Edge Security Acceleration (ESA) can collect system logs, application logs, or device operation logs of your website in real time. This helps monitor and analyze your business activities and tune related configurations if needed.
Categories of real-time logs
After you add your website to ESA, you may need to analyze data such as user behavior and website health status to adjust service policies in the following scenarios:
Security monitoring: Your website suffers from attacks, such as DDoS attacks, crawler attacks, exploratory attacks, or other suspicious activities, and you want to identify the attack sources and configure security policies.
Performance monitoring: You want to monitor ESA metrics, such as request latency and error rate, for troubleshooting.
User behavior analysis: You want to analyze user behavior and access patterns, such as the most frequently requested content, access time, and stay duration.
Business analysis and optimization: You want to analyze data such as traffic, bandwidth, resource usage, geographic distribution, and cache hit ratio, to optimize your service policies.
Audit and compliance: You need audit evidence to comply with regulatory requirements, such as data retention policies and user privacy regulations.
ESA offers four categories of real-time logs: Edge Routine logs, access logs, firewall logs, and TCP/UDP proxy logs.
Category | Collection scope | Content | Scenario |
Edge Routine logs | All websites in the account | Request information generated by calling ESA routines | Business analysis and optimization |
Access logs | Individual website | Detailed request information generated when users access an ESA-accelerated website or service |
|
Firewall logs | Details of all malicious requests that are detected and blocked by Web Application Firewall (WAF) of ESA |
| |
TCP/UDP proxy logs | Details about content delivery acceleration at the transport layer |
|
You can choose to collect multiple categories of logs based on your business requirements.
Real-time log processing
When a user initiates a request, the ESA point of presence (POP) processes and logs the request. The log system of ESA collects and processes the log. To facilitate the retrieval and analysis of real-time logs of your website, ESA allows you to deliver logs to Alibaba Cloud Simple Log Service (SLS), Object Storage Service (OSS), Amazon Simple Storage Service (S3), other S3-compatible storage services, HTTP servers, or Kafka. For more information, see Create a real-time log delivery task.
Feature availability
The number of delivery tasks that you can create for each log category is determined by the plan you purchased.
The number of delivery tasks is separately calculated for each log category. For example, if you purchase an Enterprise plan and have created five tasks to deliver access logs, you can still create another five tasks for firewall logs.
Item | Entrance | Pro | Premium | Enterprise |
Real-time log delivery tasks | N/A | 2 | 3 | 5 |