Help Center/ SecMaster/ User Guide/ Log Audit/ Log Audit Overview/ Checking Log Audit Overview
Updated on 2025-08-11 GMT+08:00
View PDF
Share

Checking Log Audit Overview

You can learn about the overall log audit status for the statistical period in the current workspace.

Checking Log Audit Overview

  1. Log in to the SecMaster console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  5. In the navigation pane on the left, choose Log Audit > Overview.
  6. On the overview page, view the overall log audit status.

    Table 1 Content displayed on the log audit overview page

    Parameter

    Description

    Data Scope

    Statistical period of log audit. You can select a period in the upper right corner. The options are as follows:

    • Yesterday
    • Last week
    • Last month
    • Custom: You can customize the start date and end date of the log audit report.

    Log Storage

    This area displays the log overview and log flow rate in the statistical period, including the following information:

    • Overview
      • Number of log sources and changes compared with the previous statistical period
      • Current log volume and changes compared with the previous statistical period
      • Total number of logs and changes compared with the previous statistical period
    • Log flow rate
      • Average log input rate per second
      • Average log input per second
      • Average daily records
      • Average daily log volume
      • Log change trend
      • Top 5 log sources by volume
      • Top 5 log sources by quantity

    Host Security Service (HSS) Log Audit

    Analysis of HSS security logs and alarm logs in a statistical period. You can learn of the following information:

    • Number of active servers and new active servers compared with the previous statistical period
    • Number of login source IP addresses and changes compared with the previous statistical period
    • Number of HSS alarms and changes compared with the previous statistical period
    • Top 5 active servers
    • Top 5 source IP addresses by logins
    • Top 5 servers with the most alerts by IP address
    • Top 5 Server alerts by type
    • Top 5 rare server alerts by type

    Internet Log Audit

    Analysis of NDR attack logs, traffic logs, and DDoS attack logs in a statistical period. You can learn of the following information:

    • Network Detection and Response (NDR) log audit
      • Top 5 internet-to-server traffic by source IP address
      • Top 5 server-to-internet traffic by source IP address
      • Top 5 source IP addresses by request from the Internet
      • Top 5 source IP addresses by request to the Internet
      • Top 5 network attacks by type
    • DDoS attack log audit
      • Number of DDoS attacks and changes compared with the previous statistical period
      • Number of DDoS attack source IP addresses and changes compared with the previous statistical period
      • DDoS attacks over time
      • Top 5 source IP addresses by DDoS attacks

    Application Access Log Audit

    Analysis of WAF attack logs and access logs (the core audit objects are applications, networks, and domain names) in a statistical period. You can learn of the following information:

    • Number of active domain names and new active domain names compared with the previous statistical period
    • Number of source IP addresses and changes compared with the previous statistical period
    • Number of attacks detected by WAF and changes compared with the previous statistical period
    • Number of attacks blocked by WAF and changes compared with the previous statistical period
    • Top 5 IP addresses originated the most requests reported by WAF
    • Top 5 attack source IP addresses reported by WAF
    • Top 5 IP addresses blocked the most by WAF
    • Top 5 attacks WAF blocked by type
    • Top 5 active domain names by visits

    Database Security Service (DBSS) Log Audit

    Analysis of DBSS alarm logs (core audit objects including users, databases, and operations) in a statistical period. You can learn of the following information:

    • Number of active databases and changes compared with the pervious statistical period
    • Number of active database users and changes compared with the previous statistical period
    • Number of source IP addresses included in alarms generated for databases and changes compared with the previous period
    • SQL execution types and changes compared with the previous statistical period
    • Top 5 active database IP addresses
    • Top 5 active database users
    • Top 5 SQL statements by execution times
    • Top 5 database users by source IP addresses

Parent topic: Log Audit Overview