All Products
Search
Document Center

Simple Log Service:Usage notes

Last Updated:Aug 04, 2023

Web Application Firewall (WAF) allows you to query, analyze, transform, and consume logs by using Simple Log Service. After you enable the log analysis feature, the access logs and anti-attack logs of your website domain are collected in real time. This feature helps you better protect and manage your website. This topic describes the assets, billing, and limits of using the log analysis feature.

Assets

Warning

We recommend that you do not delete the projects or Logstores that are related to WAF logs. If you delete the projects or Logstores, existing logs are deleted, and new logs cannot be delivered to Simple Log Service.

  • Dedicated projects and Logstores

    • If you use a WAF instance that resides in the Chinese mainland, Simple Log Service creates a project named waf-project-Alibaba Cloud account ID-cn-hangzhou and a Logstore named waf-logstore by default after the Simple Log Service for WAF feature is enabled.

    • If you use a WAF instance that resides outside the Chinese mainland, Simple Log Service creates a project named waf-project-Alibaba Cloud account ID-ap-southeast-1 and a Logstore named waf-logstore by default after the Simple Log Service for WAF feature is enabled.

    Important

    If you have enabled the pay-by-ingested-data billing mode, Simple Log Service creates a dedicated Logstore that uses the pay-by-ingested-data billing mode by default. If you want to switch the billing mode from pay-by-ingested-data to pay-by-feature, you can modify the configuration of the Logstore. For more information, see Modify the configurations of a Logstore.

  • Dedicated dashboards

    By default, Simple Log Service generates three dashboards after you enable the log analysis feature.

    Note

    We recommend that you do not make changes to the dedicated dashboards because the dashboards may be upgraded or updated at any time. You can create a custom dashboard to visualize query results. For more information, see Create a dashboard.

    Dashboard

    Description

    Operation Center

    The Operation Center dashboard shows the details of website operation, traffic, and attacks. The metrics of website operation include Valid Request Ratio, Valid Request Traffic Ratio, Peak Attack Size, Attack Traffic, and Attack Count. The traffic metrics include Peak Network In, Peak Network Out, Received Requests, Traffic Received, and Traffic Out.

    Access Center

    The Access Center dashboard shows the basic access details, the access trend, the distribution of visitors, and other information. The metrics of basic access details include the number of page views (PVs) and the number of unique visitors (UVs).

    Security Center

    The Security Center dashboard shows the attack metrics, attack types, attack trend, attacker distribution, and other information.

Billing

You are charged for the Simple Log Service for WAF feature based on the log retention period and log storage capacity.

Limits

  • If you have overdue payments in Simple Log Service, you can no longer use the log analysis feature.

  • Only the data that is generated in WAF can be written to the dedicated Logstore. This limit does not apply to other log operations such as query, statistics, alerts, and consumption.

  • The dedicated Logstore cannot be deleted. The data retention period of the dedicated Logstore cannot be changed.

  • You must ensure that the available storage space of WAF logs is sufficient. After the log storage capacity is exhausted, logs can no longer be stored.

    Note

    You can view the usage of log storage space in the WAF console. However, the usage is not updated in real time. The displayed usage does not include the usage in the last two hours.

Benefits

  • Classified protection compliance: The website access logs are stored for more than six months. Requirements of classified protection compliance are met.

  • Ease of use: To enable the log analysis feature, you only need to perform a few simple operations. The feature ensures that the access logs and anti-attack logs of your website domain are collected in real time. You can customize the log storage capacity and duration. You can select a website for log collection.

  • Real-time analysis: The WAF console provides the real-time log analysis service and out-of-the-box dashboards. The dashboards provide insights into the visits to and attacks on your website.

  • Real-time monitoring: You can monitor your website by using specific metrics. You can customize alert settings to receive alerts almost in real time. This allows you to handle the exceptions of critical business in a timely manner.

  • Integration: You can use Simple Log Service together with other data solutions such as real-time compute, cloud storage, and visualization to maximize the value of your business data.

Scenarios

  • Track anti-attack logs and trace the source of security threats.

  • Monitor web requests in real time and view traffic trends.

  • Obtain information about the efficiency of security operations and respond to issues in a timely manner.

  • Export security logs to data centers.