cloud service code, log type code, log type, default project and default logstore - Simple Log Service

After you create a collection rule for a cloud service in the new version of Log Audit Service, Log Audit Service collects logs from the cloud service to the project that you associate with Log Audit Service. This topic describes the service codes, log type codes, log types, default projects, and default logstores of different cloud services.

Simple Log Service

Cloud service code	sls			project
Log type code	`audit_log`	`error_log`	`monitor_metric`	`operation_log`	`run_log`
Log type	Global audit logs	Global error logs	Performance metrics	Detailed logs	Operational logs
Default project to which logs are collected	log-service-`{UID}`-`{Region}`			log-service-`{UID}`-`{Region}`
Default logstore to which logs are collected	`internal-audit_log`	`internal-error_log`	`internal-monitor-metric`	`internal-operation_log`	`internal-diagnostic_log`
Additional information	You must configure Global Log Storage Region. You must set Resource Matching Mode to All Resources. When you create a project or enable CloudLens for SLS, the system automatically creates a built-in collection rule named internal_cloudlens_`{productCode}`_`{dataCode}`. For more information, see Enable the log collection feature.			None	None
Additional fee for Simple Log Service and the related cloud service	You are not charged for the default logstore to which logs are collected. The destination logstore for centralized storage in the new version of Log Audit Service is billed in the same manner as common logstores. For more information about billable items, see Billable items of pay-by-feature and Billable items of pay-by-ingested-data.			The default logstore to which logs are collected is billed in the same manner as the destination logstore for centralized storage in the new version of Log Audit Service. For more information about billable items, see Billable items of pay-by-feature and Billable items of pay-by-ingested-data.

Object Storage Service (OSS)

Cloud service code	oss
Log type code	`access_log`	`metering_log`
Log type	Access logs	Metering logs
Default project to which logs are collected	oss-log-`{UID}`-`{Region}`	oss-log-`{UID}`-`{Region}`
Default logstore to which logs are collected	`oss-log-store`	`oss-metering-log`
Additional information	None	You must configure Global Log Storage Region.
Additional fee for Simple Log Service and the related cloud service	You are charged for the default logstore to which logs are collected, and the fees are included in the bills of the cloud service. You are charged for the destination logstore for centralized storage in the new version of Log Audit Service, and the fees are included in the bills of Simple Log Service.

ApsaraDB RDS

Cloud service code	rds
Log type code	`audit_log`	`slow_log`	`error_log`	`perf_metric`
Log type	Audit logs	Slow query logs	Error logs	Performance metrics
Default project to which logs are collected	aliyun-product-data-`{UID}`-`{Region}`			aliyun-product-data-`{UID}`-`{Region}`
Default logstore to which logs are collected	`rds_audit_log`	`slow_error_log`	`slow_error_log`	`rds_metric`
Additional information	ApsaraDB RDS for MySQL: Basic Edition is not supported. ApsaraDB RDS for PostgreSQL: Basic Edition is not supported. Simple Log Service assumes the AliyunLogArchiveRole role to write logs. You must manually create the role by using your Alibaba Cloud account. For more information, see Cloud Resource Access Authorization.
Additional fee for Simple Log Service and the related cloud service	The default logstore to which logs are collected and the destination logstore for centralized storage in the new version of Log Audit Service are billed in the same manner as common logstores. For more information, see Billable items of pay-by-feature and Billable items of pay-by-ingested-data. After you enable log collection for ApsaraDB RDS, the SQL Explorer and Audit feature is automatically enabled on the ApsaraDB RDS instances that meet the requirements. ApsaraDB RDS for MySQL instances that do not run Basic Edition and ApsaraDB RDS for PostgreSQL instances that run High-availability Edition are supported. For more information about the billing of SQL Explorer and Audit feature, see Billable items. If you disabled log collection for ApsaraDB RDS audit logs in the new version of Log Audit Service and disabled automatic log collection in the CloudLens for RDS application and in the old version of Log Audit Service, and you want to disable the SQL Explorer and Audit feature, you can manually disable the SQL Explorer and Audit feature in the ApsaraDB RDS console. For more information, see Use the SQL Explorer and Audit feature.			The default logstore to which logs are collected and the destination logstore for centralized storage in the new version of Log Audit Service are billed in the same manner as common logstores. For more information, see Billable items of pay-by-feature and Billable items of pay-by-ingested-data.

