cloud service code, log type code, log type, default project and default Logstore - Simple Log Service

After you create a collection rule for a cloud service in the new version of Log Audit Service, Log Audit Service collects logs from the cloud service to the project that you associate with Log Audit Service. This topic describes the service codes, log type codes, log types, default projects, and default Logstores of different cloud services.

Simple Log Service

Cloud service code	sls			project
Log type code	`audit_log`	`error_log`	`monitor_metric`	`operation_log`	`run_log`
Log type	Global audit logs	Global error logs	Performance metrics	Detailed logs	Operational logs
Default project to which logs are collected	log-service-`{UID}`-`{Region}`			log-service-`{UID}`-`{Region}`
Default Logstore to which logs are collected	`internal-audit_log`	`internal-error_log`	`internal-monitor-metric`	`internal-operation_log`	`internal-diagnostic_log`
Additional information	You must configure Global Log Storage Region. You must set Resource Matching Mode to All Resources. When you create a project or enable CloudLens for SLS, the system automatically creates a built-in collection rule named internal_cloudlens_`{productCode}`_`{dataCode}`. For more information, see Enable the log collection feature.			None	None
Additional fee for Simple Log Service and the related cloud service	You are not charged for the default Logstore to which logs are collected. The destination Logstore for centralized storage in the new version of Log Audit Service is billed in the same manner as common Logstores. For more information about billable items, see Billable items of pay-by-feature and Billable items of pay-by-ingested-data.			The default Logstore to which logs are collected is billed in the same manner as the destination Logstore for centralized storage in the new version of Log Audit Service. For more information about billable items, see Billable items of pay-by-feature and Billable items of pay-by-ingested-data.

Object Storage Service (OSS)

Cloud service code	oss
Log type code	`access_log`	`metering_log`
Log type	Access logs	Metering logs
Default project to which logs are collected	oss-log-`{UID}`-`{Region}`	oss-log-`{UID}`-`{Region}`
Default Logstore to which logs are collected	`oss-log-store`	`oss-metering-log`
Additional information	None	You must configure Global Log Storage Region.
Additional fee for Simple Log Service and the related cloud service	You are charged for the default Logstore to which logs are collected, and the fees are included in the bills of the cloud service. You are charged for the destination Logstore for centralized storage in the new version of Log Audit Service, and the fees are included in the bills of Simple Log Service.

ApsaraDB RDS

Cloud service code	rds
Log type code	`audit_log`	`slow_log`	`error_log`	`perf_metric`
Log type	Audit logs	Slow query logs	Error logs	Performance metrics
Default project to which logs are collected	aliyun-product-data-`{UID}`-`{Region}`			aliyun-product-data-`{UID}`-`{Region}`
Default Logstore to which logs are collected	`rds_audit_log`	`slow_error_log`	`slow_error_log`	`rds_metric`
Additional information	ApsaraDB RDS for MySQL: Basic Edition is not supported. ApsaraDB RDS for PostgreSQL: Basic Edition is not supported. Simple Log Service assumes the AliyunLogArchiveRole role to write logs. You must manually create the role by using your Alibaba Cloud account. For more information, see Cloud Resource Access Authorization.
Additional fee for Simple Log Service and the related cloud service	The default Logstore to which logs are collected and the destination Logstore for centralized storage in the new version of Log Audit Service are billed in the same manner as common Logstores. For more information, see Billable items of pay-by-feature and Billable items of pay-by-ingested-data. After you enable log collection for ApsaraDB RDS, the SQL Explorer and Audit feature is automatically enabled on the ApsaraDB RDS instances that meet the requirements. ApsaraDB RDS for MySQL instances that do not run Basic Edition and ApsaraDB RDS for PostgreSQL instances that run High-availability Edition are supported. For more information about the billing of SQL Explorer and Audit feature, see Billable items. If you disabled log collection for ApsaraDB RDS audit logs in the new version of Log Audit Service and disabled automatic log collection in the CloudLens for RDS application and in the old version of Log Audit Service, and you want to disable the SQL Explorer and Audit feature, you can manually disable the SQL Explorer and Audit feature in the ApsaraDB RDS console. For more information, see Use the SQL Explorer and Audit feature.			The default Logstore to which logs are collected and the destination Logstore for centralized storage in the new version of Log Audit Service are billed in the same manner as common Logstores. For more information, see Billable items of pay-by-feature and Billable items of pay-by-ingested-data.

