Security Center supports full log service and provides features for accurate real-time log querying and log analysis.

Prerequisites

All logs of Security Center are stored in the sas-log Logstore. You can find the Logstore in the sas-log-Alibaba Cloud account ID-zone project that stores logs of the Log Service.

To use the Log Analysis Service, you need to activate and purchase the service in the Security Center console.

If you are using the Security CenterBasic Edition and want to use the Log Analysis Service, you need to upgrade to the Enterprise Edition first. For more information, see Renewal and upgrade.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, click Investigation > Log Analysis to enter the Activate Log Analysis page.
  3. Click Activate Now on the Activate Log Analysis page.
    Activate Now
  4. On the Purchase page, check Full Log and configure some other settings as needed.
  5. Click Purchase Now.
  6. After you confirm your order, check Security Center Agreement.
  7. Click Purchase to complete the Log Analysis Service purchase.
  8. In the Activate Log Analysis page, click Authorize RAM User to complete the authorization.

After the authorization is complete, you can use the Log Analysis Service in Security Center.