PolarDB

Cloud service code	polardb
Log type code	`audit_log`	`slow_log`	`error_log`	`perf_metric`
Log type	Audit logs	Slow query logs	Error logs	Performance metrics
Default project to which logs are collected	aliyun-product-data-`{UID}`-`{Region}`			aliyun-product-data-`{UID}`-`{Region}`
Default logstore to which logs are collected	`polardb_audit_log`	`polardb_log`	`polardb_log`	`polardb_metric`
Additional information	Only PolarDB for MySQL is supported.
Additional fee for Simple Log Service and the related cloud service	You are charged for the default logstore to which logs are collected and the destination logstore for centralized storage in the new version of Log Audit Service. After you enable log collection for PolarDB, the SQL Explorer and Audit feature is automatically enabled in PolarDB for MySQL clusters. For more information about the billing of the SQL Explorer and Audit feature, see Billable items. If you disabled log collection for PolarDB audit logs in the new version of Log Audit Service and disabled automatic log collection in the CloudLens for PolarDB application and in the old version of Log Audit Service, and you want to disable the SQL Explorer and Audit feature, you can manually disable the SQL Explorer and Audit feature in the PolarDB console. For more information, see ️SQL Explorer and Audit.			The default logstore to which logs are collected and the destination logstore for centralized storage in the new version of Log Audit Service are billed in the same manner as common logstores. For more information, see Billable items of pay-by-feature and Billable items of pay-by-ingested-data.

E-MapReduce (EMR)

Cloud service code	Log type code	Log type	Default project to which logs are collected	Default logstore to which logs are collected	Additional information	Additional fee for Simple Log Service and the related cloud service
emr	yarn_log	YARN component logs	emr-log-`{UID}`-`{Region}`	emr_yarn_log	None	You are not charged for the log management feature on the EMR side. The default logstore to which logs are collected is billed in the same manner as the common logstore. For more information about billable items, see Billable items of pay-by-feature and Billable items of pay-by-ingested-data.
	host_log	Host logs		emr_host_log
	spark_log	Spark component logs		emr_spark_log
	hive_log	Hive component logs		emr_hive_log
	yarn_application_log	YARN container logs		emr_yarn_application_log
	tez_log	Tez component logs		emr_tez_log
	hdfs_log	Hadoop Distributed File System (HDFS) component logs		emr_hdfs_log
	flink_log	Flink component logs		emr_flink_log
	jindo_log	Jindo component logs		emr_jindo_log
	hbase_log	HBase component logs		emr_hbase_log
	zookeeper_log	Zookeeper component logs		zookeeper_log
	kafka_log	Kafka component logs		emr_kafka_log
	presto_log	Presto component logs		emr_presto_log
	impala_log	Impala component logs		emr_impala_log
	flume_log	Flume component logs		emr_flume_log
	starrocks_log	StarRocks component logs		emr_starrocks_log
	clickhouse_log	ClickHouse component logs		emr_clickhouse_log
	kyuubi_log	Kyuubi component logs		emr_kyuubi_log
	kudu_log	Kudu component logs		emr_kudu_log
	rss_log	EMR Remote Shuffle Service (RSS) component logs		emr_rss_log
	ranger_log	Ranger component logs		emr_ranger_log
	trino_log	Trino component logs		emr_trino_log
	ldap_log	OpenLDAP component logs		emr_ldap_log

Application Load Balancer (ALB)

Cloud service code	alb
Log type code	`access_log`
Log type	Access logs
Default project to which logs are collected	aliyun-product-data-`{UID}`-`{Region}`
Default logstore to which logs are collected	`alb_access_log`
Additional information	None
Additional fee for Simple Log Service and the related cloud service	You are charged for the default logstore to which logs are collected and the destination logstore for centralized storage in the new version of Log Audit Service. The default logstore to which logs are collected stores the access logs and the metrics that are automatically generated.