PolarDB

Cloud service code	polardb
Log type code	`audit_log`	`slow_log`	`error_log`	`perf_metric`
Log type	Audit logs	Slow query logs	Error logs	Performance metrics
Default project to which logs are collected	aliyun-product-data-`{UID}`-`{Region}`			aliyun-product-data-`{UID}`-`{Region}`
Default Logstore to which logs are collected	`polardb_audit_log`	`polardb_log`	`polardb_log`	`polardb_metric`
Additional information	Only PolarDB for MySQL is supported.
Additional fee for Simple Log Service and the related cloud service	You are charged for the default Logstore to which logs are collected and the destination Logstore for centralized storage in the new version of Log Audit Service. After you enable log collection for PolarDB, the SQL Explorer and Audit feature is automatically enabled in PolarDB for MySQL clusters. For more information about the billing of the SQL Explorer and Audit feature, see Billable items. If you disabled log collection for PolarDB audit logs in the new version of Log Audit Service and disabled automatic log collection in the CloudLens for PolarDB application and in the old version of Log Audit Service, and you want to disable the SQL Explorer and Audit feature, you can manually disable the SQL Explorer and Audit feature in the PolarDB console. For more information, see ️SQL Explorer and Audit.			The default Logstore to which logs are collected and the destination Logstore for centralized storage in the new version of Log Audit Service are billed in the same manner as common Logstores. For more information, see Billable items of pay-by-feature and Billable items of pay-by-ingested-data.

Application Load Balancer (ALB)

Cloud service code	alb
Log type code	`access_log`
Log type	Access logs
Default project to which logs are collected	aliyun-product-data-`{UID}`-`{Region}`
Default Logstore to which logs are collected	`alb_access_log`
Additional information	None
Additional fee for Simple Log Service and the related cloud service	You are charged for the default Logstore to which logs are collected and the destination Logstore for centralized storage in the new version of Log Audit Service. The default Logstore to which logs are collected stores the access logs and the metrics that are automatically generated.

Classic Load Balancer (CLB)

Cloud service code	clb
Log type code	`access_log`
Log type	Access logs
Default project to which logs are collected	aliyun-product-data-`{UID}`-`{Region}`
Default Logstore to which logs are collected	`clb_access_log`
Additional information	None
Additional fee for Simple Log Service and the related cloud service	You are charged for the default Logstore to which logs are collected and the destination Logstore for centralized storage in the new version of Log Audit Service.

Virtual Private Cloud (VPC)

Cloud service code	vpc
Log type code	`flow_log`
Log type	Flow logs
Default project to which logs are collected	aliyun-product-data-`{UID}`-`{Region}`
Default Logstore to which logs are collected	vpc_log
Additional information	None
Additional fee for Simple Log Service and the related cloud service	If you collect flow logs, you are charged Simple Log Service usage fees and log generation fees. You are charged for the default Logstore to which logs are collected and the destination Logstore for centralized storage in the new version of Log Audit Service. The flow log generation fees are included in the VPC bills. For more information, see Billing of flow logs.

Alibaba Cloud DNS (DNS)

Cloud service code	dns
Log type code	`intranet_log`
Log type	Intranet private DNS logs
Default project to which logs are collected	aliyun-product-data-`{UID}`-`{Region}`
Default Logstore to which logs are collected	dns_log
Additional information	If you set Resource Matching Mode to Instance Mode in a collection rule, the instances that you can select from the Instances drop-down list are VPCs within the current account. You must go to the DNS console of the new version to activate DNS PrivateZone for each Alibaba Cloud account.
Additional fee for Simple Log Service and the related cloud service	When you collect intranet private DNS logs, you are charged Simple Log Service usage fees and traffic analysis fees. The traffic analysis fees are included in the DNS bills. For more information, see Traffic analysis. You are charged for the default Logstore to which logs are collected and the destination Logstore for centralized storage in the new version of Log Audit Service.

