ALIYUN::SLS::Audit is used to configure Log Audit Service.
Note For more information about Log Audit Service, see Overview of Log Audit Service.
Syntax
{
"Type": "ALIYUN::SLS::Audit",
"Properties": {
"VariableMap": Map,
"DisplayName": String,
"MultiAccount": List
}
}Properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| VariableMap | Map | Yes | Yes | The detailed configuration of Log Audit Service. | For more information, see VariableMap properties. |
| DisplayName | String | Yes | No | The display name of Log Audit Service. | The name can be up to 128 characters in length. |
| MultiAccount | List | No | Yes | The Alibaba Cloud accounts for which you want to configure Log Audit Service. | You must separate multiple Alibaba Cloud account IDs with commas (,).
You can specify up to 100 Alibaba Cloud accounts. |
VariableMap syntax
"VariableMap": {
"ApigatewayTtl": Number,
"SasCrackEnabled": Boolean,
"CpsEnabled": Boolean,
"ApigatewayEnabled": Boolean,
"WafEnabled": Boolean,
"OssSyncTtl": Number,
"SasTtl": Number,
"ActiontrailTtl": Number,
"OssAccessEnabled": Boolean,
"OssSyncEnabled": Boolean,
"SasSnapshotAccountEnabled": Boolean,
"SlbSyncEnabled": Boolean,
"SlbAccessTtl": Number,
"BastionEnabled": Boolean,
"RdsEnabled": Boolean,
"SasSessionEnabled": Boolean,
"SasLocalDnsEnabled": Boolean,
"OssAccessTtl": Number,
"SasHttpEnabled": Boolean,
"BastionTtl": Number,
"OssMeteringEnabled": Boolean,
"SasProcessEnabled": Boolean,
"NasEnabled": Boolean,
"SasDnsEnabled": Boolean,
"SasSnapshotPortEnabled": Boolean,
"SasSecurityAlertEnabled": Boolean,
"SlbAccessEnabled": Boolean,
"NasTtl": Number,
"SasNetworkEnabled": Boolean,
"SasLoginEnabled": Boolean,
"WafTtl": Number,
"OssMeteringTtl": Number,
"SasSnapshotProcessEnabled": Boolean,
"SasSecurityHcEnabled": Boolean,
"RdsTtl": Number,
"CpsTtl": Number,
"SlbSyncTtl": Number,
"CloudfirewallTtl": Number,
"ActiontrailEnabled": Boolean,
"SasSecurityVulEnabled": Boolean,"ApigatewayTiEnabled": Boolean,
"RdsSlowCollectionPolicy": String,
"PolardbSlowCollectionPolicy": String,
"BastionAuditCollectionPolicy": String,
"DdosCooAccessPolicySetting": List,
"RdsAuditCollectionPolicy": String,
"ActiontrailOpenapiPolicySetting": List,
"BastionTiEnabled": Boolean,
"K8sIngressTiEnabled": Boolean,
"PolardbEnabled": Boolean,
"WafTiEnabled": Boolean,
"RedisSyncTtl": Number,
"OssAccessPolicySetting": List,
"AppconnectTiEnabled": Boolean,
"ApigatewayAccessPolicySetting": List,
"NasTiEnabled": Boolean,
"RdsPerfTiEnabled": Boolean,
"ActiontrailOpenapiCollectionPolicy": String,
"DrdsSyncTtl": Number,
"K8sEventEnabled": Boolean,
"RedisSyncEnabled": Boolean,
"PolardbPerfTiEnabled": Boolean,
"CpsTiEnabled": Boolean,
"CloudfirewallTiEnabled": Boolean,
"OssAccessTiEnabled": Boolean,
"PolardbSlowTiEnabled": Boolean,
"RedisAuditTtl": Number,
"RdsAuditPolicySetting": List,
"OssMeteringCollectionPolicy": String,
"ActiontrailTiEnabled": Boolean,
"SasTiEnabled": Boolean,
"DdosCooAccessTiEnabled": Boolean,
"WafAccessCollectionPolicy": String,
"CloudfirewallAccessPolicySetting": List,
"RedisAuditEnabled": Boolean,
"CpsCallbackPolicySetting": List,
"BastionAuditPolicySetting": List,
"PolardbSlowEnabled": Boolean,
"DrdsAuditEnabled": Boolean,
"PolardbTtl": Number,
"RdsPerfPolicySetting": List,
"K8sIngressTtl": Number,
"OssMeteringPolicySetting": List,
"K8sEventCollectionPolicy": String,
"DrdsAuditPolicySetting": List,
"WafAccessPolicySetting": List,
"CloudfirewallEnabled": Boolean,
"PolardbAuditPolicySetting": List,
