Help Center/ SecMaster/ User Guide (ME-Abu Dhabi Region)/ Threat Operations/ Data Delivery/ Delivering Logs to LTS
Updated on 2024-07-18 GMT+08:00
View PDF

Delivering Logs to LTS

Scenario

SecMaster can integrate logs of other cloud products, such as WAF, HSS, and CFW. For details about how to integrate, see Data Integration.

You can deliver integrated logs to Log Tank Service (LTS) for real-time decision-making and analysis, device O&M management, and service trend analysis.

This topic walks you through how to deliver integrated logs to LTS.

Prerequisites

  • Logs you want to deliver have been aggregated in SecMaster. For details, see Data Integration.
  • To deliver data to LTS, ensure there is an available log group and log streams.

Procedure

Creating a Data Delivery

  1. Log in to the management console.
  2. Click in the upper part of the page and choose Security > SecMaster.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  4. In the navigation pane on the left, choose Threat Operations > Security Analysis. The security analysis page is displayed.

    Figure 2 Accessing the Security Analysis tab page

  5. In the data space navigation tree on the left, click the data space name to expand all pipelines. Next to the name of the target pipeline, click More > Deliver.

    Figure 3 Accessing data delivery settings page

  6. (Optional) Authorization of the destination type is required for the first delivery. If the authorization has been performed, skip this step.

    Confirm the authorization information, select Agree to authorize and click OK.

  7. On the Create Delivery page, set data delivery parameters.

    • Delivery Name: Enter a data delivery name.
    • Account Type: Select Current. Only logs of the current account can be delivered to LTS.
    • Delivery Type: Select LTS.
    • Log Group: Select an LTS log group.
    • Log Stream: Select a destination LTS log stream.

    Other configuration parameters are generated by the system by default and do not need to be configured.

  8. Click OK.

Data Delivery Authorization

  1. On the Data Delivery page, click the Cross-Tenant Permissions tab. On the page displayed, click Accept in the Operation column of the target delivery task.

    To accept authorization in batches, select all tasks to be authorized and click Accept in the upper left corner of the list.

    Figure 4 Authorization for data delivery

    After the authorization is granted, the authorization status of the target delivery task is updated to Authorized. You can go to the delivery destination to view the delivery details.

Checking the Data Delivery Status

  1. Click in the upper left corner of the page and choose Management & Governance > Log Tank Service.
  2. In the log group list on the Log Management page, locate the log group for which you want to add data delivery and click before the log group name.
  3. Click the name of the log stream selected during data delivery. The log stream details page is displayed.
  4. On the log stream details page, view the delivered log information.
Parent topic: Data Delivery