Web Application Firewall 2.0 (WAF 2.0)

Cloud service code	waf
Log type code	`access_log`
Log type	Access logs
Default project to which logs are collected	waf-project-`{UID}`-`{Region}`
Default Logstore to which logs are collected	waf-logstore
Additional information	You must set Resource Matching Mode to Attribute Mode. If you set Resource Matching Mode to Attribute Mode, you must specify the region where the default Logstore resides.
Additional fee for Simple Log Service and the related cloud service	You are charged for the default Logstore to which logs are collected, and the fees are included in the bills of the cloud service. You are charged for the destination Logstore for centralized storage in the new version of Log Audit Service. You must enable the Simple Log Service for WAF feature in the console of the cloud service to collect cloud service logs to the default Logstore. The new version of Log Audit Service collects logs to the destination Logstore for centralized storage.

WAF 3.0

Cloud service code	wafnew
Log type code	`access_log`
Log type	Access logs
Default project to which logs are collected	wafnew-project-`{UID}`-`{Region}`
Default Logstore to which logs are collected	wafnew-logstore
Additional information	You must set Resource Matching Mode to Attribute Mode. If you set Resource Matching Mode to Attribute Mode, you must specify the region where the default Logstore resides.
Additional fee for Simple Log Service and the related cloud service	You are charged for the default Logstore to which logs are collected, and the fees are included in the bills of the cloud service. You are charged for the destination Logstore for centralized storage in the new version of Log Audit Service, and the fees are included in the bills of Simple Log Service. If you enable log collection for a cloud service in the console of the cloud service, the collected logs are stored in the default Logstore. The new version of Log Audit Service stores transformed logs in a centralized manner.

Security Center

Cloud service code	sas
Log type code	`sas_log`
Log type	Security Center logs
Default project to which logs are collected	sas-log-`{UID}`-`{Region}`
Default Logstore to which logs are collected	sas-log
Additional information	You must set Resource Matching Mode to Attribute Mode. If you set Resource Matching Mode to Attribute Mode, you must specify the region where the default Logstore resides.
Additional fee for Simple Log Service and the related cloud service	You are charged for the default Logstore to which logs are collected, and the fees are included in the bills of the cloud service. You are charged for the destination Logstore for centralized storage in the new version of Log Audit Service, and the fees are included in the bills of Simple Log Service. If you enable log collection for a cloud service in the console of the cloud service, the collected logs are stored in the default Logstore. The new version of Log Audit Service stores transformed logs in a centralized manner.

Security Center (Pay-as-you-go)

Cloud service code	Log type code	Log type	Default project to which logs are collected	Default Logstore to which logs are collected	Additional information	Additional fee for Simple Log Service and the related cloud service
sasnew	http	Web access logs	sasnew-log-`{UID}`-`{Region}`	sas-log-http	You must set Resource Matching Mode to Attribute Mode. If you set Resource Matching Mode to Attribute Mode, you must specify the region where the default Logstore resides.	You are charged for the default Logstore to which logs are collected, and the fees are included in the bills of the cloud service. You are charged for the destination Logstore for centralized storage in the new version of Log Audit Service, and the fees are included in the bills of Simple Log Service. If you enable log collection for a cloud service in the console of the cloud service, the collected logs are stored in the default Logstore. The new version of Log Audit Service stores transformed logs in a centralized manner.
	session	Network session logs		sas-log-session
	dns	DNS resolution logs		sas-log-dns
	local_dns	Local DNS logs		local-dns
	snapshot_process	Process snapshot logs		aegis-snapshot-process
	snapshot_port	Network snapshot logs		aegis-snapshot-port
	snapshot_host	Account snapshot logs		aegis-snapshot-host
	login	Logon logs		aegis-log-login
	network	Network connection logs		aegis-log-network
	process	Process startup logs		aegis-log-process
	dns_query	DNS request logs		aegis-log-dns-query
	crack	Brute-force attack logs		aegis-log-crack
	client	Client event logs		aegis-log-client
	security	Vulnerability logs Baseline logs Alert logs Configuration assessment logs Network defense logs Application defense logs		sas-security-log

