After you purchase Data Security Center (DSC) Enterprise Edition, you can receive 200 GB of log storage for each database instance and 50 GB of log storage for each 1 TB Object Storage Service (OSS) storage. You can view the current storage usage, manage the storage based on your business requirements, and modify the log storage rules. For example, you can expand the storage, delete all logs in the storage, or configure storage usage alerts.
Prerequisites
The data auditing feature is enabled for the database that you want to manage. The database supports audit logs. For more information, see Set and enable the data auditing mode.
View and manage the storage usage
Log on to the DSC console.
In the left-side navigation pane, choose
.On the Storage Management page, you can view and manage the storage used to store audit logs.
View the storage usage
You can view the storage usage of archived logs, storage usage of online logs, and remaining capacity.
Online Log Storage: The size of audit logs that are stored in Simple Log Service varies based on the time range of online logs that is queried. For more information, see View audit logs.
Archived Log Storage: After you enable the automatic archiving feature, DSC compresses and archives online logs to OSS if the logs have been retained for an extended period of time. Archived logs occupy a small amount of storage space. You can view the archived logs on the Storage Management tab. For more information, see this topic.
Remaining Capacity: The remaining capacity equals the log storage capacity of DSC Enterprise Edition minus the sum of online log storage and archived log storage.
Extend the storage
If the remaining log storage capacity cannot meet your business requirements, you can click Extend Storage Capacity to go to the Upgrade/Downgrade page and purchase additional log storage. For more information about the billing, see Billing.
Delete logs
If you do not need to retain the existing audit logs, click Delete All. In the Delete Logs dialog box, select the types of logs that you want to delete, such as online logs and archived logs, and then click OK.
Configure log storage rules
DSC allows you to modify the online log retention period and log archiving configuration. You can perform the following steps to configure log storage rules.
Log on to the DSC console.
In the left-side navigation pane, choose
.On the Storage Management page, configure the management mode (Manual or Automatic) and log lifecycle based on your business requirements, and click OK.
Manual: In this mode, you must specify the retention period of online logs in days and whether to enable automatic archiving.
After you specify the retention period, online logs that exceed the specified retention period are deleted. After you enable the automatic archiving feature, online logs that are retained for more than (N - 3) days are compressed and archived if you set the online log retention period to N days. The default retention period is 90 days.
Automatic: In Automatic mode, logs are preferably stored for online queries. DSC adjusts the online query period every day based on the log volume and the total storage capacity. DSC maintains a minimum of 30 days for online query. If the online query period is insufficient, logs are automatically archived.
Log Lifecycle: Select the checkbox and specify a log deletion cycle. DSC deletes all existing audit logs after the current cycle ends. The default cycle is 180 days.
Query archived logs
You cannot directly view archived logs online. You can use the archived log query feature provided by DSC to parse and view archived logs.
Log on to the DSC console.
In the left-side navigation pane, choose
.On the Storage Management page, click Query Archived Logs in the upper-right corner.
In the Query Archived Logs dialog box, select a date range and click OK.
In the Log Parsing Records dialog box, you can view the log parsing status within the specified date range. When the log parsing status is Completed, click View in the Actions column to view the archived logs. For more information about the logs, see View audit logs.
You can also click Query Achieving Records in the upper-right corner to view the log parsing records and log parsing status in the Log Parsing Records dialog box.
References
After you set the data auditing mode for an asset, the View audit logs.
page displays the audit log of the asset. For more information, seeDSC provides default auditing rules for data assets, including database auditing rules, OSS auditing rules, and MaxCompute auditing rules. You can also create custom auditing rules. After you enable audit alert rules, DSC can identify abnormal activities, data leaks, vulnerabilities, and SQL injections in data assets based on audit logs. For more information, see Configure and enable audit alert rules.
After you enable audit alert rules, DSC reports activities that match the audit alert rules to the audit alerts module of DSC. You can handle risks based on the alerts and audit logs. For more information, see View and handle audit alerts.