Verifying Log Collection

Scenarios

This topic describes how to verify that third-party logs can be forwarded to SecMaster.

Verifying Log Collection

1. View data in the collection channel on the SecMaster console.
   1. Log in to the management console.
   2. Click in the upper part of the page and choose Security > SecMaster.
   3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
   4. In the navigation pane on the left, choose Settings > Collections. Then, select the Collection Channels tab.
   5. On the Collection Channels tab, click the setting button in the upper right corner of the table and select Received and Sent.
   6. In the table, view the monitoring information of the corresponding collection channel. If there is data in the Received and Sent columns, the log access is successful.

2. Check data in the security analysis log pipeline on the SecMaster console.
   1. In the navigation pane on the left, choose Threats > Security Analysis. The Security Analysis page is displayed.
   2. In the data space navigation tree on the left, click a data space name to show the pipeline list. Click the name of the target pipeline. The pipeline data search page is displayed on the right.
   3. If data is displayed in the log pipeline, the log access is successful.

3. View data in the security data table on the SecMaster console.
   1. In the navigation pane on the left, choose Threats > Security Analysis.

   2. On the Tables page, click the name of the target index data table to go to the query and analysis page.
   3. If data is displayed on the data table query and analysis page, the log access is successful.