After you enable the log analysis feature, a dedicated project is created for Security Center logs in the Simple Log Service console and a dedicated Logstore is created in the project. The full logs of Security Center are stored in the dedicated Logstore. This topic describes the log storage information that you need to know before you use the log analysis feature of Security Center.
After you enable the log analysis feature, you can view the dedicated project for Security Center logs and the dedicated Logstore in the Simple Log Service console. The project name is in the sas-log-Alibaba Cloud account ID-Region ID format, and the Logstore is named sas-log. Do not delete the project.
If the log analysis feature is not enabled, no dedicated project will be created, and the dedicated project for Security Center logs will not appear in the Simple Log Service console.
Only if you have purchased the Security Center Anti-virus, Advanced, Enterprise, or Ultimate edition with a subscription can you enable the log analysis feature by purchasing log analysis storage capacity.
If you accidentally delete the dedicated project, the The project is deleted. You must activate Log Service again. message appears, and log data in the project is deleted. To continue using the log analysis feature, you should log on to the Security Center console, go to the Log Analysis page, and click Recreate a project. You cannot restore deleted log data.
Logstore limits
You cannot use the Simple Log Service SDK or API to write data into a Logstore or modify its attributes, including the retention period.
Regions for log storage
After you enable the log analysis feature, Simple Log Service automatically creates projects to store the log data collected by Security Center.
The following table describes the source regions of log data that is stored in these projects.
Region of the project | Source region of log data |
China (Hangzhou) | Regions in the Chinese mainland |
Singapore | Regions outside the Chinese mainland |