"RedisAuditTiEnabled": Boolean,
"RedisAuditPolicySetting": List,
"SlbAccessPolicySetting": List,
"PolardbTiEnabled": Boolean,
"ApigatewayAccessCollectionPolicy": String,
"DrdsAuditTtl": Number,
"AppconnectEnabled": Boolean,
"DrdsSyncEnabled": Boolean,
"OssMeteringTiEnabled": Boolean,
"K8sAuditTiEnabled": Boolean,
"PolardbSlowTtl": Number,
"DrdsAuditCollectionPolicy": String,
"K8sAuditPolicySetting": List,
"K8sEventPolicySetting": List,
"RdsSlowTiEnabled": Boolean,
"K8sIngressPolicySetting": List,
"RedisAuditCollectionPolicy": String,
"PolardbPerfTtl": Number,
"AppconnectTtl": Number,
"DrdsAuditTiEnabled": Boolean,
"K8sAuditEnabled": Boolean,
"PolardbPerfPolicySetting": List,
"NasAuditPolicySetting": List,
"K8sEventTtl": Number,
"CpsCallbackCollectionPolicy": String,
"PolardbAuditCollectionPolicy": String,
"RdsPerfEnabled": Boolean,
"RdsSlowEnabled": Boolean,
"PolardbSlowPolicySetting": List,
"DdosCooAccessTtl": Number,
"PolardbPerfCollectionPolicy": String,
"SlbAccessTiEnabled": Boolean,
"PolardbPerfEnabled": Boolean,
"AppconnectOpPolicySetting": List,
"K8sEventTiEnabled": Boolean,
"AppconnectOpCollectionPolicy": String,
"NasAuditCollectionPolicy": String,
"K8sAuditTtl": Number,
"SlbAccessCollectionPolicy": String,
"K8sIngressEnabled": Boolean,
"K8sAuditCollectionPolicy": String,
"RdsPerfTtl": Number,
"OssAccessCollectionPolicy": String,
"RdsSlowPolicySetting": List,
"RdsSlowTtl": Number,
"RdsPerfCollectionPolicy": String,
"DdosCooAccessEnabled": Boolean,
"DdosCooAccessCollectionPolicy": String,
"CloudfirewallAccessCollectionPolicy": String,
"RdsTiEnabled": Boolean,
"K8sIngressCollectionPolicy": String
}VariableMap properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| ApigatewayTtl | Number | No | Yes | The period of time during which the access logs of API Gateway are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| SasCrackEnabled | Boolean | No | Yes | Specifies whether to audit the brute-force attack logs of Security Center (SAS). | Default value: false. Valid values:
|
| CpsEnabled | Boolean | No | Yes | Specifies whether to audit the push receipt events of Alibaba Cloud Mobile Push. | Default value: true. Valid values:
|
| ApigatewayEnabled | Boolean | No | Yes | Specifies whether to audit the access logs of API Gateway. | Default value: true. Valid values:
|
| WafEnabled | Boolean | No | Yes | Specifies whether to audit the access logs of Web Application Firewall (WAF). | Default value: true. Valid values:
|
| OssSyncTtl | Number | No | Yes | The period of time during which the Object Storage Service (OSS) logs are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. For more information about centralized storage, see Benefits. |
| SasTtl | Number | No | Yes | The period of time during which the SAS logs are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| ActiontrailTtl | Number | No | Yes | The period of time during which the operation logs of ActionTrail are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| OssAccessEnabled | Boolean | No | Yes | Specifies whether to audit the access logs of OSS. | Default value: true. Valid values:
|
| OssSyncEnabled | Boolean | No | Yes | Specifies whether to synchronize the access logs of OSS to the central project. | Default value: true. Valid values:
Note You can synchronize the collected logs to the central project. This improves efficiency
when you query, analyze, and visualize the collected logs. You can also configure
alerts and perform custom development for OSS.
