This topic provides answers to some frequently asked questions about logs and audit.
How do I store the O&M logs of Bastionhost in Simple Log Service?
You can deliver and store the O&M logs of Bastionhost in Simple Log Service only after you complete the required configurations in the Simple Log Service console. Historical O&M logs before the configuration cannot be delivered and stored in Simple Log Service. If you want to deliver and store O&M logs in Simple Log Service, we recommend that you complete the required configurations at the earliest opportunity.
You can configure Simple Log Service to allow Bastionhost to deliver and store O&M logs in a dedicated Logstore in Simple Log Service. The O&M logs of Bastionhost record O&M operations that O&M engineers perform by using bastion hosts. You can perform the following steps to store the O&M logs of Bastionhost in Simple Log Service:
If Simple Log Service is not activated, log on to the Simple Log Service console and activate Simple Log Service.
In the Log Application section, click the Audit & Security tab. Then, click Log Audit Service.
On the Global Configurations tab, complete the settings for collecting O&M logs.
In the Region of the Central Project drop-down list, select a region for centralized storage of logs.
Find Bastion Host in the Cloud Products column, turn on Operations Log, specify a retention period for O&M logs in the Storage Type column, and then click Save.
Optional: View the O&M logs of Bastionhost.
On the left-side navigation sidebar, click the icon.
On the left-side menu, choose Central > Bastion Host.
On the bastion_log page, view the O&M logs.
How long can I store audit videos on a bastion host?
The storage duration of audit videos varies based on actual situations. By default, a bastion host of V3.2 is allocated a specific storage space for storing audit videos. If you want to store more audit videos or increase the storage duration of audit videos, you can purchase an extra storage plan. For more information, see Upgrade a bastion host.
Bastion hosts store raw O&M protocol data. The occupied storage space depends on traffic.
About 2 MB of log data is generated each day for O&M sessions based on Secure Shell (SSH).
About 10 MB of log data is generated per hour for O&M sessions (1024 x 768 resolution) based on Remote Desktop Protocol (RDP).
What do I do if the "Unable to access this website" error message appears when I view an audit video?
The error message appears because the video playback port 9443 is blocked by Cloud Firewall. You can configure access control policies in Cloud Firewall to allow traffic on port 9443. For more information, see Configure access control policies in scenarios in which Cloud Firewall is deployed together with Bastionhost.
Can I use Bastionhost to audit file upload and download operations by using scp commands?
Yes, You can use Bastionhost to audit file upload and download operations that are performed by using scp commands. You must configure your server in advance to allow Bastionhost to audit operations that are performed by using scp commands. For more information, see Best practices for auditing scp-based operations by using Bastionhost.