When you use ESA, ESA captures and records system, application, and device operation logs in real time to help you monitor, analyze, and optimize your business.
What can real-time logs do
Traditional log analysis has significant delays. The process involves downloading logs, uploading them to a data warehouse, cleaning the data, and defining data models. ESA real-time log system shortens this workflow. It uses a stream data processing for raw logs and delivers them to your servers within seconds.
ESA real-time logs have the following features:
Log delivery globally in seconds: Delivers logs in seconds from over 3,200 points of presence (POPs) worldwide. This ensures data timeliness and high availability.
Flexible storage: You can deliver logs to various storage destinations. These include cloud storage services such as AWS S3 and Simple Log Service (SLS), self-managed services such as HTTP and Kafka, and other S3-compatible solutions. Choose the storage solution that best suits your needs.
Powerful log customization: You can customize log formats and content based on your business needs. The service also supports delivery sampling and field filters to ensure that log information is accurate and relevant.
Comprehensive monitoring and tools: The service fills in missing log data to ensure data integrity and continuity and protect your business. It also provides visualization dashboards. You can use real-time logs to generate log analysis reports, visualizations, and monitoring alerts. This helps you fully understand your business operations to support decision-making and optimization.
Categories of real-time logs
After you connect your business to the ESA service, you may need to analyze data such as user behavior and website health to adjust your business policies. Real-time logs are useful in the following scenarios:
Security monitoring: When your website is under attack, such as a DDoS attack, crawler activity, an exploratory attack, or other suspicious activity, you need to identify the source of the attack and create security policies.
Performance monitoring: You need to monitor ESA performance metrics, such as request latency and error rate, to troubleshoot issues.
User behavior analysis: You need to analyze user access patterns and behavior, such as the most frequently accessed content, access times, and session durations.
Business analysis and optimization: You need to analyze data such as traffic, bandwidth, resource usage, geographic distribution, and cache hit ratio to optimize your business policies.
Audit and compliance: You need audit evidence to meet regulatory requirements, such as data retention policies, user privacy, and legal compliance.
Log type | Dimension | Recorded content | Scenarios |
Edge Routine Log | Account | Records request information generated by invoking ESA edge functions in the current account. | Business analysis and optimization |
Edge Container Log | Records business logs generated by edge containers in the current account. |
| |
Access and Origin Log | Website | Records detailed request information generated when users access a website or service accelerated by ESA, and detailed information generated when an ESA node performs a back-to-origin access. |
|
Firewall Log | Records details of all malicious requests detected and blocked by the ESA Web Application Firewall (WAF). |
| |
TCP/UDP Proxy Log | Records details about content transmitted through the ESA transport-layer acceleration feature. |
| |
DNS Logs | Records detailed request information for DNS domain name resolution accelerated by ESA. |
|
You can select multiple log types based on your needs to comprehensively protect your business.
Processing real-time logs
When a client sends a request, an ESA node processes the request and records the corresponding log. The ESA log system then collects and processes the log. To facilitate flexible log retrieval and analysis, the ESA log system provides a push feature that lets you deliver logs to your storage and processing platform. ESA supports log delivery to Alibaba Cloud Simple Log Service (SLS), Alibaba Cloud Object Storage Service (OSS), AWS S3, other S3-compatible storage services, HTTP servers, or Kafka.
Availability
Your subscription plan determines the number of delivery tasks that you can create for each log type. The following tables show the number of real-time log delivery tasks supported by different plans.
The number of delivery tasks is counted separately for each log type. For example, if you subscribe to the Enterprise plan and have created five tasks for Access and Origin Log, you can still create five more tasks for Firewall Log.
Feature | Entrance | Pro | Premium | Enterprise |
Supported real-time log delivery tasks | 2 | 3 | 5 |