Cloud Firewall and Simple Log Service jointly launch the log analysis feature. The feature allows you to collect, query, analyze, transform, and consume traffic logs of protected assets in real time. The feature helps you monitor and protect network assets and meet compliance requirements. This topic describes how to enable the log analysis feature in the Cloud Firewall console and collect traffic logs to Simple Log Service.
Prerequisites
The
AliyunServiceRoleForCloudFWservice-linked role is created. For more information, see Authorize Cloud Firewall to access other cloud resources.If you want to use a Resource Access Management (RAM) user to query and analyze Cloud Firewall logs, make sure that the required permissions are granted to the RAM user. For more information, see Grant a RAM user the permissions to query and analyze logs of Cloud Firewall.
Supported editions
The log analysis feature is available only in Premium Edition, Enterprise Edition, and Ultimate Edition of Cloud Firewall that uses the subscription billing method. The log analysis feature is unavailable in Cloud Firewall that uses the pay-as-you-go billing method.
Procedure
If you do not know the actual traffic condition when you create an access control policy, you can set the policy action to Monitor. For more information about the actions that are supported in access control policies, see Policy actions. If you set the policy action to Monitor, traffic is allowed when the policy is hit. You can observe traffic for a specific period of time and change the policy action to Allow or Deny based on your business requirements. You can view the traffic data on the Traffic Logs page. For more information, see Log audit.
Visit the Cloud Firewall buy page.
Set the Log Analysis parameter to Yes, configure the Log Storage parameter, click Buy Now, and then complete the payment.
For more information, see Subscription.
Log on to the Cloud Firewall console.
In the left-side navigation pane, choose .
Click Enable Now to enable the log analysis feature.
For more information about the types of Cloud Firewall logs, see Supported log types.
Related operations
Operation | Description |
Disable the log delivery feature | On the Logs tab of the Log Analysis page, click Log Delivery and disable the log delivery feature for specific types of logs. Important After you disable the log delivery feature, your project and the logs that are delivered to Simple Log Service are not automatically deleted. To prevent unwanted fees after you disable the feature, we recommend that you manually delete the project in the Simple Log Service console. For more information, see Delete a project. |
Modify log storage configurations | Modify the configurations related to log storage. For example, change log types, log storage regions, and log retention periods, manage log storage usage, and delete logs. For more information, see Modify log storage configurations. Warning
|
References
You can query and analyze collected logs in real time to monitor traffic exceptions and protect your assets. For more information, see Query and analyze logs.
To prevent the issue that new logs cannot be collected due to insufficient log storage, you must monitor the log storage usage. We recommend that you configure notifications for Log Storage Capacity. For more information, see Configure notifications.
Can I export the traffic logs of Cloud Firewall to a third-party system?
After you collect traffic logs to Simple Log Service, you can query, analyze, download, ship, and transform the logs. You can also configure alerts for the logs. For more information, see Common operations on logs of Alibaba Cloud services.