The Advanced and Enterprise editions of Security Center support the log analysis feature. This feature allows you to query and analyze log data in real time. This topic describes how to activate log analysis.

Background information

You must activate log analysis in the Security Center console before you can use log analysis.
You must upgrade the Basic edition to the Advanced or Enterprise edition before you can activate log analysis. For more information about upgrading Security Center, see Renewal and upgrade.
Notice By default, the following logs are enabled in Security Center: security, network, and host logs. Only the Enterprise edition supports network logs. The Advanced edition does not support network logs. The Advanced edition displays only security and host logs on the Log Analysis page.

After you activate log analysis, Log Service automatically creates a dedicated Logstore to store Security Center logs. You can view information about the Logstore in the . For more information about Logstore limits, see Limits.


  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Investigation > Log Analysis.
  3. In the Activate Log Analysis wizard, click Activate Now to activate log analysis and then grant Security Center the permission to access Log Service.
  4. On the Purchase tab, click Activate Now.
    Click Activate Now
  5. On the buy page of Security Center, set Log Analysis to Yes, and specify a Log Storage Capacity.
    Select the specification on the buy page
  6. Select the Security Center Agreement of Service check box and click Pay.
  7. Click Log Analysis has been activated. in the message that appears.
    After you activate log analysis, you can use it to query and analyze log data.