All Products
Search
Document Center

Simple Log Service:Enable and manage log collection

Last Updated:May 27, 2026

Log Audit Service lets you enable log collection from cloud products and manage audit settings such as encryption and resource deletion.

Prerequisites

  • You have an Alibaba Cloud account.

    Use a Resource Access Management (RAM) user with the AliyunRAMReadOnlyAccess and AliyunLogFullAccess policies.

  • The cloud products whose logs you want to collect are activated. Supported products are listed in Cloud product coverage and related resources.

Initial configuration

Important

Enable log collection with an Alibaba Cloud account or a RAM user that has AliyunRAMFullAccess permission.

  1. Log on to the Simple Log Service console.

  2. Go to the Log Audit Service page.

    Note

    Starting January 21, 2025, the console entry for the Log Audit Service will be removed. Existing users who activated the service before this date can still see the entry. New users who need to use the old version can access the Log Audit Service (New Version) and use its Back to Old Version feature.

    1. In the Log Application section, on the Audit & Security tab, click Log Audit Service (New Version).

      image

    2. In the upper-right corner of the Log Audit Service (New Version) page, click Back to Old Version. Then continue to use the old version of Log Audit Service.

      image

  3. Follow the on-screen instructions to complete the authorization.

    After authorization, the Log Audit Service uses the service-linked role AliyunServiceRoleForSLSAudit to collect logs from cloud products. For more information, see Manage the AliyunServiceRoleForSLSAudit service-linked role.

Enable log collection

  1. In the navigation pane on the left of the Log Audit Service console, choose Access to Cloud Services > Global Configurations.

  2. From the Region of Central Project drop-down list, select the destination region for centralized log storage.

    • China: China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Shenzhen), and China (Hong Kong)

    • Regions outside China: Singapore, Japan (Tokyo), Germany (Frankfurt), Indonesia (Jakarta), and Malaysia (Kuala Lumpur)

  3. In the cloud product list, select the products for which to enable log collection and configure the storage duration.

    For Layer 7 access logs of SLB, Layer 7 access logs of ALB, access logs of OSS, audit logs of PolarDB-X 1.0, flow logs of VPC, and internal DNS logs, you can also select Synchronization to Central Project. When enabled, the regional project serves as transit only and does not require a long storage duration. The console automatically adjusts to the recommended value.

  4. Click Modify.

    After configuration, wait about 2 minutes and check the log collection status on the Access to Cloud Services > Access Status page. If errors occur, adjust settings based on the on-screen messages. For more information, see Enable and manage log collection.

More operations

Enable encryption

Log Audit Service uses the built-in SLS service key to encrypt dedicated Logstores for cloud products with log collection enabled.

Important

Only central projects in the China (Hohhot) and China (Hong Kong) regions support encryption.

  1. In the navigation pane on the left of the Log Audit Service console, choose Access to Cloud Services > Global Configurations.

  2. On the Global Configurations page, click Modify in the upper-right corner.

  3. Turn on the Enable Encryption switch and select the corresponding encryption algorithm.

    Important

    After you select an encryption algorithm, you cannot change it. Choose carefully.

  4. Click OK.

Stop log collection

Stop collecting new logs while retaining existing data. Existing logs are automatically deleted when their retention period expires.

Important

Stopping collection only prevents new logs from being collected. To change the storage duration, make the change while collection is still enabled. Otherwise, the change does not take effect.

  1. In the navigation pane on the left of the Log Audit Service console, choose Access to Cloud Services > Global Configurations.

  2. On the Global Configurations page, click Modify in the upper-right corner.

  3. Turn off the target log option and click OK.

Delete audit resources

Permanently delete all Log Audit Service resources, including projects, Logstores, dashboards, and alerts.

  1. In the navigation pane on the left of the Log Audit Service console, choose Access to Cloud Services > Global Configurations.

  2. On the Global Configurations page, click Delete Audit Resource in the upper-right corner.

  3. In the Delete All Resources of Log Audit Service dialog box, click Disable Log Collection for Cloud Services.

  4. In the Confirm dialog box, click Confirm.

  5. In the Delete All Resources of Log Audit Service dialog box, copy the command.

    Copy all commands to delete all resources, or copy only the required commands for partial deletion. Command format:

    Important
    • Execute the delete commands in order. First, delete the regional projects, and then delete the central project.

    • Before you delete the projects, wait 1 to 2 minutes to ensure that log collection for all cloud products has stopped.

    • Example of a command to delete a regional project:

      aliyunlog log delete_project --project_name=slsaudit-region-12****34-cn-huhehaote --region-endpoint=cn-huhehaote.log.aliyuncs.com
    • Example of a command to delete the central project:

      aliyunlog log delete_project --project_name=slsaudit-center-12****34-cn-huhehaote --region-endpoint=cn-huhehaote.log.aliyuncs.com

    In the commands, 12****34 is the Alibaba Cloud account ID, and cn-huhehaote is the region where the project resides. region-endpoint is the endpoint of the SLS project. For more information, see Endpoints.

  6. In the top navigation bar, click the Cloud Shell icon.

  7. In the cloudshell dialog box, run the commands that you copied.

    Commands run sequentially to delete the audit resources.