Log Audit Service allows you to enable the log collection feature with a few clicks. This topic describes how to enable the log collection feature and perform related operations.

Prerequisites

  • An Alibaba Cloud account is created.

    We recommend that you use a RAM user of the Alibaba Cloud account to enable log collection. The RAM user must be granted the read permissions on RAM resources and the read and write permissions on Log Service resources. To grant the required permissions to the RAM user, you can attach the AliyunRAMReadOnlyAccess and AliyunLogFullAccess policies to the RAM user.

  • The required features are enabled for the Alibaba Cloud services from which you want to collect logs. For more information, see Supported Alibaba Cloud services.

Initially configure Log Audit Service

  1. Log on to the Log Service console.
  2. In the Log Application section, click Log Audit Service.
  3. Configure authorization settings as prompted.
    After the authorization is complete, Log Audit Service assumes the service-linked role AliyunServiceRoleForSLSAudit to collect logs from cloud services. For more information, see Manage the AliyunServiceRoleForSLSAudit service-linked role.
    Notice
    • The account that you use to complete the authorization must have the permissions specified by the AliyunRamFullAccess policy.
    • The authorization needs to be performed only once.
    AliyunServiceRoleForSLSAudit

Enable log collection

  1. Log on to the Log Service console.
  2. In the Log Application section, click Log Audit Service.
  3. In the left-side navigation pane, choose Access to Cloud Products > Global Configurations.
  4. In the Region of the Central Project drop-down list, select the region of the project in which you want to centrally store the collected logs.
    • China (Beijing), China (Hohhot), China (Hangzhou), China (Shanghai), China (Shenzhen), and China (Hong Kong)
    • Singapore (Singapore), Japan (Tokyo), Germany (Frankfurt), and Indonesia (Jakarta)
  5. In the Cloud Products column, find the service for which you want to enable the log collection feature and specify the retention period of logs.
    If you want to collect Layer 7 access logs from Server Load Balancer (SLB), access logs from Object Storage Service (OSS), and audit logs from Distributed Relational Database Service (DRDS), you can turn on the switches in the Synchronization to Central Project column. After you turn on a switch in the Synchronization to Central Project column, the Log Service console automatically changes the retention period to the recommended period. The central project is used only for temporary storage.
  6. Click Save.
    After the configuration is complete, wait for approximately 2 minutes to view the access status of logs on the Access to Cloud Products > Status Dashboard page. If an exception occurs, modify the configurations as prompted. For more information, see FAQ.

What to do next

Stop log collection

If you no longer need to collect logs from an Alibaba Cloud service but you want to retain the collected logs, perform the following steps:

  1. Log on to the Log Service console.
  2. In the Log Application section, click Log Audit Service.
  3. In the left-side navigation pane, choose Access to Cloud Products > Global Configurations.
  4. On the Global Configuration page, click Modify in the upper-right corner.
  5. Find the service and turn off the switch in the Audit-Related Logs column. Then, click OK.

Delete audit resources

If you want to delete Log Audit Service resources, such as Logstores, dashboards, and alerts, perform the following steps:

  1. Log on to the Log Service console.
  2. In the Log Application section, click Log Audit Service.
  3. In the left-side navigation pane, choose Access to Cloud Products > Global Configurations.
  4. On the Global Configurations page, click Delete Audit Resources in the upper-right corner.
  5. Proceed as prompted.

FAQ

  • How do I view the access status of logs?

    Choose Access to Cloud Products > Status Dashboard. On the page that appears, view the access status of logs.

  • The system prompts that my Alibaba Cloud account does not have the required permissions or the AccessKey pair of my Alibaba Cloud account is invalid. What do I do?

    Check whether the required permissions are granted to your Alibaba Cloud account. If Log Service belongs to a different Alibaba Cloud account than the cloud service from which logs are collected, follow the instructions provided in Procedure. If Log Service belongs to the same Alibaba Cloud account as the cloud service, follow the instructions provided in Initially configure Log Audit Service. For example, if the ReadOnlyAccess policy under System Policy is not attached to the sls-audit-service-monitor role, the issue occurs.

  • The system prompts that the required feature is not enabled within my Alibaba Cloud account. What do I do?

    Enable the required feature for the cloud service within your Alibaba Cloud account. For more information, see Supported Alibaba Cloud services. For example, if Security Center is activated but the Log Analysis feature is not enabled in the Security Center console, the issue occurs.