检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Delivering Logs to OBS Scenario This topic walks you through how to deliver logs to an OBS bucket.
Cloud Service Log Access Supported by SecMaster SecMaster can integrate logs of multiple Huawei Cloud services, such as Web Application Firewall (WAF), Host Security Server (HSS), and Object Storage Service (OBS). You can search and analyze all collected logs in SecMaster.
Identify the classifications of data stored in ECS instances, OBS buckets, or other storage media. Ensure that a service ticket has been created for an incident. If no tickets are generated automatically, manually create one.
Possible Cause 1: The Network Between the ECS Where You Want to Install isap-agent and the OBS Bucket Storing the Agent Is Disconnected Figure 1 Disconnected network between the target ECS and OBS bucket Solution (Optional) Method 1: Connect the ECS to OBS.
Pick out the API calls that may: Access sensitive data, for example, OBS Object. Create resources, such as databases and cloud servers. Creates resources, including EC auto scaling groups.
Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region.
To store operation records for longer than seven days, configure transfer to OBS or Log Tank Service (LTS) so that you can view them in OBS buckets or LTS log groups.
OBS OperateAccess Permissions for basic OBS operations, such as viewing the bucket list, obtaining bucket metadata, listing objects in a bucket, querying bucket location, uploading objects, obtaining objects, deleting objects, and obtaining an object ACL.
Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region.
OBS Bucket Cross-Region Replication Object Storage Service (OBS) provides you with cross-region replication for disaster recovery.
Delivering Logs to an OBS Bucket You can deliver logs to an Object Storage Service (OBS) bucket. Delivering Logs to LTS You can deliver logs to Log Tank Service (LTS).
Cloud services and logs that can be interconnected with SecMaster SecMaster can integrate logs of multiple Huawei Cloud services, such as Web Application Firewall (WAF), Host Security Server (HSS), and Object Storage Service (OBS).
OBS obs This collector is used to obtain log data from an OBS bucket. For details about the configuration rules, see Table 4. Kafka kafka This collector is used to obtain Kafka network log data. For details about the configuration rules, see Table 5.
bucket-related operations that are not invoked using OBS SDKs. content_length Long Length of the request body for performing operations on OBS buckets. total_time Long Response time of the request in OBS bucket-related operations. sec-cfw-risk Fields in CFW attack event logs Table
"Effect": "Allow" }, { "Action": [ "vpc:vpcs:list", "vpc:subnets:get", "vpcep:endpoints:*" ], "Effect": "Allow" }, { "Action": [ "obs
CSS JSON and plain Transferring logs out from SecMaster TCP json UDP json Kafka json OBS json SecMaster json Parent topic: Log Access and Transfer Operation Guide
OBS and DBSS alerts Data protection You can use VPC or CFW policies based on actual attack scenarios and investigation results to disconnect attack sources from protected resources. This topic describes how to add an emergency policy.
Data Delivery Overview Delivering Logs to Other Data Pipelines Delivering Logs to OBS Delivering Logs to LTS Managing Data Delivery Parent topic: Threats
Destination Type Type of the data delivery destination, such as OBS and LTS. Destination Data delivery destination. Monitoring Data delivery monitoring status. You can click the monitoring icon to view the data consumption information. Status The status of the delivery task.
Enabling Log Access Scenario SecMaster can access logs of Huawei Cloud services with your authorization, services such as Web Application Firewall (WAF), Host Security Server (HSS), and Object Storage Service (OBS).