|
| SasSnapshotAccountEnabled | Boolean | No | Yes | Specifies whether to audit the account snapshots of SAS. | Default value: false. Valid values:
|
| SlbSyncEnabled | Boolean | No | Yes | Specifies whether to synchronize the access logs of Server Load Balancer (SLB) to the central project. | Default value: true. Valid values:
|
| SlbAccessTtl | Number | No | Yes | The period of time during which the access logs of SLB are stored in the Logstore of the regional project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| BastionEnabled | Boolean | No | Yes | Specifies whether to audit the operation logs of Bastionhost (BH). | Default value: true. Valid values:
|
| RdsEnabled | Boolean | No | Yes | Specifies whether to audit the SQL audit logs of ApsaraDB RDS. | Default value: true. Valid values:
|
| SasSessionEnabled | Boolean | No | Yes | Specifies whether to audit the network session logs of SAS. | Default value: false. Valid values:
|
| SasLocalDnsEnabled | Boolean | No | Yes | Specifies whether to audit the local Domain Name System (DNS) logs of SAS. | Default value: false. Valid values:
|
| OssAccessTtl | Number | No | Yes | The period of time during which the access logs of OSS are stored in the Logstore of the regional project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| SasHttpEnabled | Boolean | No | Yes | Specifies whether to audit the web access logs of SAS. | Default value: false. Valid values:
|
| BastionTtl | Number | No | Yes | The period of time during which the operation logs of BH are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| OssMeteringEnabled | Boolean | No | Yes | Specifies whether to audit the metering logs of OSS. | Default value: true. Valid values:
|
| SasProcessEnabled | Boolean | No | Yes | Specifies whether to audit the process startup logs of SAS. | Default value: false. Valid values:
|
| NasEnabled | Boolean | No | Yes | Specifies whether to audit the access logs of Apsara File Storage NAS (NAS). | Default value: true. Valid values:
|
| SasDnsEnabled | Boolean | No | Yes | Specifies whether to audit the DNS logs of SAS. | Default value: false. Valid values:
|
| SasSnapshotPortEnabled | Boolean | No | Yes | Specifies whether to audit the port snapshots of SAS. | Default value: false. Valid values:
|
| SasSecurityAlertEnabled | Boolean | No | Yes | Specifies whether to audit the security alert logs of SAS. | Default value: false. Valid values:
|
| SlbAccessEnabled | Boolean | No | Yes | Specifies whether to audit the access logs of SLB. | Default value: true. Valid values:
|
| NasTtl | Number | No | Yes | The period of time during which the access logs of NAS are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| SasNetworkEnabled | Boolean | No | Yes | Specifies whether to audit the network connection logs of SAS. | Default value: false. Valid values:
|
| SasLoginEnabled | Boolean | No | Yes | Specifies whether to audit the logon logs of SAS. | Default value: false. Valid values:
|
| WafTtl | Number | No | Yes | The period of time during which the access logs of WAF are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| OssMeteringTtl | Number | No | Yes | The period of time during which the metering logs of OSS are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| SasSnapshotProcessEnabled | Boolean | No | Yes | Specifies whether to audit the process snapshots of SAS. | Default value: false. Valid values:
|
| SasSecurityHcEnabled | Boolean | No | Yes | Specifies whether to audit the baseline logs of SAS. | Default value: false. Valid values:
|
| RdsTtl | Number | No | Yes | The period of time during which the SQL audit logs of ApsaraDB RDS are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| CpsTtl | Number | No | Yes | The period of time during which the push receipt events of Alibaba Cloud Mobile Push are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| SlbSyncTtl | Number | No | Yes | The period of time during which the access logs of SLB are stored in the Logstore of the regional project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| CloudfirewallTtl | Number | No | Yes | The period of time during which the logs of traffic that passes through the Cloud Firewall (CFW) Internet firewall are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| ActiontrailEnabled | Boolean | No | Yes | Specifies whether to audit the operation logs of ActionTrail. | Default value: true. Valid values:
|
| SasSecurityVulEnabled | Boolean | No | Yes | Specifies whether to audit the vulnerability logs of SAS. | Default value: false. Valid values:
|
| ApigatewayTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for API Gateway. | Default value: false. Valid values:
