Simple Log Service:WAF 3.0 logs

The Web Application Firewall (WAF) logging feature enables the collection and storage of web access and attack protection logs for protected objects, such as cloud service instances and domain names. Leveraging Alibaba Cloud Simple Log Service, it offers capabilities like query analysis, statistical charts, alert services, integration with downstream computing, and data delivery, allowing you to concentrate on analysis and avoid the complexities of query and data organization.

Asset details

• WAF Subscription Instance

  Upon enabling the logging feature, you can choose a region for log storage. WAF will create a project named wafng-project-<Alibaba Cloud account ID>-<region ID> in the selected region within Alibaba Cloud Simple Log Service and establish a dedicated Logstore named wafng-logstore in this project.

  Important

  If you have activated the pay-by-ingested-data billing mode, Simple Log Service will automatically create a dedicated Logstore using this billing mode. To switch to the pay-by-feature billing mode, you can update the Logstore settings. For more information, see Modify Logstore Configuration.

• WAF Pay-As-You-Go Instance

  When activating the logging feature, you can select a region for log storage. WAF will create a project named wafnew-project-<Alibaba Cloud account ID>-<region ID> in the chosen region within Alibaba Cloud Simple Log Service and establish a dedicated Logstore named wafnew-logstore in this project.

Billing

• WAF Subscription Instance

  Charges for the WAF logging feature are based on the log retention period and storage capacity. For detailed billing information, see WAF Billing Details.

• WAF Pay-As-You-Go Instance

  • Fees for the WAF logging feature are included in your Simple Log Service bills.

  • If the Logstore's billing mode is pay-by-feature, charges are based on storage usage, read traffic, request count, data transformation, and data shipping after WAF logs are delivered to Simple Log Service. For more details, see Billable Items for Pay-By-Feature Billing Mode.

  • If the Logstore's billing method is pay-by-ingested-data, you are billed for the volume of ingested raw data after WAF logs are sent to Simple Log Service. For more details, see Billable Items for Pay-By-Ingested-Data Billing Mode.

Limits

• If your Simple Log Service resources have overdue payments, the WAF logging feature will be unavailable.

• Only WAF data can be written to the dedicated Logstores. There are no restrictions on features such as query, analysis, alerting, and consumption.

• Sufficient storage capacity for WAF logs is required. If capacity is reached, new logs cannot be stored.

  Note

  The storage capacity displayed in the Simple Log Service console may not be updated in real time.

Advantages

• Classified Protection Compliance: The WAF logging feature can retain website access logs for over six months, aiding in meeting classified protection requirements.

• Simple Configuration: Enabling the feature is straightforward, allowing for real-time collection of access and protection logs from your website's domain name. You can set custom log retention periods and storage capacities, and select specific websites for log collection based on business needs.

• Real-Time Analysis: The feature provides real-time log analysis and ready-to-use dashboards, offering insights into website attacks and access patterns.

• Real-Time Alerting: Custom monitoring and alerting for specific metrics are supported, enabling prompt responses to critical workload exceptions.

• High Compatibility: The feature works seamlessly with solutions like stream computing, cloud storage, and visualization, extracting more value from your business data.

Scenarios

• Trace web attack logs to pinpoint the origins of security threats.

• Monitor web requests in real time and analyze traffic trends.

• Gain insights into the effectiveness of security operations and address issues promptly.

• Produce and forward security network logs to in-house data and computing centers.