Cloud Firewall and Simple Log Service jointly launch the log analysis feature. The feature allows you to collect, query, analyze, transform, and consume traffic logs of protected assets in real time. The feature helps you monitor and protect network assets and meet compliance requirements.
Scenarios
The log analysis feature is suitable for enterprises and organizations that require network security compliance, require flexible configuration, and want to perform in-depth monitoring and real-time analysis of network traffic. The following section describes the common scenarios of the feature:
Compliance audit: Enterprises that need to comply with data protection and network security regulations can use the log analysis feature to store access logs for more than six months. This helps the enterprises meet compliance requirements for classified protection and respond to log audits.
Security analysis and emergency response: Enterprises that need to trace, analyze, and respond to security incidents can use the tools provided by the log analysis feature. This way, security teams of the enterprises can quickly identify threat sources, analyze attack patterns, and take measures to prevent potential attacks.
Data center integration: Enterprises that have self-managed data processing and computing centers and want to manage logs in a centralized manner can use Cloud Firewall to export logs to the data centers to implement centralized log management and analysis, and improve data security and management.
Performance monitoring and optimization: Enterprises can use the log analysis feature to monitor network performance in real time, and identify and diagnose issues. This helps optimize the user access experience and improve online performance and operational efficiency of your services.
Billing rules
You are charged for the log analysis feature based on the log storage duration and log storage capacity.
Cloud Firewall that uses the pay-as-you-go billing method
After you enable the log analysis feature, the fees for the feature are included in the bills of Simple Log Service instead of Cloud Firewall.
Cloud Firewall that uses the subscription billing method
For more information, see Subscription.
After Cloud Firewall delivers logs to Simple Log Service, Simple Log Service does not charge you additional fees for the Logstore dedicated to Cloud Firewall. If you perform operations such as data transformation and data shipping in the Simple Log Service console, you are charged.
If the dedicated Logstore uses the pay-by-feature billing mode, you are charged for data transformation and data shipping when you transform or ship logs in the Simple Log Service console. When you read logs in stream mode, you are charged for read traffic over the Internet. The fees are included in the bills of Simple Log Service. For more information, see Billable items of pay-by-feature.
If the dedicated Logstore uses the pay-by-ingested-data billing mode, you are not charged for data transformation or data shipping. You are charged only for read traffic over the Internet. The fees are included in the bills of Simple Log Service. For more information, see Billable items of pay-by-ingested-data.
Logstore description
After you enable the log analysis feature, Cloud Firewall automatically creates a dedicated project and a dedicated Logstore to store all log data collected by Cloud Firewall.
You can log on to the Simple Log Service console to view the project and Logstore dedicated to Cloud Firewall. Do not delete the project or Logstore. If you delete the dedicated project or Logstore, the log data is deleted and cannot be restored. Before you can continue to use the dedicated project or Logstore, you must re-enable the log analysis feature.
Limits
Cloud Firewall that uses the pay-as-you-go billing method
You can write only Cloud Firewall logs to the dedicated Logstore.
Cloud Firewall that uses the subscription billing method
The Logstore is dedicated to Cloud Firewall. The following limits are imposed on the Logstore:
You can write only Cloud Firewall logs to the dedicated Logstore. No limits are imposed for features such as query, analysis, alerting, and consumption.
You cannot change the log storage duration of the dedicated Logstore in the Simple Log Service console. You can change the log storage duration in the Cloud Firewall console.
If you have overdue payments for your Simple Log Service resources, the log analysis feature is automatically stopped. To ensure business continuity, you must complete your overdue payments within the prescribed time limit.
By default, Cloud Firewall provides fields that support indexes. You cannot specify custom fields or modify the fields. For more information about the fields, see Fields that support indexes.
The available log storage capacity must be sufficient. If the log storage capacity is exhausted, new logs cannot be stored.
NoteThe log storage usage that is displayed in the Cloud Firewall console is not updated in real time. The displayed usage does not include the usage from the previous 2 hours.
What to do next
For more information about how to enable the log analysis feature, see Enable the log analysis feature.
After you enable the log analysis feature, you can specify the log data that you want to collect, query logs, export logs, and change the destination region for log delivery. For more information, see Query and analyze logs.
You can turn on or turn off the log delivery switch, and configure the storage duration, storage region, and storage capacity of logs to ensure that the configurations for the log analysis feature meet your business requirements. For more information, see Modify log storage configurations.
You can download the collected logs to your computer or ship the logs to Object Storage Service (OSS) for storage. For more information, see Export logs.
You can grant a Resource Access Management (RAM) user the permissions to query and analyze logs. For more information, see Grant a RAM user the permissions to query and analyze logs.