|
| RdsSlowCollectionPolicy | String | No | Yes | Specifies whether to audit the policy for the slow query logs of ApsaraDB RDS. | Default value: false. Valid values:
|
| PolardbSlowCollectionPolicy | String | No | Yes | Specifies whether to audit the slow query logs of PolarDB. | Default value: false. Valid values:
|
| BastionAuditCollectionPolicy | String | No | Yes | The collection policy for the audit logs of BH. | None. |
| DdosCooAccessPolicySetting | List | No | Yes | The settings of the audit policy for Anti-DDoS. | None. |
| RdsAuditCollectionPolicy | String | No | Yes | The collection policy for the audit logs of ApsaraDB RDS. | None. |
| ActiontrailOpenapiPolicySetting | List | No | Yes | The settings of the API policy for ActionTrail. | None. |
| BastionTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for BH. | Default value: false. Valid values:
|
| K8sIngressTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for the Ingress access logs of Container Service for Kubernetes (ACK). | Default value: false. Valid values:
|
| PolardbEnabled | Boolean | No | Yes | Specifies whether to audit the audit logs of PolarDB. | Default value: true. Valid values:
|
| WafTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for WAF. | Default value: false. Valid values:
|
| RedisSyncTtl | Number | No | Yes | The period of time during which the audit logs of ApsaraDB for Redis are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| OssAccessPolicySetting | List | No | Yes | The settings of the access policy for OSS. | None. |
| AppconnectTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for Cloud Service Bus (CSB) App Connect. | Default value: false. Valid values:
|
| ApigatewayAccessPolicySetting | List | No | Yes | The settings of the audit policy for API Gateway. | None. |
| NasTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for NAS. | Default value: false. Valid values:
|
| RdsPerfTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for ApsaraDB RDS. | Default value: false. Valid values:
|
| ActiontrailOpenapiCollectionPolicy | String | No | Yes | The collection policy for the API logs of ActionTrail. | None. |
| DrdsSyncTtl | Number | No | Yes | The period of time during which the SQL audit logs of PolarDB-X are synchronized to the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| K8sEventEnabled | Boolean | No | Yes | Specifies whether to audit the Kubernetes event center of ACK. | Default value: false. Valid values:
|
| RedisSyncEnabled | Boolean | No | Yes | Specifies whether to synchronize the audit logs of ApsaraDB for Redis to the central project. | Default value: true. Valid values:
|
| PolardbPerfTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for PolarDB. | Default value: false. Valid values:
|
| CpsTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for Alibaba Cloud Mobile Push. | Default value: false. Valid values:
|
| CloudfirewallTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for CFW. | Default value: false. Valid values:
|
| OssAccessTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for OSS. | Default value: false. Valid values:
|
| PolardbSlowTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for the slow query logs of PolarDB. | Default value: false. Valid values:
|
| RedisAuditTtl | Number | No | Yes | The period of time during which the access logs of ApsaraDB for Redis are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 7. Unit: days. |
| RdsAuditPolicySetting | List | No | Yes | The settings of the audit policy for ApsaraDB RDS. | None. |
| OssMeteringCollectionPolicy | String | No | Yes | The collection policy for the metering logs of OSS. | None. |
| ActiontrailTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for ActionTrail. | Default value: false. Valid values:
|
| SasTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for SAS. | Default value: false. Valid values:
|
| DdosCooAccessTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for Anti-DDoS. | Default value: false. Valid values:
|
| WafAccessCollectionPolicy | String | No | Yes | The collection policy for WAF logs. | None. |
| CloudfirewallAccessPolicySetting | List | No | Yes | The settings of the collection policy for CFW logs. | None. |
| RedisAuditEnabled | Boolean | No | Yes | Specifies whether to audit the audit logs of ApsaraDB for Redis. | Default value: true. Valid values:
|
| CpsCallbackPolicySetting | List | No | Yes | The settings of the collection policy for Alibaba Cloud Mobile Push logs. | None. |
| BastionAuditPolicySetting | List | No | Yes | The settings of the collection policy for BH logs. | None. |
