This topic describes the audit operations that you can perform in the Log Audit Service application after logs are collected.

Prerequisites

  • The Log Audit Service application is configured. For more information, see Enable log collection.
  • Your account is granted the required permissions. For more information about how to grant permissions, see Use the permission assistant to grant permissions.
    • To query logs or view reports, you must grant read permissions on the Log Audit Service application and the resources of related projects to your account.
    • To create reports, configure alerts, or make secondary access configurations, you must grant read and write permissions on the Log Audit Service application and the resources of related projects to your account.

View audit reports

  1. Log on to the Log Service console.
  2. In the Log Application section, click Log Audit Service.
  3. In the left navigation sidebar, click Audit Report.
  4. Click the report that you want to view and go to the audit center.
    On the page that appears, you can view the reports. For information about how to manage a dashboard, see Overview.
    Note For Object Storage Service (OSS), Server Load Balancer (SLB), PolarDB-X 1.0 and Virtual Private Cloud (VPC), if you do not turn on Synchronization to Central Project on the Global Configurations page, you can view the reports for different regions only on the Regional tab. If you turn on Synchronization to Central Project, you can view the reports also on the Central tab.

Query audit logs

  1. Log on to the Log Service console.
  2. In the Log Application section, click Log Audit Service.
  3. In the left navigation sidebar, click Audit Query.
  4. Click the service whose audit logs you want to query and go to the query and analysis page.
    For more information about how to query and analyze data, see Query and analysis.
    Note For OSS, SLB, PolarDB-X 1.0 and VPC, if you do not turn on Synchronization to Central Project on the Global Configurations page, you can view the logs for different regions only on the Regional tab. If you turn on Synchronization to Central Project, you can view the logs also on the Central tab.

Manage Logstores

  1. Log on to the Log Service console.
  2. In the Log Application section, click Log Audit Service.
  3. Choose Audit Configurations > Access to Cloud Products > Global Configurations.
  4. Click the name of the project and go to the Logstores page.

What to do next

After you complete log audit, you can ship data to third-party systems or use the systems to consume data. The third party systems refer to systems except for Log Service.
  • Data shipping

    You can ship data to third-party systems. The systems include OSS, MaxCompute, AnalyticDB for MySQL, Time Series Database (TSDB), Splunk, and security information and event management (SIEM) tools. For more information, see Data shipping.

  • Data consumption

    You can consume log data in real time by using third-party stream processing systems. The systems include Storm, Flume, Application Real-Time Monitoring Service (ARMS), Blink, Logstash, Spark Streaming, CloudMonitor, and consumer groups. For more information, see Real-time consumption.