Monitor OpenClaw with Tencent Cloud CLS
A text-first setup guide for collecting OpenClaw runtime data into CLS and using built-in dashboards for cost, operations, sessions, and security.
AI Agent systems need observability beyond process uptime. Teams need to know where token spend is going, whether queues are backing up, which sessions are problematic, and whether risky behavior is appearing in agent operations.
OpenClaw Usage Insights, built on Tencent Cloud Log Service (CLS), is designed to collect OpenClaw runtime data and make it available through prebuilt dashboards, raw log search, and later alerting workflows. The source material describes a one-click onboarding path for Tencent Cloud servers and a command-line path for self-managed servers.
What the Integration Covers
The integration maps common OpenClaw operating questions to CLS-backed capabilities.
| Question | Capability | Value |
|---|---|---|
| Where is the money going? | Cost governance dashboard | Summarizes total spend, token totals, average session cost, and multidimensional cost distribution so teams can locate high-cost sessions and messages. |
| Is the system unhealthy? | Operations observability dashboard | Monitors message processing volume, queue depth, execution time p95, long-running sessions, log levels, OTEL metrics, and system status. |
| Where are users spending time? | Session management dashboard | Summarizes sessions, average turns, tool-call count, channel and model distribution, and user interaction behavior. |
| What happened inside one session? | Session detail dashboard | Reconstructs the interaction flow, token usage, per-round detail, single-round cost, issue checks, and prompt optimization clues. |
| Are there security risks? | Security audit dashboard | Tracks high-risk sessions, high-risk command execution, and sensitive file access to reduce operational risk. |
| How do I inspect raw logs? | Log search | Supports server filtering, condition search, and AI-assisted query writing for raw logs and charts. |
Prerequisites
Before onboarding, prepare three things:
- OpenClaw is installed and running.
- Tencent Cloud CLS is enabled.
- API credentials are available:
SecretIdandSecretKey.
Keep the credentials close during onboarding because both the automated server path and the self-managed server path require them.
Onboarding Path
Open the CLS console, go to the Application Center, and select OpenClaw. The access management page provides the entry for onboarding OpenClaw machines.
Option A: Tencent Cloud CVM or Lighthouse Server
Use this path when OpenClaw is running on Tencent Cloud CVM or Lighthouse.
- Choose the Tencent Cloud server type.
- Select the servers that have OpenClaw installed but are not yet collected.
- Enter
SecretIdandSecretKey. - Continue to the next step and let the system perform the installation automatically.
- Wait until the execution status reaches completed.
This path is designed for minimal manual work. After completion, the new OpenClaw machine appears in the access management list.
Option B: Self-Managed Server
Use this path when OpenClaw is running outside Tencent Cloud.
- Choose the self-managed server option.
- Enter
SecretIdandSecretKey. - Select the region.
- Copy the generated command.
- Run the command on the target server.
- Confirm that the command finishes successfully.
The source workflow positions this as a quick command-line deployment path. In practice, treat the generated command as an installation artifact: run it on the machine where OpenClaw is actually deployed, then return to CLS to verify the server appears in access management.
Verify the Collection Result
After either onboarding path completes, return to the access management list in the OpenClaw application. A successfully onboarded machine should be visible in the list.
Use this verification sequence:
| Check | Expected result |
|---|---|
| Machine list | The new OpenClaw host appears in access management. |
| Dashboard server selector | The host can be selected in dashboard views. |
| Log search server selector | The host can be selected for raw log queries. |
| Recent data | The latest runtime data appears after OpenClaw activity occurs. |
Built-In Dashboards
After collection is working, open CLS console -> Application Center -> OpenClaw -> Dashboards, then select the target server.
Cost Governance
The cost governance dashboard helps teams understand token and cost distribution. It supports a progression from global totals to session-level and message-level analysis.
Use it to answer:
- Which sessions consume the most tokens?
- Which models, channels, or message types drive cost?
- Which session or message should be optimized first?
Operations Observability
The operations dashboard focuses on runtime health. It is useful for detecting queue backlog, degraded response time, execution delays, error growth, and abnormal log levels.
Use it during daily operations and incident response. Watch p95 execution time, queue depth, message processing volume, and system status together rather than treating any one metric as the whole story.
Session Management
The session management dashboard shows session status and usage distribution. It helps product and operations teams understand session count, average turns, tool-call frequency, channel distribution, and model distribution.
This is the dashboard to open when the question is not whether the system is running, but how users are actually interacting with it.
Session Detail
The session detail dashboard is for one-session investigation. It supports two entry paths:
- From the session management dashboard, use a session ID or session content entry to open the corresponding session detail view.
- Open the session detail dashboard directly, select the server and session ID, and inspect the session.
Use this view for prompt debugging, single-session replay, token usage inspection, and issue localization.
Security Audit
The security audit dashboard focuses on high-risk sessions, high-risk command execution, sensitive behavior, and sensitive file access.
For AI Agent operations, this matters because the operational risk is often not just system downtime. It can also be unsafe tool use, unexpected command execution, or sensitive data exposure.
Raw Log Search
Dashboards cover common paths, but raw log search is still necessary when the question is new.
Open CLS console -> Application Center -> OpenClaw -> Log Search. Select a server, add query conditions, or use AI-assisted query generation. The result can include raw logs and statistical charts, which makes it useful for both low-level debugging and exploratory analysis.
Operating Model
Use the integration as a layered observability flow:
| Layer | Primary view | Typical owner |
|---|---|---|
| Cost | Cost governance dashboard | FinOps, platform, AI product owner |
| Runtime health | Operations observability dashboard | SRE, platform engineering |
| Product behavior | Session management dashboard | Product, operations |
| Debugging | Session detail and log search | Engineer, AI operations |
| Risk | Security audit dashboard | Security, platform, compliance |
Roadmap Signals from the Source Workflow
The source material also mentions two future directions:
| Direction | Expected value |
|---|---|
| End-to-end AI analysis center | Automatic abnormal-session diagnosis, cost optimization, alert root-cause analysis, performance bottleneck diagnosis, and system inspection. |
| Intelligent alerting center | Preset templates, custom policies, multichannel notification, budget threshold alerts, and metric-trace-log drilldown. |
Treat these as roadmap signals rather than current setup requirements.
FAQ
Do I need a complex collector setup?
The Tencent Cloud server path is designed to be automated after you choose the machines and enter API credentials. Self-managed servers use a generated command-line installation path.
Which dashboard should I open first?
Start with operations observability when the system may be unhealthy, cost governance when token spend is the concern, and session detail when one conversation needs investigation.
When should I use log search?
Use log search when the dashboard does not already answer the question, or when you need raw event evidence before creating a reusable chart or alert.
