After you enable the log analysis feature, Security Center automatically provides dashboards and displays them on the Log Reports tab. You can perform the following operations on a dashboard: specify a time range, subscribe to log reports, refresh data, configure refresh settings, and view data in the dashboard. The data in the dashboard is updated based on your operations.

Prerequisites

Log Status in the right side of the Log Analysis tab is set to Enabled. If Log Status is set to Disabled, the system does not display log reports. Log status

Background information

On the Log Reports tab, you can view the following nine dashboards that are automatically provided.

  • Security
    • Alarm Center
    • Vulnerability Center
    • Baseline Center
  • Host
    • Login Center
    • Process Center
    • Connection Center
  • Network
    • DNS Access Center
    • Web Access Center
    • Network Session Center

For more information about the widgets in these dashboards, see Dashboards on the Log Reports tab.

Procedure

To view log reports, perform the following steps:
  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Investigation > Log Analysis.
  3. On the Log Analysis page, click the Log Report tab. Select a type of host log from the drop-down list. For example, select Host Logs > Brute Force. The Log Reports tab displays the sub-tabs for host log reports. Select a type of host log
  4. Click Login Center, Process Center, or Connection Center. The sub-tab for each type of log report appears. Switch between log reports
  5. Click Please Select in the upper-right corner of the Login Center, Process Center, or Connection Center sub-tab. The Time panel appears. Select
  6. In the Time panel, specify a time range based on your business requirements and click OK. You can specify a time range in the Relative, Time Frame, or Custom sections.
    Time setting
    Note
    • After you specify a time range, the widgets on the dashboard display the data within the time range.
    • The system applies the time setting only to the current sub-tab and does not save the settings. The next time you open this sub-tab, the dashboard displays data based on the default time setting.
  7. Optional. Click Subscribe in the upper-right corner of the Login Center, Process Center, or Connection Center sub-tab. In the Create Subscription wizard, subscribe to the log report that corresponds to the sub-tab.
    1. In the Subscription Configuration step, configure the parameters such as Subscription Name and Frequency. Subscription Configuration
      The following list describes the parameters:
      • Subscription Name: the name of the log report to which you want to subscribe. The system automatically provides a name based on the type of log. You can replace the provided name with a custom one.
      • Frequency: the frequency at which the system sends the subscribed log report.
        • Hourly: The system sends the log report every hour on the hour.
        • Daily: The system sends the log report every day at the same time. You can set the time to the exact beginning of an hour from 00:00 to 23:00.
        • Weekly: The system sends the log report every week at the same time. You can set the time to the exact beginning of an hour from 00:00 to 23:00 on Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, or Sunday.
        • Fixed Interval: The system sends the log report at fixed intervals of days or hours.
        • Cron: The system sends the log report based on the cron expression that you enter. The time specified in the cron expression is accurate to minutes and is in the 24-hour notation. You can refer to the examples in the console to enter a cron expression.
      • Add Watermark: If you turn on Add Watermark, the system adds your notification settings as watermarks to the images in the log report. The notification settings can be an email address or webhook request URL.
    2. Click Next to set the Notifications parameter. Set the Notifications parameter
      You can select one of the following notification methods:
      • Email: Add the email address of a recipient. You can add more than one email address.
      • WebHook-DingTalk Bot: Add a webhook request URL. For more information about how to obtain a webhook request URL, see Configure DingTalk chatbot notifications. Add a webhook request URL
    3. Click Submit.
  8. Optional. Click Refresh in the upper-right corner of the Login Center, Process Center, or Connection Center sub-tab. Then, configure the refresh settings for the log report. Log report refresh
    You can use one of the following refresh settings:
    • Once: The system immediately refreshes the log report.
    • Auto Refresh:The system refreshes the log report at a specific time interval. Valid values: 15 Seconds, 60 Seconds, 5 Minutes, and 15 Minutes.