All Products
Search
Document Center

Simple Log Service:Enable log collection

Last Updated:Aug 11, 2023

Log Audit Service allows you to enable the log collection feature with a few clicks. This topic describes how to enable the log collection feature and perform related operations.

Prerequisites

  • An Alibaba Cloud account is created.

    We recommend that you use a RAM user of the Alibaba Cloud account to enable log collection. The RAM user must be granted the read permissions on RAM resources and the read and write permissions on Simple Log Service resources. To grant the required permissions to the RAM user, you can attach the AliyunRAMReadOnlyAccess and AliyunLogFullAccess policies to the RAM user.

  • The required features are enabled for the Alibaba Cloud services from which you want to collect logs. For more information, see Supported Alibaba Cloud services.

Initially configure Log Audit Service

Important
  • The account that you use to complete the authorization must have the permissions specified by the AliyunRAMFullAccess policy.

  • You need to perform this operation only once.

  1. Log on to the Log Service console.
  2. In the Log Application section, click the Audit & Security tab. Then, click Log Audit Service.

  3. Complete authorization as prompted.

    After you complete the authorization, Log Audit Service assumes the AliyunServiceRoleForSLSAudit service-linked role to collect logs from Alibaba Cloud services. For more information, see Manage the AliyunServiceRoleForSLSAudit service-linked role.

Enable log collection

  1. In the left-side navigation pane, choose Access to Cloud Products > Global Configurations.

  2. In the Region of the Central Project drop-down list, select the region of the project in which you want to centrally store the collected logs.

    • Chinese mainland: China (Qingdao), China (Beijing), China (Hohhot), China (Hangzhou), China (Shanghai), China (Shenzhen), and China (Hong Kong)
    • Outside the Chinese mainland: Singapore, Japan (Tokyo), Germany (Frankfurt), and Indonesia (Jakarta)
  3. In the Cloud Products column, find the service for which you want to enable log collection and specify the retention period of logs.

    If you want to collect Layer 7 access logs from Server Load Balancer (SLB), Layer 7 access logs from Application Load Balancer (ALB), access logs from Object Storage Service (OSS), audit logs from PolarDB-X 1.0, flow logs from Virtual Private Cloud (VPC), and internal logs from Alibaba Cloud DNS (DNS), you can turn on the corresponding switches in the Synchronization to Central Project column. After you turn on a switch in the Synchronization to Central Project column, Simple Log Service stores data in the regional project of the service only for the recommended period of time. The regional project of the service is used only as temporary storage.

  4. Click Save.

    After the configuration is complete, wait for approximately 2 minutes to view the collection status of logs on the Access to Cloud Products > Status Dashboard page. If an exception occurs, modify the configurations by following the on-screen instructions. For more information, see Enable log collection.

What to do next

Enable encryption

Log Audit Service supports data encryption by using the built-in service keys of Simple Log Service. You can enable the data encryption feature to encrypt the dedicated Logstores of the Alibaba Cloud services for which log collection is enabled.

Note

The data encryption feature is available in the China (Hohhot) region and China (Hong Kong) region.

  1. In the left-side navigation pane, choose Access to Cloud Products > Global Configurations.

  2. In the upper-right corner of the Global Configurations page, click Modify.

  3. Turn on Enable Encryption and select an encryption algorithm.

    Important

    After you select an encryption algorithm, it cannot be changed. Proceed with caution.

  4. Click OK.

Disable log collection

If you no longer need to collect logs from an Alibaba Cloud service but you want to retain the collected logs, perform the following steps. Simple Log Service deletes logs after the retention period of the logs elapses.

Important

After you disable log collection, Simple Log Service does not collect incremental logs. If you want to change the log retention period, make sure that log collection is enabled. If you change the period when log collection is disabled, the change does not take effect.

  1. In the left-side navigation pane, choose Access to Cloud Products > Global Configurations.

  2. On the Global Configurations page, click Modify in the upper-right corner.

  3. Find the Alibaba Cloud service and turn off the switch in the Audit-Related Logs column. Then, click OK.

Delete audit resources

If you want to delete Log Audit Service resources, such as projects, Logstores, dashboards, and alerts, perform the following steps:

  1. In the left-side navigation pane, choose Access to Cloud Products > Global Configurations.

  2. On the Global Configurations page, click Delete Audit Resources in the upper-right corner.

  3. In the Delete All Resources of Log Audit Service dialog box, click Disable Log Collection for Cloud Services.

  4. In the Confirm message, click OK.

  5. In the Delete All Resources of Log Audit Service dialog box, copy commands based on your business requirements.

    If you want to delete all resources, copy all commands. If you want to delete specific resources, copy the required commands.

    Important
    • Run commands in sequence to delete a regional project before a central project.

    • Before you delete a project, wait for 1 to 2 minutes to make sure that log collection is disabled for all Alibaba Cloud services.

    • Sample command to delete a regional project

      aliyunlog log delete_project --project_name=slsaudit-region-12****34-cn-huhehaote --region-endpoint=cn-huhehaote.log.aliyuncs.com
    • Sample command to delete a central project

      aliyunlog log delete_project --project_name=slsaudit-center-12****34-cn-huhehaote --region-endpoint=cn-huhehaote.log.aliyuncs.com

    In the preceding commands, 12****34 specifies the ID of the Alibaba Cloud account, and cn-huhehaote specifies the region of the projects. region-endpoint specifies the access endpoint of the projects. For more information, see Endpoints.

  6. In the top navigation bar, click the Cloud Shell icon.

  7. On the cloudshell tab, run the commands that you copied.

    The system runs the commands one by one to delete audit resources.