All Products
Search
Document Center

Security Center:Query logs

Last Updated:Mar 14, 2024

Security Center is connected to Log Service, which allows you to query and analyze 14 subtypes of logs. The logs cover network logs, host logs, and security logs. Security Center automatically collects and stores logs in real time. It is connected to Log Service to provide query, analysis, reporting, alerting, delivery, and integration with downstream computing systems.

Prerequisites

Log analysis is enabled. For more information, see Enable log analysis.

Limits

Security Center Enterprise and Security Center Ultimate support 16 types of logs. Security Center Anti-virus and Security Center Advanced support only 12 subtypes of host logs and security logs. Security Center Anti-virus and Security Center Advanced do not support network logs. Security Center Basic does not support log analysis.

Procedure

After you select a specific type, you can query and analyze the collected logs of this type in real time. You can also perform operations, such as viewing or editing dashboards and configuring monitoring and alerting.

  1. Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.

  2. In the left-side navigation pane, choose Risk Governance > Log Analysis.

  3. In the upper-left corner of the Log Analysis page, select the type of the logs that you want to view and set Log Status to Enabled.日志分析

  4. On the Log Analysis page, query and analyze logs.

    You can perform the following operations:

    • The Log Analysis tab displays the query and analysis results of the logs of the type that you select in Step 3. The system automatically provides query statements for you.查询语句

    • You can click the time above the Search / Analyze button. In the Time panel, specify the time range, close the panel, and then click Search / Analyze to view the logs in the specified time range.选择日志时间范围

      Note

      Security Center logs can be stored for 180 days. Each log entry is deleted on the 180th day after it is generated.