Security Center provides the log analysis feature that allows you to query and analyze logs in real time. This topic describes how to enable log analysis.
Before you use this feature, make sure that you use the Advanced, Enterprise, or Ultimate edition and have purchased log storage capacity. If you use the Basic or Anti-virus edition, upgrade Security Center to the Advanced, Enterprise, or Ultimate edition and purchase log storage capacity to use this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center. For more information about the features that each edition supports, see Features.
After you enable log analysis in the Security Center console, Log Service automatically creates a dedicated Logstore to store Security Center logs. You can view information about the Logstore in the . For more information about Logstore limits, see Limits.
- Log on to the Security Center console.
- In the left-side navigation pane, choose .
- If you have not authorized Security Center to access your cloud resources, click Authorize Immediately. Security Center must be authorized to access your cloud resources. After Security Center is authorized, Resource Access Management (RAM) automatically creates a RAM role named AliyunServiceRoleForSas. Security Center uses this RAM role to access cloud resources of your services and protect the resources. For more information, see Service-linked roles.
- In the Activate Log Analysis wizard, click Activate now.
- In the Purchase step, click Activate now.
- On the buy page of Security Center, configure the Edition and Log Analysis parameters. You must select the Advanced, Enterprise, or Ultimate edition. As required by the Cyber Security Law, logs are retained for at least 180 days. We recommend that you allocate the log storage capacity of 40 GB to each server to store logs.
- Click Buy Now.
- Read and select Security Center Agreement of Service and click Pay.
- Return to the Log Analysis page and click Log Analysis has been activated.. After you enable log analysis, you can use it to query and analyze logs.