All the logs of Security Center are stored in a dedicated Logstore. You can find the Logstore in the project that stores Security Center logs in the Log Service console. The project is named in the sas-log-Alibaba Cloud account ID-region name format.

After log analysis is enabled for Security Center, Security Center automatically creates a Logstore named sas-log that is dedicated to Security Center in the Log Service console. The logs of Security Center are stored in the newly created Logstore. Be careful not to delete the Logstore by mistake.
Notice If you delete the Logstore by mistake, a message appears, indicating that the sas-log Logstore does not exist and all the log data in your current Logstore is lost. In this case, you must submit a ticket to undo the operation. After you undo the operation, you must enable log analysis again. Lost log data cannot be recovered.

Logstore limits

  • You cannot use the Log Service API or SDKs to import data into a Logstore or modify the attributes of the Logstore, such as the retention period.
  • To use the log analysis feature of Security Center, you must purchase and enable the feature before you activate Log Service.
  • The default reports may be updated in later versions.
  • Only users of the Security Center Enterprise and Ultimate editions can view network logs. Users of the Security Center Anti-virus or Advanced edition cannot view network logs. On the Log Analysis page of the Security Center console, users of the Anti-virus or Advanced edition can view only security and host logs.