Classic Load Balancer (CLB)

Cloud service code	clb
Log type code	`access_log`
Log type	Access logs
Default project to which logs are collected	aliyun-product-data-`{UID}`-`{Region}`
Default logstore to which logs are collected	`clb_access_log`
Additional information	None
Additional fee for Simple Log Service and the related cloud service	You are charged for the default logstore to which logs are collected and the destination logstore for centralized storage in the new version of Log Audit Service.

Virtual Private Cloud (VPC)

Cloud service code	vpc
Log type code	`flow_log`
Log type	Flow logs
Default project to which logs are collected	aliyun-product-data-`{UID}`-`{Region}`
Default logstore to which logs are collected	vpc_log
Additional information	None
Additional fee for Simple Log Service and the related cloud service	If you collect flow logs, you are charged Simple Log Service usage fees and log generation fees. You are charged for the default logstore to which logs are collected and the destination logstore for centralized storage in the new version of Log Audit Service. The flow log generation fees are included in the VPC bills. For more information, see Billing of flow logs.

ApsaraDB for MongoDB

Cloud service code	dds
Log type code	`audit_log`
Log type	Audit logs
Default project to which logs are collected	nosql-`{UID}`-`{Region}`
Default logstore to which logs are collected	mongo_audit_log_standard
Additional information	Ensure that the service-linked role AliyunServiceRoleForMongoDB is created. For more information, see Service-linked role. After the audit logs are enabled for ApsaraDB for MongoDB, the slow query logs are automatically enabled. For more information, see View slow query logs.
Additional fee for Simple Log Service and the related cloud service	None

Alibaba Cloud DNS (DNS)

Cloud service code	dns
Log type code	`intranet_log`
Log type	Intranet private DNS logs
Default project to which logs are collected	aliyun-product-data-`{UID}`-`{Region}`
Default logstore to which logs are collected	dns_log
Additional information	If you set Resource Matching Mode to Instance Mode in a collection rule, the instances that you can select from the Instances drop-down list are VPCs within the current account. You must go to the DNS console of the new version to activate DNS PrivateZone for each Alibaba Cloud account.
Additional fee for Simple Log Service and the related cloud service	When you collect intranet private DNS logs, you are charged Simple Log Service usage fees and traffic analysis fees. The traffic analysis fees are included in the DNS bills. For more information, see Traffic analysis. You are charged for the default logstore to which logs are collected and the destination logstore for centralized storage in the new version of Log Audit Service.

Web Application Firewall 2.0 (WAF 2.0)

Cloud service code	waf
Log type code	`access_log`
Log type	Access logs
Default project to which logs are collected	waf-project-`{UID}`-`{Region}`
Default logstore to which logs are collected	waf-logstore
Additional information	You must set Resource Matching Mode to Attribute Mode. If you set Resource Matching Mode to Attribute Mode, you must specify the region where the default logstore resides.
Additional fee for Simple Log Service and the related cloud service	You are charged for the default logstore to which logs are collected, and the fees are included in the bills of the cloud service. You are charged for the destination logstore for centralized storage in the new version of Log Audit Service. You must enable the Simple Log Service for WAF feature in the console of the cloud service to collect cloud service logs to the default logstore. The new version of Log Audit Service collects logs to the destination logstore for centralized storage.

