Log Audit Service allows you to enable the log collection feature with a few clicks. This topic describes how to enable the log collection feature and perform related operations.
Prerequisites
An Alibaba Cloud account is created.
We recommend that you use a RAM user of the Alibaba Cloud account to enable log collection. The RAM user must be granted the read permissions on RAM resources and the read and write permissions on Simple Log Service resources. To grant the required permissions to the RAM user, you can attach the AliyunRAMReadOnlyAccess and AliyunLogFullAccess policies to the RAM user.
The required features are enabled for the Alibaba Cloud services from which you want to collect logs. For more information, see Supported Alibaba Cloud services.
Initially configure Log Audit Service
To enable the log collection feature, you must use the Alibaba Cloud account or the RAM user with the AliyunRAMFullAccess permissions.
Log on to the Simple Log Service console.
In the Log Application section, click the Audit & Security tab. Then, click Log Audit Service.
Complete authorization as prompted.
After you complete the authorization, Log Audit Service assumes the AliyunServiceRoleForSLSAudit service-linked role to collect logs from Alibaba Cloud services. For more information, see Manage the AliyunServiceRoleForSLSAudit service-linked role.
Enable log collection
In the left-side navigation pane, choose .
In the Region of the Central Project drop-down list, select the region of the project in which you want to centrally store the collected logs.
Chinese mainland: China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Shenzhen), and China (Hong Kong)
Outside the Chinese mainland: Singapore, Japan (Tokyo), Germany (Frankfurt), Indonesia (Jakarta), and Malaysia (Kuala Lumpur)
In the Cloud Products column, find the service for which you want to enable log collection and specify the retention period of logs.
If you want to collect Layer 7 access logs from Server Load Balancer (SLB), Layer 7 access logs from Application Load Balancer (ALB), access logs from Object Storage Service (OSS), audit logs from PolarDB-X 1.0, flow logs from Virtual Private Cloud (VPC), and internal logs from Alibaba Cloud DNS (DNS), you can turn on the corresponding switches in the Synchronization to Central Project column. After you turn on a switch in the Synchronization to Central Project column, Simple Log Service stores data in the regional project of the service only for the recommended period of time. The regional project of the service is used only as temporary storage.
Click Save.
After the configuration is complete, wait for approximately 2 minutes to view the collection status of logs on the Enable and manage log collection.
page. If an exception occurs, modify the configurations by following the on-screen instructions. For more information, see
What to do next
Enable encryption
Log Audit Service supports data encryption by using the built-in service keys of Simple Log Service. You can enable the data encryption feature to encrypt the dedicated Logstores of the Alibaba Cloud services for which log collection is enabled.
The data encryption feature is available in the China (Hohhot) region and China (Hong Kong) region.
In the left-side navigation pane, choose .
In the upper-right corner of the Global Configurations page, click Modify.
Turn on Enable Encryption and select an encryption algorithm.
ImportantAfter you select an encryption algorithm, it cannot be changed. Proceed with caution.
Click OK.
Disable log collection
If you no longer need to collect logs from an Alibaba Cloud service but you want to retain the collected logs, perform the following steps. Simple Log Service deletes logs after the retention period of the logs elapses.
After you disable log collection, Simple Log Service does not collect incremental logs. If you want to change the log retention period, make sure that log collection is enabled. If you change the period when log collection is disabled, the change does not take effect.
In the left-side navigation pane, choose .
On the Global Configurations page, click Modify in the upper-right corner.
Find the Alibaba Cloud service and turn off the switch in the Audit-Related Logs column. Then, click OK.
Delete audit resources
If you want to delete Log Audit Service resources, such as projects, Logstores, dashboards, and alerts, perform the following steps:
In the left-side navigation pane, choose .
On the Global Configurations page, click Delete Audit Resources in the upper-right corner.
In the Delete All Resources of Log Audit Service dialog box, click Disable Log Collection for Cloud Services.
In the Confirm message, click OK.
In the Delete All Resources of Log Audit Service dialog box, copy commands based on your business requirements.
If you want to delete all resources, copy all commands. If you want to delete specific resources, copy the required commands.
ImportantRun commands in sequence to delete a regional project before a central project.
Before you delete a project, wait for 1 to 2 minutes to make sure that log collection is disabled for all Alibaba Cloud services.
Sample command to delete a regional project
aliyunlog log delete_project --project_name=slsaudit-region-12****34-cn-huhehaote --region-endpoint=cn-huhehaote.log.aliyuncs.com
Sample command to delete a central project
aliyunlog log delete_project --project_name=slsaudit-center-12****34-cn-huhehaote --region-endpoint=cn-huhehaote.log.aliyuncs.com
In the preceding commands, 12****34 specifies the ID of the Alibaba Cloud account, and cn-huhehaote specifies the region of the projects. region-endpoint specifies the access endpoint of the projects. For more information, see Endpoints.
In the top navigation bar, click the icon.
On the cloudshell tab, run the commands that you copied.
The system runs the commands one by one to delete audit resources.