After you purchase Data Security Center (DSC) Enterprise Edition, you can receive 200 GB of log storage for each database instance and 50 GB of log storage for each 1 TB Object Storage Service (OSS) storage. You can view the current storage usage, manage the storage based on your business requirements, and modify the log storage rules. For example, you can expand the storage, delete all logs in the storage, or configure storage usage alerts.
Prerequisites
The data auditing feature is enabled for the assets that you want to manage. The assets supports audit logs. For more information, see Enable and configure the data auditing mode.
View and manage the storage usage
Log on to the DSC console.
In the left-side navigation pane, click Log Analysis.
On the Log Analysis page, click New Version. Then, you can view and manage the storage used to store audit logs.
View the storage usage
On the Log Analysis page, click the section in the upper-right corner where information about the log storage capacity is displayed. You can view the storage usage of archived logs, storage usage of online logs, and remaining capacity.
Online Log Storage: The size of audit logs that are stored in Simple Log Service varies based on the time range in which online logs are queried. For more information, see View audit logs.
Archived Log Storage: After you enable the automatic archiving feature, DSC compresses and archives online logs to OSS if the logs have been retained for an extended period of time. Archived logs occupy a small amount of storage space. You can view the archived logs on the Storage Management tab. For more information, see Query archived logs in the topic.
Remaining Capacity: The remaining capacity equals the log storage capacity of DSC Enterprise Edition minus the sum of online log storage and archived log storage.
Extend the storage
If the remaining log storage capacity cannot meet your business requirements, you can click Extend Storage Capacity to go to the Upgrade/Downgrade page and purchase additional log storage capacity. For more information about billing, see Billing overview.
Delete logs
If you do not want to retain the existing audit logs, click Delete All. In the Delete Logs dialog box, select the types of logs that you want to delete, such as online logs and archived logs, and then click OK.
Configure storage usage alerts
If you want to receive alerts when the remaining log storage capacity is low, click Alert to go to the page and create alert rules on the Alert notification tab. For more information, see Configure email and text message alert notifications and Configure DingTalk chatbot alert notifications.
Configure log storage rules
DSC allows you to modify the online log retention period and log archiving configuration. You can perform the following operations to configure log storage rules.
Log on to the DSC console.
In the left-side navigation pane, click Log Analysis.
In the upper-right corner of the Log Analysis page, click Log Storage Management.
In the Log Storage Management section of the panel that appears, configure the management mode (Manual or Automatic) and log lifecycle based on your business requirements, and click OK.
Manual: In this mode, you must specify the retention period of online logs in days and whether to enable automatic archiving.
After you specify the retention period, online logs that exceed the specified retention period are deleted. After you enable the automatic archiving feature, online logs that are retained for more than (N - 3) days are compressed and archived if you set the online log retention period to N days. The default retention period is 90 days.
Automatic: In Automatic mode, logs are preferably stored for online queries. DSC adjusts the online query period every day based on the log volume and the total storage capacity. DSC maintains a minimum of 30 days for online query. If the online query period is insufficient, logs are automatically archived.
Log Lifecycle: Select the checkbox and specify a log deletion cycle. DSC deletes all existing audit logs after the current cycle ends. The default cycle is 180 days.
Query archived logs
You cannot directly view archived logs online. You can use the archived log query feature provided by DSC to parse and view archived logs.
Log on to the DSC console.
In the left-side navigation pane, click Log Analysis.
In the upper-right corner of the Log Analysis page, click Log Storage Management.
In the Log Storage Management panel, click Query Archived Logs.
In the Query Archived Logs dialog box, select a date range and click OK.
In the Log Parsing Records dialog box, you can view the log parsing status within the specified date range. When the log parsing status is Completed, click View in the Actions column to view the archived logs. For more information about the logs, see View audit logs.
You can click Query Achieving Records to view the log parsing records and log parsing status in the Log Parsing Records dialog box.
References
After you configure the data auditing mode for an asset, you can go to the Log Analysis page to view the audit log of the asset. For more information, see View audit logs.
DSC provides default auditing rules for data assets, including database auditing rules, OSS auditing rules, and MaxCompute auditing rules. You can also create custom auditing rules. After audit alert rules are enabled, DSC can identify abnormal activities, data leaks, vulnerabilities, and SQL injections in data assets based on audit logs. For more information, see Configure and enable audit alert rules.
After audit alert rules are enabled, DSC reports activities that match the audit alert rules to the audit alerts module of DSC. You can handle the risks based on the alerts and audit logs. For more information, see View and handle audit alerts.