| PolardbSlowEnabled | Boolean | No | Yes | Specifies whether to audit the slow query logs of PolarDB. | Default value: false. Valid values:
|
| DrdsAuditEnabled | Boolean | No | Yes | Specifies whether to audit the SQL audit logs of PolarDB-X. | Default value: true. Valid values:
|
| PolardbTtl | Number | No | Yes | The period of time during which the audit logs of PolarDB are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| RdsPerfPolicySetting | List | No | Yes | The settings of the performance policy for ApsaraDB RDS. | None. |
| K8sIngressTtl | Number | No | Yes | The period of time during which the Ingress access logs of ACK are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| OssMeteringPolicySetting | List | No | Yes | The settings of the metering policy for OSS. | None. |
| K8sEventCollectionPolicy | String | No | Yes | The collection policy for the event logs of ACK. | None. |
| DrdsAuditPolicySetting | List | No | Yes | The settings of the audit policy for PolarDB-X. | None. |
| WafAccessPolicySetting | List | No | Yes | The settings of the audit policy for WAF. | None. |
| CloudfirewallEnabled | Boolean | No | Yes | Specifies whether to audit the logs of traffic that passes through the CFW VPC firewall. | Default value: true. Valid values:
|
| PolardbAuditPolicySetting | List | No | Yes | The settings of the audit policy for PolarDB. | None. |
| RedisAuditTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for ApsaraDB for Redis. | Default value: false. Valid values:
|
| RedisAuditPolicySetting | List | No | Yes | The settings of the audit policy for ApsaraDB for Redis. | None. |
| SlbAccessPolicySetting | List | No | Yes | The settings of the audit policy for SLB. | None. |
| PolardbTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for PolarDB. | Default value: false. Valid values:
|
| ApigatewayAccessCollectionPolicy | String | No | Yes | The audit policy for API Gateway. | None. |
| DrdsAuditTtl | Number | No | Yes | The period of time during which the SQL audit logs of PolarDB-X are stored in the Logstore of the regional project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| AppconnectEnabled | Boolean | No | Yes | Specifies whether to audit the operation logs of CSB App Connect. | Default value: false. Valid values:
|
| DrdsSyncEnabled | Boolean | No | Yes | Specifies whether to synchronize the SQL audit logs of PolarDB-X to the central project. | Default value: true. Valid values:
|
| OssMeteringTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for the metering logs of OSS. | Default value: false. Valid values:
|
| K8sAuditTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for ACK. | Default value: false. Valid values:
|
| PolardbSlowTtl | Number | No | Yes | The period of time during which the slow query logs of PolarDB are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| DrdsAuditCollectionPolicy | String | No | Yes | The collection policy for the audit logs of PolarDB-X. | None. |
| K8sAuditPolicySetting | List | No | Yes | The settings of the audit policy for ACK. | None. |
| K8sEventPolicySetting | List | No | Yes | The settings of the event policy for ACK. | None. |
| RdsSlowTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for the slow query logs of ApsaraDB RDS. | Default value: false. Valid values:
|
| K8sIngressPolicySetting | List | No | Yes | The settings of the Ingress policy for ACK. | None. |
| RedisAuditCollectionPolicy | String | No | Yes | The collection policy for the audit logs of ApsaraDB for Redis. | None. |
| PolardbPerfTtl | Number | No | Yes | The period of time during which the performance logs of PolarDB are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| AppconnectTtl | Number | No | Yes | The period of time during which the operation logs of CSB App Connect are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| DrdsAuditTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for PolarDB-X. | Default value: false. Valid values:
|
| K8sAuditEnabled | Boolean | No | Yes | Specifies whether to audit the Kubernetes audit logs of ACK. | Default value: false. Valid values:
|
| PolardbPerfPolicySetting | List | No | Yes | The settings of the performance logs of PolarDB. | None. |
| NasAuditPolicySetting | List | No | Yes | The settings of the audit policy for NAS. | None. |
| K8sEventTtl | Number | No | Yes | The period of time during which the event logs of ACK are stored in the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| CpsCallbackCollectionPolicy | String | No | Yes | The collection policy for Alibaba Cloud Mobile Push logs. | None. |
| PolardbAuditCollectionPolicy | String | No | Yes | The collection policy for the audit logs of PolarDB. | None. |
