Updated on 2024-12-30 GMT+08:00

Delivering Logs to LTS

Scenario

SecMaster can integrate logs of other cloud products, such as WAF, HSS, and CFW. For details about how to integrate, see Data Integration.

You can deliver integrated logs to Log Tank Service (LTS) for real-time decision-making and analysis, device O&M management, and service trend analysis.

This topic walks you through how to deliver integrated logs to LTS. The procedure is as follows:

Prerequisites

Step 1: Create a Data Delivery Task

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  5. In the navigation pane on the left, choose Threat Operations > Security Analysis. The security analysis page is displayed.

    Figure 2 Accessing the Security Analysis tab page

  6. In the data space navigation tree on the left, click the data space name to expand all pipelines. Next to the name of the target pipeline, click More > Deliver.

    Figure 3 Accessing data delivery settings page

  7. (Optional) Authorization is required first time you start a delivery to a specific destination type. If the destination type has been authorized, skip this step.

    Confirm the authorization information, select Agree to authorize and click OK.

  8. On the Create Delivery page, set data delivery parameters.

    • Delivery Name: Enter a data delivery name.
    • Account Type: Select Current. Only logs of the current account can be delivered to LTS.
    • Delivery Type: Select LTS.
    • Log Group: Select an LTS log group. If no log group is available, create one. For details, see Creating an LTS Log Group.
    • Log Stream: Select a destination LTS log stream. If no log stream is available, create one. For details, see Creating an LTS Log Stream.

    Other configuration parameters are generated by the system by default and do not need to be configured.

  9. Under Access Authorization, view the permissions granted in 7.

    A delivery requires the read and write permissions to access your cloud resources. A delivery task cannot access your cloud resources unless the access is authorized by you.

  10. Click OK.

Step 2: Authorize the Data Delivery

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 4 Workspace management page

  5. In the navigation pane on the left, choose Threat Operations > Security Analysis. On the Security Analysis page displayed, select the Data Delivery tab.
  6. On the Data Delivery tab, click the Cross-Tenant Permissions tab. On the page displayed, click Accept in the Operation column of the target delivery task.

    To accept authorization in batches, select all tasks to be authorized and click Accept in the upper left corner of the list.

    Figure 5 Authorization for data delivery

    After the authorization is granted, the authorization status of the target delivery task is updated to Authorized. You can go to the delivery destination to view the delivery details.

Step 3: View the Delivered Data in LTS

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Management & Governance > Log Tank Service.
  4. In the log group list on the Log Management page, locate the log group for which you want to add data delivery and click before the log group name.
  5. Click the name of the log stream selected during data delivery. The log stream details page is displayed.
  6. On the log stream details page, view the delivered logs.

Operations Related to Data Delivery Authorization

On the Cross-tenant Permissions tab page, you can select to Reject or Cancel the authorization.

Table 1 Cross-tenant permissions management

Operation

Method

Reject

In the row containing the target delivery task, click Reject in the Operation column to reject the authorization.

To reject authorization in batches, select all tasks to be rejected and click Reject in the upper left corner of the list.

Cancel

  1. In the row containing the target delivery task, click Cancel in the Operation column to cancel the authorization.

    To cancel authorization in batches, select all tasks to be canceled and click Cancel in the upper left corner of the list.

  2. In the displayed dialog box, click OK.