Help Center/ SecMaster/ User Guide (Kuala Lumpur Region)/ Settings/ Log Data Collection/ Data Collection Process

Updated on 2025-06-26 GMT+08:00

View PDF

Data Collection Process

The following figure shows the log data collection process.

Figure 1 Data collection process

**Table 1** Description of the security data collection process
No.	Step	Description
1	Adding a Node	Select or purchase an ECS and install the component controller on the ECS to complete node management.
2	Installing Components	Install data collection engine Logstash on the Components tab to complete component installation.
3	Configuring Connectors	Configure the source and destination connectors. Select a connector as required and set parameters.
4	(Optional) Configuring a Parser	Configure codeless parsers on the console based on your needs.
5	Configuring a Collection Channel	Configure the connection channels, associate it with a node, and deliver the Logstash pipeline configuration to complete the data collection configuration.
6	Verifying the Collection Result	After the collection channel is configured, check whether data is collected. If logs are sent to the SecMaster pipeline, you can query the result on the SecMaster Security Analysis page.

Data Collection Configuration Removal Process

Figure 2 Data collection configuration removal process

**Table 2** Description of the data collection configuration removal process
No.	Step	Description
1	Deleting a collection channel	On the Collection Channels page, stop and delete the Logstash pipeline configuration. Note: All collection channels on related nodes must be stopped and deleted first.
2	(Optional) Deleting a parser	If a parser is configured, delete it from the Parsers tab.
3	(Optional) Deleting a data connection	If a data connection is added, delete the source and destination connectors from the Connections tab.
4	Removing a component	Delete the collection engine Logstash installed on the node and remove the component.
5	Deregistering a node	Remove the component controller to complete node deregistration. Note: Deregistering a node does not delete the ECS and endpoint resources. If the data collection function is no longer used, you need to manually release the resources.

Parent topic: Log Data Collection

Previous topic: Overview

Next topic: Adding a Node

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.