Help Center/ SecMaster/ Best Practices/ Log Access and Transfer Operation Guide/ Procedure/ Step 12: Test and Verify Log Access and Transfer
Updated on 2024-11-15 GMT+08:00
View PDF
Share

Step 12: Test and Verify Log Access and Transfer

This topic describes how to test and verify that non-Huawei Cloud logs can be transferred to SecMaster.

Table 1 Test and verification scenario description

Scenario

Verification Method

Enabling SecMaster to collect logs on Huawei Cloud

Go to the Security Analysis page on the SecMaster console and check whether there are logs of cloud services with log access enabled.

Enabling SecMaster to transfer logs from SecMaster to a third-party system or product

Check whether logs are transferred to the third-party system or product.

Enabling SecMaster to collect security logs off Huawei Cloud

Verify the log access by referring to this section.

Procedure

  1. Generate logs manually.

    1. Remotely log in to the ECS prepared in (Optional) Step 1: Buy an ECS.
      • Go to the ECS console, locate the target server, and click Remote Login in the Operation column to log in to the server. For details, see Logging In to an ECS Using VNC.
      • If your server has an EIP bound, you can also use a remote management tool, such as PuTTY or Xshell, to log in to the server and install the component controller on the server as user root.
    2. Run the following command to generate logs manually:

      echo "asdfsadfsadf" > /dev/udp/0.0.0.0/1025

  2. View data in the collection channel on the SecMaster console.

    1. Log in to the management console.
    2. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
    3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
      Figure 1 Workspace management page
    4. In the navigation pane on the left, choose Settings > Collections. Then, select the Collection Channels tab.
      Figure 2 Collection channel management tab page
    5. On the Collection Channels tab, click the setting button in the upper right corner of the table and select Received and Sent.
      Figure 3 Parameters
    6. In the table, view the monitoring information of the corresponding collection channel. If there is data in the Received and Sent columns, the log access is successful.
      Figure 4 Viewing the log access status

  3. Check data in the security analysis log pipeline on the SecMaster console.
  4. In the data space navigation tree on the left, click a data space name to show the pipeline list. Click the name of the pipeline created in Procedure.

    Figure 5 Pipeline data page

  5. If data is displayed in the log pipeline, the log access is successful.
Parent topic: Procedure