Full logs of Security Center are stored in a dedicated Logstore. You can find the Logstore in the project that stores Security Center logs in the Log Service console. The name of the project is in the sas-log-ID of your Alibaba Cloud account-Region ID format.

After you enable log analysis of Security Center, the system automatically creates a Logstore named sas-log that is dedicated to Security Center in the Log Service console. The log data of Security Center is stored in the newly created Logstore. We recommend that you do not delete this Logstore.
Notice If you delete the Logstore by mistake, a message appears, indicating that the sas-log Logstore does not exist and all the log data in your current Logstore is lost. In this case, you must submit a ticket to undo the operation. After you undo the operation, you must enable log analysis again to use the feature. You cannot recover lost log data.

Logstore limits

  • You cannot use the Log Service API or SDKs to import data into a Logstore or modify the attributes of the Logstore, such as the retention period.
  • To enable log analysis of Security Center, you must activate Log Service and purchase log storage capacity.
  • The default reports may be updated in later versions.
  • Only users of the Security Center Enterprise and Ultimate editions can view network logs. Users of the Security Center Anti-virus or Advanced edition cannot view network logs. On the Log Analysis page of the Security Center console, users of the Anti-virus or Advanced edition can view only security and host logs.

Regions for log storage

After you enable log analysis, Security Center automatically creates three projects that store the log data of Security Center.

The following table describes the source regions of log data to be stored in these projects.

Region of the project Source region of log data
China (Hangzhou) Regions in mainland China
Singapore (Singapore) Regions outside China
Malaysia (Kuala Lumpur) N/A