After you set up an Anti-DDoS Pro or Anti-DDoS Premium instance to protect your website service, you can use the Security Reports feature and log-related features to view the protection data in the Anti-DDoS Pro or Anti-DDoS Premium console.

Prerequisites

Background information

Only Anti-DDoS Pro supports the Security Reports and Operation Logs features. This topic takes Anti-DDoS Pro as an example to describe the features. If you use Anti-DDoS Premium, we recommend that you view service protection on the Security Overview and Log Analysis pages. For more information, see Check security overview and Full log.

Procedure

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select Mainland China.
  3. Perform the following steps based on your needs:
    • View security reports

      In the left-side navigation pane, click Security Reports. On the Reports page, click one of the following tabs to view the relevant reports: Service, Anti-DDoS Protection, and HTTP Flood Protection.

      Security reports

      You can add multiple filter conditions to customize the reports. For example, you can filter reports by time range, Anti-DDoS Pro instance, instance IP address, or port. The following table describes the differences between these reports.

      Report Content Filter condition
      Service
      • Changes of inbound and outbound bandwidth
      • Changes of concurrent connections and new connections
      • Time range
      • Anti-DDoS Pro instance
      • IP address of the Anti-DDoS Pro instance
      • Forwarding port
      Anti-DDoS Protection
      • Changes of back-to-origin traffic and scrubbed traffic
      • DDoS attack records
      • Time range
      • Anti-DDoS Pro instance
      • IP address of the Anti-DDoS Pro instance
      HTTP Flood Protection
      • Changes of malicious requests and total requests per second
      • Records of HTTP flood attacks
      • Time range
      • Domain name

      For more information, see View security reports.

    • Query and analyze log data

      In the left-side navigation pane, choose Investigation > Operation Logs. On the Operation Logs page, view operations log. An operations log records important operations in the last 30 days. For example, this log records the operations performed on IP addresses of protected assets and ECS instances. You can filter the logs by time range.

      Operations logs

      If you need to analyze log data in real time and display results by using graphs, we recommend that you activate the Log Analysis feature. After the Log Analysis feature is activated, the logs of access to your website and HTTP flood attack logs are collected and maintained by Alibaba Cloud Log Service. You can search and analyze log data in real time, and view search results on dashboards. For more information, see What is Log Service?.

      The Log Analysis feature is a value-added service. To use this service, you must both activate and enable it. Specifically, you must perform the following steps:
      1. Activate the feature. For more information, see Activate the Log Analysis feature.
      2. Enable the feature. For more information, see Enable the Log Analysis feature for a website.
      After the Log Analysis feature is activated and enabled, you can navigate to the Investigation > Log Analysis page to search and analyze log data in real time. You can also view and edit dashboards, and configure monitoring and alerts on this page.
      Note For more information about the fields supported by the Log Analysis feature, see Fields supported by the Log Analysis feature.
      Log Analysis