tencent cloud

Cloud Log Service

Multi-tenant Capability Usage Guide

Download
포커스 모드
폰트 크기
마지막 업데이트 시간: 2026-05-27 21:26:44

Overview

This document details the multi-tenant feature in the new LogListener architecture (version ≥ 3.4.0), including feature characteristics, configuration methods, and usage scenarios, helping users achieve cross-account log collection and management.

Features

Multi-tenant support: A single LogListener instance can simultaneously report log data to multiple Tencent Cloud accounts (UIN) and regions.
Centralized Collection: Meets the requirements of business scenarios such as group log management and cross-account centralized collection.
Flexible Configuration: Supports dynamic addition, modification, and deletion of tenant configurations without restarting the service.

Prerequisites

Before using the multi-tenant feature, please ensure the following conditions are met:
Version: has been installed the LogListener new architecture (version >= 3.4.0).
Permission: Have obtained the SecretId/SecretKey or temporary keys of the target account. The keys can be obtained through API Key Management.
Network Configuration: The multi-tenant configuration does not alter the current instance's network access method, which remains consistent with the default during initialization.
Region Restriction: If cross-region transmission is involved, specify the network transmission method as "public network" during collector installation initialization. For already installed collectors, modify the collector configuration to specify "public network". For installation initialization, see Install New Architecture LogListener. If the collector is already installed, for modifying collector configuration, see LogListener Configuration Guide.

Install and upgrade to the new LogListener architecture

New installation scenario

Complete the installation of the new architecture version according to LogListener Installation Documentation.

Upgrade scenarios

Refer to LogListener Upgrade Guide to upgrade to the new LogListener architecture, ensuring the version is upgraded to 3.4.0 or later.

Multi-tenant Configuration

1. Go to the LogListener installation directory (default path is /opt/loglistener).
2. Run the following command to add new tenant configuration:
./loglistener ak -a add -u ${uin} -r ${region} -s ${secret_id} -k ${secret_key}
Parameter description:
Parameter
Required
Description
uin
Yes
Target tenant's primary account UIN.
region
Yes
Region of CLS (such as ap-guangzhou).
secret_id
Yes
Part of the Cloud API Key, which is used to identify the API caller. Ensure that the account associated with the Cloud API key has the appropriate LogListener log collection permission.
secret_key
Yes
Part of the Cloud API Key. SecretKey is used to encrypt signature strings and verify signatures on the server side. Ensure the account associated with the Cloud API key has the appropriate LogListener log collection permission.

Configuration Take Effect Notes

After the command is successfully executed, LogListener will report logs to multiple accounts and their corresponding regions simultaneously.
In the target account's CLS console, add this server to the corresponding machine group to properly deliver the collection configuration.
The current configuration information is stored in the /opt/loglistener/conf/server_config directory. As illustrated, a new file in the format of {Uin}#{Region} will be added in server_config, which is the storage location for the tenant's collection configuration.


Tenant Management

Command parameter description

Go to the LogListener installation directory (default path is /opt/loglistener). Tenant management is performed through the ./loglistener ak command. The parameters are as follows:
Parameter
Description
-a, --action
Types of operations: supports add, update, delete.
-u, --uin
The primary account's UIN.
-r, --regions
Region of the configuration.
-s, --secretid
Part of the Cloud API Key, which is used to identify the API caller. Ensure that the account associated with the Cloud API key has the appropriate LogListener log collection permission.
-k, --secretkey
Part of the Cloud API Key. SecretKey is used to encrypt signature strings and verify signatures on the server side. Ensure the account associated with the Cloud API key has the appropriate LogListener log collection permission.
-t, --token
Temporary key Token (optional). This field is only required for temporary key scenarios.

Modify tenant configuration

1. Run the following command to modify the region configuration for the specified tenant.
./loglistener ak -a update -u ${tenant's primary account UIN} -r ${new region}
2. After modification, LogListener will report data according to the new region configuration without requiring a service restart.

Delete tenant configuration

Run the following command to delete the specified tenant configuration.
./loglistener ak -a delete -u ${tenant's primary account UIN}


도움말 및 지원

문제 해결에 도움이 되었나요?

피드백