WAF 3.0

Cloud service code	wafnew
Log type code	`access_log`
Log type	Access logs
Default project to which logs are collected	wafnew-project-`{UID}`-`{Region}`
Default logstore to which logs are collected	wafnew-logstore
Additional information	You must set Resource Matching Mode to Attribute Mode. If you set Resource Matching Mode to Attribute Mode, you must specify the region where the default logstore resides.
Additional fee for Simple Log Service and the related cloud service	You are charged for the default logstore to which logs are collected, and the fees are included in the bills of the cloud service. You are charged for the destination logstore for centralized storage in the new version of Log Audit Service, and the fees are included in the bills of Simple Log Service. If you enable log collection for a cloud service in the console of the cloud service, the collected logs are stored in the default logstore. The new version of Log Audit Service stores transformed logs in a centralized manner.

Security Center

Cloud service code	sas
Log type code	`sas_log`
Log type	Security Center logs
Default project to which logs are collected	sas-log-`{UID}`-`{Region}`
Default logstore to which logs are collected	sas-log
Additional information	You must set Resource Matching Mode to Attribute Mode. If you set Resource Matching Mode to Attribute Mode, you must specify the region where the default logstore resides. Important Starting March 27, 2025, the delivery service for network logs, including web access logs, DNS logs, network session logs, and local DNS data, are discontinued, but previously delivered data will be preserved and available for queries. For more information, see [Notice] Updates on log analysis and CTDR features.
Additional fee for Simple Log Service and the related cloud service	You are charged for the default logstore to which logs are collected, and the fees are included in the bills of the cloud service. You are charged for the destination logstore for centralized storage in the new version of Log Audit Service, and the fees are included in the bills of Simple Log Service. If you enable log collection for a cloud service in the console of the cloud service, the collected logs are stored in the default logstore. The new version of Log Audit Service stores transformed logs in a centralized manner.

Security Center (Pay-as-you-go)

Cloud service code	Log type code	Log type	Default project to which logs are collected	Default logstore to which logs are collected	Additional information	Additional fee for Simple Log Service and the related cloud service
sasnew	http	Web access logs	sasnew-log-`{UID}`-`{Region}`	sas-log-http	You must set Resource Matching Mode to Attribute Mode. If you set Resource Matching Mode to Attribute Mode, you must specify the region where the default logstore resides. Important Starting March 27, 2025, the delivery service for network logs, including web access logs, DNS logs, network session logs, and local DNS data, are discontinued, but previously delivered data will be preserved and available for queries. For more information, see [Notice] Updates on log analysis and CTDR features.	You are charged for the default logstore to which logs are collected, and the fees are included in the bills of the cloud service. You are charged for the destination logstore for centralized storage in the new version of Log Audit Service, and the fees are included in the bills of Simple Log Service. If you enable log collection for a cloud service in the console of the cloud service, the collected logs are stored in the default logstore. The new version of Log Audit Service stores transformed logs in a centralized manner.
	session	Network session logs		sas-log-session
	dns	DNS resolution logs		sas-log-dns
	local_dns	Local DNS logs		local-dns
	snapshot_process	Process snapshot logs		aegis-snapshot-process
	snapshot_port	Network snapshot logs		aegis-snapshot-port
	snapshot_host	Account snapshot logs		aegis-snapshot-host
	login	Logon logs		aegis-log-login
	network	Network connection logs		aegis-log-network
	process	Process startup logs		aegis-log-process
	dns_query	DNS request logs		aegis-log-dns-query
	crack	Brute-force attack logs		aegis-log-crack
	client	Client event logs		aegis-log-client
	security	Vulnerability logs Baseline logs Alert logs Configuration assessment logs Network defense logs Application defense logs		sas-security-log

Anti-DDoS Origin

Cloud service code	ddosbgp
Log type code	`access_log`
Log type	Access logs
Default project to which logs are collected	ddosbgp-project--`{UID}`-`{Region}`
Default logstore to which logs are collected	ddosbgp-logstore
Additional information	You must set Resource Matching Mode to Attribute Mode. If you set Resource Matching Mode to Attribute Mode, you must specify the region where the default logstore resides.
Additional fee for Simple Log Service and the related cloud service	You are charged for the default logstore to which logs are collected, and the fees are included in the bills of the cloud service. You are charged for the destination logstore for centralized storage in the new version of Log Audit Service, and the fees are included in the bills of Simple Log Service. If you enable log collection for a cloud service in the console of the cloud service, the collected logs are stored in the default logstore. The new version of Log Audit Service stores transformed logs in a centralized manner.