Anti-DDoS Origin

Cloud service code	ddosbgp
Log type code	`access_log`
Log type	Access logs
Default project to which logs are collected	ddosbgp-project--`{UID}`-`{Region}`
Default Logstore to which logs are collected	ddosbgp-logstore
Additional information	You must set Resource Matching Mode to Attribute Mode. If you set Resource Matching Mode to Attribute Mode, you must specify the region where the default Logstore resides.
Additional fee for Simple Log Service and the related cloud service	You are charged for the default Logstore to which logs are collected, and the fees are included in the bills of the cloud service. You are charged for the destination Logstore for centralized storage in the new version of Log Audit Service, and the fees are included in the bills of Simple Log Service. If you enable log collection for a cloud service in the console of the cloud service, the collected logs are stored in the default Logstore. The new version of Log Audit Service stores transformed logs in a centralized manner.

Anti-DDoS Proxy (Chinese Mainland)

Cloud service code	ddoscoo
Log type code	`access_log`
Log type	Access logs
Default project to which logs are collected	ddoscoo-project-`{UID}`-`{Region}`
Default Logstore to which logs are collected	ddoscoo-logstore
Additional information	You must set Resource Matching Mode to Attribute Mode. If you set Resource Matching Mode to Attribute Mode, you must specify the region where the default Logstore resides.
Additional fee for Simple Log Service and the related cloud service	You are charged for the default Logstore to which logs are collected, and the fees are included in the bills of the cloud service. You are charged for the destination Logstore for centralized storage in the new version of Log Audit Service, and the fees are included in the bills of Simple Log Service. If you enable log collection for a cloud service in the console of the cloud service, the collected logs are stored in the default Logstore. The new version of Log Audit Service stores transformed logs in a centralized manner.

Anti-DDoS Proxy (Outside Chinese Mainland)

Cloud service code	ddosdip
Log type code	`access_log`
Log type	Access logs
Default project to which logs are collected	ddosdip-project-`{UID}`-`{Region}`
Default Logstore to which logs are collected	ddosdip-logstore
Additional information	You must set Resource Matching Mode to Attribute Mode. If you set Resource Matching Mode to Attribute Mode, you must specify the region where the default Logstore resides.
Additional fee for Simple Log Service and the related cloud service	You are charged for the default Logstore to which logs are collected, and the fees are included in the bills of the cloud service. You are charged for the destination Logstore for centralized storage in the new version of Log Audit Service, and the fees are included in the bills of Simple Log Service. If you enable log collection for a cloud service in the console of the cloud service, the collected logs are stored in the default Logstore. The new version of Log Audit Service stores transformed logs in a centralized manner.

Cloud Firewall

Cloud service code	Applicatio defense logs
Log type code	`firewall_log`
Log type	Firewall logs
Default project to which logs are collected	cloudfirewall-project-`{UID}`-`{Region}`
Default Logstore to which logs are collected	cloudfirewall-logstore
Additional information	You must set Resource Matching Mode to Attribute Mode. If you set Resource Matching Mode to Attribute Mode, you must specify the region where the default Logstore resides.
Additional fee for Simple Log Service and the related cloud service	You are charged for the default Logstore to which logs are collected, and the fees are included in the bills of the cloud service. You are charged for the destination Logstore for centralized storage in the new version of Log Audit Service, and the fees are included in the bills of Simple Log Service. If you enable log collection for a cloud service in the console of the cloud service, the collected logs are stored in the default Logstore. The new version of Log Audit Service stores transformed logs in a centralized manner.