Updated on 2024-12-12 GMT+08:00

Enabling Log Access

Scenario

SecMaster can access logs of Huawei Cloud services with your authorization, services such as Web Application Firewall (WAF), Host Security Server (HSS), and Object Storage Service (OBS). After you authorize the access, you can manage logs centrally and search and analyze all collected logs. For details, see Log Access Supported by SecMaster.

For the first workspace of each region, most types of logs recommended by SecMaster will be automatically loaded. No manual actions are required. For non-first workspaces, you need to configure log data access manually.

You are advised to enable access to asset details, asset alerts, baseline inspection results, vulnerability data, and logs in one workspace. This will make it easier for centralized security operations and associated analysis.

This topic describes how to access logs and view where logs are stored.

Limitations and Constraints

It takes about 10 minutes for the log access settings to take effect.

Allowing SecMaster to Access Service Logs

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  5. In the navigation pane on the left, choose Settings > Data Integration.

    Figure 2 Data Integration page

  6. Locate the cloud service from which you want to collect logs, click in the Logs column to enable log access.

    To access logs of cloud services supported in the current region, click on the left of Access Service Logs.

  7. Set the lifecycle.

    By default, data is stored for 7 days. You can set the storage period as required.

  8. Set Automatically converts alarms.

    Locate the row containing the target security products. In the Automatically converts alarms column of that row, click to enable the function. After that, SecMaster will automatically convert cloud service logs to alerts when the logs meet certain alert rules. Those alerts will be displayed on the Alerts page.

    • If this function is disabled, logs that meet certain alert rules will not be converted to alerts or displayed on the Alerts page.
    • You can access host vulnerability scan results on the Vulnerabilities page of SecMaster. If such results have been accessed during data integration but this conversion function is disabled, the results will not be displayed on the Vulnerabilities page.

  9. Click Save. In the displayed dialog box, click OK.

    It takes about 10 minutes for the log access settings to take effect. After the access completes, a default data space and pipeline are created.

Viewing the Log Storage Location

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Settings > Data Integration. On the displayed Cloud Service Access tab, view the log data storage location in the Storage Location column.

    You can go to the corresponding pipeline in the target workspace to view the accessed logs.
    Figure 3 Viewing the log storage location

Related Operations

  • Canceling Data Access
    1. In the Logs column of the target cloud services, click to disable the access to cloud service logs.
    2. Click Save.
  • Editing the Data Access Lifecycle
    1. In the Lifecycle column of the target cloud services, enter the data storage period.
    2. Click Save.
  • Canceling Automatic Converting Logs to Alarms
    1. In the Automatically converts alarms column of the target cloud products, click to disable the alarms.
    2. Click Save.