Security Center provides the log analysis feature that lets you query and analyze logs in real time. This topic describes how to enable log analysis.
Prerequisites
Before you can use the log analysis feature of Security Center, you must enable the Simple Log Service feature in the Security Center console.
Ensure you have the Anti-virus, Advanced, Enterprise, or Ultimate edition of Security Center and have purchased log storage capacity. If you have the Basic edition, you need to upgrade to one of the higher editions and purchase log storage to access this feature. For details on purchasing Security Center and the features supported by each edition, see Purchase Security Center and Features.
After you enable log analysis, Simple Log Service automatically creates a dedicated Logstore to store Security Center logs. You can view the information about the dedicated Logstore in the Simple Log Service console. For more information about the limits on Logstore, see Limits.
The log analysis feature incurs additional fees, charged by Security Center when you purchase a subscription instance. Simple Log Service does not charge any fees. The log storage capacity is charged at USD 0.1/GB/month.
Procedure
Log on to the Security Center console. In the upper-left corner of the console, select the region where the assets to be protected are located: China or Outside China.
In the left navigation bar, select .
If you have not authorized Security Center to access your cloud resources, click Authorize Immediately.
This operation authorizes Security Center to access your cloud resources. After the authorization is successful, Resource Access Management (RAM) automatically creates a RAM role named AliyunServiceRoleForSas. Security Center uses this RAM role to access the cloud resources of your services and protect the resources.
On the Log Analysis page, click Activate Now.
On the Security Center purchase page, configure the following settings.
Edition: Select Anti-virus, Advanced, Enterprise, or Ultimate.
Log Analysis: Set Purchase or Not to Yes, and set the log storage capacity to purchase per month.
As required by China's Cyber Security Law, logs must be retained for at least 180 days. We recommend allocating 50 GB of log storage capacity per server for log storage.
Subscription Duration: Select a subscription duration as needed.
Read and agree to the service agreement, then click Order Now, and complete the payment.
Return to the Log Analysis page of the Security Center console, and click Getting Started.
After you enable log analysis, you can query and analyze logs.