Help Center/ Situation Awareness/ User Guide/ Logs
Updated on 2024-06-11 GMT+08:00
View PDF
Share

Logs

You can authorize Object Storage Service (OBS) to store SA logs in OBS buckets. This makes it easier for you to store and export SA logs securely and meet audit requirements for storing logs for 180 days.

For SA log disaster recovery, you can use Data Ingestion Service (DIS) to transmit the logs dumped to OBS buckets to your offline security information and event management (SIEM) system. You can also upload logs in the offline SIEM system to the cloud through DIS for analysis and storage.

  • With DIS, you can use a wide range of data transmission tools, such as Kafka Adapter, DIS Agent, DIS Flume Plugin, DIS Flink Connector, DIS Spark Streaming, and DIS Logstash Plugin. For details, see Using DIS.
  • Uploading logs to an OBS bucket may be unavailable in some regions.
  • OBS is billed separately. You can learn more pricing details in the OBS service.

Prerequisites

  • Your professional edition SA is available.
  • Your account must have required permissions. To manage resources, your account should have the SA FullAccess, SA ReadOnlyAccess, and Tenant Administrator permissions.

    For details, see How Do I Assign Operation Permissions to an Account?

Creating an OBS Bucket for Storing Logs

To meet the security audit requirements for storing logs for at least 180 days, you can transfer logs to an OBS bucket for long-term storage. You can also download transferred logs on the OBS console.

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Situation Awareness > Logs.
  3. In the Upload to OBS area, click to enable OBS. Figure 1 shows an example.

    Figure 1 Upload to OBS

  4. Configure related parameters. Table 1 describes the parameters.

    Table 1 Log storage parameters

    Parameter

    Description

    Bucket Name

    Select an OBS bucket.

    If no OBS bucket is available, go to the OBS console and create one.

    NOTE:
    • Only OBS buckets in the region where the current account is located can be selected.
    • Only Standard and Infrequent Access OBS buckets can be used for LTS.

    Object Name

    Name you want to use for the object.

    Storage Path

    Storage path generated based on the bucket name and object name.

  5. Click OK.

    It takes about 10 minutes for the service to upload logs to the bucket.

Other Operations

If you no longer want to store logs in an OBS bucket, in the Upload to OBS area, click to disable the function. This does not delete the logs you have uploaded to the OBS bucket.

Figure 2 Disabling uploading logs to an OBS bucket