:
Event: event ID, event type, and occurrence time.
User: username of the end user related to an event.
Cloud computer: cloud computer ID and name, cloud computer pool ID and name, and office network ID and name.
Client: client OS, client version, and client IP address.
NoteIf you want to export logs in the query result, click Export in the upper-right corner of the tab. Events are exported in an Excel file, and you can download the file to your local device.
What to do next
You can deliver user operation logs from EDS to Logstores in Simple Log Service. This way, Simple Log Service can audit and monitor the operation logs, and send alerts at the earliest opportunity to prevent data leaks when logs of suspicious activities are detected. For more information, see Deliver user operation logs to Logstores.