Anti-DDoS Proxy (Chinese Mainland)

Cloud service code	ddoscoo
Log type code	`access_log`
Log type	Access logs
Default project to which logs are collected	ddoscoo-project-`{UID}`-`{Region}`
Default logstore to which logs are collected	ddoscoo-logstore
Additional information	You must set Resource Matching Mode to Attribute Mode. If you set Resource Matching Mode to Attribute Mode, you must specify the region where the default logstore resides.
Additional fee for Simple Log Service and the related cloud service	You are charged for the default logstore to which logs are collected, and the fees are included in the bills of the cloud service. You are charged for the destination logstore for centralized storage in the new version of Log Audit Service, and the fees are included in the bills of Simple Log Service. If you enable log collection for a cloud service in the console of the cloud service, the collected logs are stored in the default logstore. The new version of Log Audit Service stores transformed logs in a centralized manner.

Anti-DDoS Proxy (Outside Chinese Mainland)

Cloud service code	ddosdip
Log type code	`access_log`
Log type	Access logs
Default project to which logs are collected	ddosdip-project-`{UID}`-`{Region}`
Default logstore to which logs are collected	ddosdip-logstore
Additional information	You must set Resource Matching Mode to Attribute Mode. If you set Resource Matching Mode to Attribute Mode, you must specify the region where the default logstore resides.
Additional fee for Simple Log Service and the related cloud service	You are charged for the default logstore to which logs are collected, and the fees are included in the bills of the cloud service. You are charged for the destination logstore for centralized storage in the new version of Log Audit Service, and the fees are included in the bills of Simple Log Service. If you enable log collection for a cloud service in the console of the cloud service, the collected logs are stored in the default logstore. The new version of Log Audit Service stores transformed logs in a centralized manner.

Key Management Service (KMS)

Cloud service code	kms
Log type code	`audit_log`
Log type	Audit logs
Default project to which logs are collected	kms-log-`{instanceId}`
Default logstore to which logs are collected	kms_audit_log
Additional information	You must set Resource Matching Mode to Attribute Mode. If you set Resource Matching Mode to Attribute Mode, you must specify the region where the default logstore resides.
Additional fee for Simple Log Service and the related cloud service	You are charged for the default logstore to which logs are collected, and the fees are included in the bills of the cloud service. You are charged for the destination logstore for centralized storage in the new version of Log Audit Service, and the fees are included in the bills of Simple Log Service. If you enable log collection for a cloud service in the console of the cloud service, the collected logs are stored in the default logstore. The new version of Log Audit Service stores transformed logs in a centralized manner.

Cloud Firewall

Cloud service code	Applicatio defense logs
Log type code	`firewall_log`
Log type	Firewall logs
Default project to which logs are collected	cloudfirewall-project-`{UID}`-`{Region}`
Default logstore to which logs are collected	cloudfirewall-logstore
Additional information	You must set Resource Matching Mode to Attribute Mode. If you set Resource Matching Mode to Attribute Mode, you must specify the region where the default logstore resides.
Additional fee for Simple Log Service and the related cloud service	You are charged for the default logstore to which logs are collected, and the fees are included in the bills of the cloud service. You are charged for the destination logstore for centralized storage in the new version of Log Audit Service, and the fees are included in the bills of Simple Log Service. If you enable log collection for a cloud service in the console of the cloud service, the collected logs are stored in the default logstore. The new version of Log Audit Service stores transformed logs in a centralized manner.