After you enable the log analysis feature, a dedicated project is created for Security Center logs in the Log Service console and a dedicated Logstore is created in the project. The full logs of Security Center are stored in the dedicated Logstore. This topic describes the log storage information that you need to know before you use the log analysis feature of Security Center.
- If the log analysis feature is not enabled, no dedicated project is created. If you use Security Center Basic or a different edition of Security Center for which you have not purchased log storage capacity, the dedicated project for Security Center logs does not exist in the Log Service console.
- If you accidentally delete the dedicated project, the The project is deleted. You must activate Log Service again. message appears, and log data in the project is deleted. To continue using the log analysis feature, perform the following operations: Log on to the Security Center console, go to the Log Analysis page, and then click Recreate a project. You cannot restore deleted log data.
After you enable the threat analysis feature, the Log analysis page displays the aggregated logs of multiple accounts and cloud services. If you want to view the original log analysis data of Security Center, click Go to the current account log analysis in the upper-right corner of the Log analysis page.
- You cannot use Log Service SDK or Log Service API to write data into a Logstore or modify the attributes of the Logstore, such as the retention period.
- To enable log analysis of Security Center, you must activate Log Service and purchase log storage capacity.
- The built-in reports may be updated in later versions.
- Security Center Enterprise and Security Center Ultimate support 16 types of logs. Security Center Anti-virus and Security Center Advanced support only 12 subtypes of host logs and security logs. Security Center Anti-virus and Security Center Advanced do not support network logs.
Regions for log storage
After you enable the log analysis feature, Log Service automatically creates projects to store the log data of Security Center.
The following table describes the source regions of log data that is stored in these projects.
|Region of the project||Source region of log data|
|China (Hangzhou)||Regions in the Chinese mainland|
|Singapore||Regions outside the Chinese mainland|