Security Center is connected to Log Service, which allows you to query and analyze 14 subtypes of logs. The logs cover network logs, host logs, and security logs. Security Center automatically collects and stores logs in real time. It is connected to Log Service to provide query, analysis, reporting, alerting, delivery, and integration with downstream computing systems.

Prerequisites

Log analysis is enabled. For more information, see Enable log analysis.

Limits

The Enterprise and Ultimate editions support 14 subtypes of logs while the Advanced edition supports only 10 subtypes of logs that cover host and security logs. The Basic and Anti-virus editions do not support log analysis. For more information about the editions that support log analysis, see Features.

Procedure

After you select a specific type, you can query and analyze the collected logs of this type in real time. You can also perform operations, such as viewing or editing dashboards and configuring monitoring and alerting.

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Investigation > Log Analysis.
  3. In the upper-left corner of the Log Analysis page, select the type of log that you want to view and set Log Status to Enabled. Log Analysis
  4. On the Log Analysis page, query and analyze logs.
    On the page:
    • The Log Analysis tab displays the log query and analysis results of the type that you select in Step 3. The system automatically provides query statements for you. Query statement
    • You can click the time above the Search / Analyze button. In the Time panel, specify the time range, close the panel, and then click Search / Analyze to view the logs in the specified time range. Specify a time range
      Note Security Center logs can be stored for 180 days. Each log entry is deleted on the 180th day after it is generated.