| RdsPerfEnabled | Boolean | No | Yes | Specifies whether to audit the performance logs of ApsaraDB RDS. | Default value: false. Valid values:
|
| RdsSlowEnabled | Boolean | No | Yes | Specifies whether to audit the slow query logs of ApsaraDB RDS. | Default value: false. Valid values:
|
| PolardbSlowPolicySetting | List | No | Yes | The settings of the slow query log policy for PolarDB. | None. |
| DdosCooAccessTtl | Number | No | Yes | The period of time during which the Anti-DDoS logs are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| PolardbPerfCollectionPolicy | String | No | Yes | The collection policy for the performance logs of PolarDB. | None. |
| SlbAccessTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for SLB. | Default value: false. Valid values:
|
| PolardbPerfEnabled | Boolean | No | Yes | Specifies whether to audit the performance logs of PolarDB. | Default value: false. Valid values:
|
| AppconnectOpPolicySetting | List | No | Yes | The settings of the audit policy for CSB App Connect. | None. |
| K8sEventTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for ACK. | Default value: false. Valid values:
|
| AppconnectOpCollectionPolicy | String | No | Yes | The collection policy for CSB App Connect logs. | None. |
| NasAuditCollectionPolicy | String | No | Yes | The collection policy for the audit logs of NAS. | None. |
| K8sAuditTtl | Number | No | Yes | The period of time during which the Kubernetes audit logs of ACK are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| SlbAccessCollectionPolicy | String | No | Yes | The collection policy for the audit logs of SLB. | None. |
| K8sIngressEnabled | Boolean | No | Yes | Specifies whether to audit the Ingress access logs of ACK. | Default value: false. Valid values:
|
| K8sAuditCollectionPolicy | String | No | Yes | The collection policy for the audit logs of ACK. | None. |
| RdsPerfTtl | Number | No | Yes | The period of time during which the performance logs of ApsaraDB RDS are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| OssAccessCollectionPolicy | String | No | Yes | The collection policy for the access logs of OSS. | None. |
| RdsSlowPolicySetting | List | No | Yes | The settings of the slow query log policy for ApsaraDB RDS. | None. |
| RdsSlowTtl | Number | No | Yes | The period of time during which the slow query logs of ApsaraDB RDS are stored in the Logstore of the central project. | Valid values: 3 to 3000.
Default value: 180. Unit: days. |
| RdsPerfCollectionPolicy | String | No | Yes | The collection policy for the performance logs of ApsaraDB RDS. | None. |
| DdosCooAccessEnabled | Boolean | No | Yes | Specifies whether to audit the access logs of Anti-DDoS. | Default value: false. Valid values:
|
| DdosCooAccessCollectionPolicy | String | No | Yes | The collection policy for the audit logs of Anti-DDoS. | None. |
| CloudfirewallAccessCollectionPolicy | String | No | Yes | The collection policy for the audit logs of WAF. | None. |
| RdsTiEnabled | Boolean | No | Yes | Specifies whether to enable the threat intelligence feature for ApsaraDB RDS. | Default value: false. Valid values:
|
| K8sIngressCollectionPolicy | String | No | Yes | The collection policy for the Ingress access logs of ACK. | None. |
Return values
Fn::GetAtt
DisplayName: the display name of Log Audit Service.
Examples
JSON format
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"VariableMap": {
"Type": "Json",
"Description": "Log audit detailed configuration."
},
"DisplayName": {
"Type": "String",
"Description": "Name of SLS log audit.",
"MaxLength": 128
},
"MultiAccount": {
"Type": "Json",
"Description": "Multi-account configuration, please fill in multiple aliuid.",
"MinLength": 0,
"MaxLength": 100
}
},
"Resources": {
"Audit": {
"Type": "ALIYUN::SLS::Audit",
"Properties": {
"VariableMap": {
"Ref": "VariableMap"
},
"DisplayName": {
"Ref": "DisplayName"
},
"MultiAccount": {
"Ref": "MultiAccount"
}
}
}
},
"Outputs": {
"DisplayName": {
"Description": "Name of SLS log audit.",
"Value": {
"Fn::GetAtt": [
"Audit",
"DisplayName"
]
}
}
}
}YAML format
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
DisplayName:
Description: Name of SLS log audit.
MaxLength: 128
Type: String
MultiAccount:
Description: Multi-account configuration, please fill in multiple aliuid.
MaxLength: 100
MinLength: 0
Type: Json
VariableMap:
Description: Log audit detailed configuration.
Type: Json
Resources:
Audit:
Properties:
DisplayName:
Ref: DisplayName
MultiAccount:
Ref: MultiAccount
VariableMap:
Ref: VariableMap
Type: ALIYUN::SLS::Audit
Outputs:
DisplayName:
Description: Name of SLS log audit.
Value:
Fn::GetAtt:
- Audit
- DisplayName