Help Center/ SecMaster/ User Guide/ Threats/ Data Delivery/ Delivering Logs to LTS

Updated on 2025-01-22 GMT+08:00

View PDF

Delivering Logs to LTS

Scenario

SecMaster can integrate logs of other cloud products, such as WAF, HSS, and CFW. For details about how to integrate, see Data Integration.

You can deliver integrated logs to Log Tank Service (LTS) for real-time decision-making and analysis, device O&M management, and service trend analysis.

This topic walks you through how to deliver integrated logs to LTS. The procedure is as follows:

Step 1: Create a Data Delivery Task
Step 2: Authorize the Data Delivery
Step 3: View the Delivered Data in LTS

Prerequisites

Logs you want to deliver have been aggregated in SecMaster. For details, see Data Integration.
To deliver data to LTS, ensure there is an available log group and log streams. For details, see Managing Log Groups and Managing Log Streams.

Step 1: Create a Data Delivery Task

Log in to the management console.
Click in the upper left corner of the management console and select a region or project.
Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

Figure 1 Workspace management page
In the navigation pane on the left, choose Threats > Security Analysis. The Security Analysis page is displayed.

Figure 2 Accessing the Security Analysis tab page
In the data space navigation tree on the left, click the data space name to expand all pipelines. Next to the name of the target pipeline, click More > Deliver.

Figure 3 Accessing data delivery settings page
(Optional) Authorization is required first time you start a delivery to a specific destination type. If the destination type has been authorized, skip this step.

Confirm the authorization information, select Agree to authorize and click OK.
On the Create Delivery panel, set data delivery parameters.
- Delivery Name: Enter a data delivery name.
- Account Type: Select Current. Only logs of the current account can be delivered to LTS.
- Delivery Type: Select LTS.
- Log Group: Select an LTS log group. If no log group is available, create one. For details, see Creating an LTS Log Group.
- Log Stream: Select a destination LTS log stream. If no log stream is available, create one. For details, see Creating an LTS Log Stream.
Other configuration parameters are generated by the system by default and do not need to be configured.
Under Access Authorization, view the permissions granted in 7.

A delivery requires the read and write permissions to access your cloud resources. A delivery task cannot access your cloud resources unless the access is authorized by you.
Click OK.

Step 2: Authorize the Data Delivery

Log in to the management console.
Click in the upper left corner of the management console and select a region or project.
Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

Figure 4 Workspace management page
In the navigation pane on the left, choose Threats > Security Analysis. On the Security Analysis page that is displayed, click the Data Delivery tab. The Data Delivery page is displayed.
On the Data Delivery tab, click the Cross-Tenant Permissions tab. On the page displayed, click Accept in the Operation column of the target delivery task.

To accept authorization in batches, select all tasks to be authorized and click Accept in the upper left corner above the list.

Figure 5 Authorization for data delivery

After the authorization is granted, the authorization status of the target delivery task is updated to Authorized. You can go to the delivery destination to view the delivery details.

Step 3: View the Delivered Data in LTS

Log in to the management console.
Click in the upper left corner of the management console and select a region or project.
Click in the upper left corner of the page and choose Management & Governance > Log Tank Service.
In the log group list on the Log Management page, locate the log group for which you want to add data delivery and click before the log group name.
Click the name of the log stream selected during data delivery. The log stream details page is displayed.
On the log stream details page, view the delivered logs.

Operations Related to Data Delivery Authorization

On the Cross-tenant Permissions tab page, you can select to Reject or Cancel the authorization.

**Table 1** Cross-tenant permissions management
Operation	Method
Reject	In the row containing the target delivery task, click Reject in the Operation column to reject the authorization. To reject authorization in batches, select all tasks to be rejected and click Reject in the upper left corner of the list.
Cancel	In the row containing the target delivery task, click Cancel in the Operation column to cancel the authorization. To cancel authorization in batches, select all tasks to be canceled and click Cancel in the upper left corner of the list. In the displayed dialog box, click OK.