Checking Log Audit Overview
You can learn about the overall log audit status for the statistical period in the current workspace.
Checking Log Audit Overview
- Log in to the SecMaster console.
- Click
in the upper left corner of the management console and select a region or project.
- Click
in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 1 Workspace management page
- In the navigation pane on the left, choose .
- On the overview page, view the overall log audit status.
Table 1 Content displayed on the log audit overview page Parameter
Description
Data Scope
Statistical period of log audit. You can select a period in the upper right corner. The options are as follows:
- Yesterday
- Last week
- Last month
- Custom: You can customize the start date and end date of the log audit report.
Log Storage
This area displays the log overview and log flow rate in the statistical period, including the following information:
- Overview
- Number of log sources and changes compared with the previous statistical period
- Current log volume and changes compared with the previous statistical period
- Total number of logs and changes compared with the previous statistical period
- Log flow rate
- Average log input rate per second
- Average log input per second
- Average daily records
- Average daily log volume
- Log change trend
- Top 5 log sources by volume
- Top 5 log sources by quantity
Host Security Service (HSS) Log Audit
Analysis of HSS security logs and alarm logs in a statistical period. You can learn of the following information:
- Number of active servers and new active servers compared with the previous statistical period
- Number of login source IP addresses and changes compared with the previous statistical period
- Number of HSS alarms and changes compared with the previous statistical period
- Top 5 active servers
- Top 5 source IP addresses by logins
- Top 5 servers with the most alerts by IP address
- Top 5 Server alerts by type
- Top 5 rare server alerts by type
Internet Log Audit
Analysis of NDR attack logs, traffic logs, and DDoS attack logs in a statistical period. You can learn of the following information:
- Network Detection and Response (NDR) log audit
- Top 5 internet-to-server traffic by source IP address
- Top 5 server-to-internet traffic by source IP address
- Top 5 source IP addresses by request from the Internet
- Top 5 source IP addresses by request to the Internet
- Top 5 network attacks by type
- DDoS attack log audit
- Number of DDoS attacks and changes compared with the previous statistical period
- Number of DDoS attack source IP addresses and changes compared with the previous statistical period
- DDoS attacks over time
- Top 5 source IP addresses by DDoS attacks
Application Access Log Audit
Analysis of WAF attack logs and access logs (the core audit objects are applications, networks, and domain names) in a statistical period. You can learn of the following information:
- Number of active domain names and new active domain names compared with the previous statistical period
- Number of source IP addresses and changes compared with the previous statistical period
- Number of attacks detected by WAF and changes compared with the previous statistical period
- Number of attacks blocked by WAF and changes compared with the previous statistical period
- Top 5 IP addresses originated the most requests reported by WAF
- Top 5 attack source IP addresses reported by WAF
- Top 5 IP addresses blocked the most by WAF
- Top 5 attacks WAF blocked by type
- Top 5 active domain names by visits
Database Security Service (DBSS) Log Audit
Analysis of DBSS alarm logs (core audit objects including users, databases, and operations) in a statistical period. You can learn of the following information:
- Number of active databases and changes compared with the pervious statistical period
- Number of active database users and changes compared with the previous statistical period
- Number of source IP addresses included in alarms generated for databases and changes compared with the previous period
- SQL execution types and changes compared with the previous statistical period
- Top 5 active database IP addresses
- Top 5 active database users
- Top 5 SQL statements by execution times
- Top 5 database users by source IP addresses
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot