After you enable the Log Service for WAF feature, you can modify log settings, such as the log storage period, log fields, and log storage type, on the Log Settings page. The storage types are Logs and Block Logs. To better utilize your log storage capacity, we recommend that you modify log settings based on your business protection and analysis requirements and classified protection requirements.

Prerequisites

The Log Service for WAF feature is enabled. For more information, see Enable Log Service for WAF.

Background information

Log settings take effect for all domain names for which log collection is enabled. For more information about how to enable log collection for domain names, see Enable log collection.

You can change the log storage duration for subscription WAF instances that run Business or a higher edition. You can modify log fields and change the log storage type for WAF instances of all editions.

Procedure

  1. Log on to the Web Application Firewall console.
  2. In the top navigation bar, select the resource group and region to which the WAF instance belongs. The region can be Mainland China or International.
  3. In the left-side navigation pane, choose Log Management > Log Service.
  4. In the upper-right corner of the Log Service page, click Log Settings.
  5. On the Log Settings page, modify the following settings based on your business requirements.
    Parameter Description
    Storage Period The duration for which you want to store logs. Unit: days. Valid values: 30 to 360.
    Logs that are stored longer than the log storage duration that you specify are deleted. You cannot query or analyze deleted log data. For example, if you set Storage Period to 180 days, logs that are stored for more than 180 days are deleted.
    Note You can change the log storage duration for subscription WAF instances that run Business or a higher edition.
    Custom Field Configuration The log fields that are supported by WAF and included in logs.

    WAF log fields can be categorized into Required Fields and Optional Fields. Required fields must be included in WAF logs and cannot be modified. You can include optional fields in WAF logs based on your business requirements. For more information about WAF log fields, see Log fields supported by WAF.

    To include optional fields in WAF logs, perform the following steps: In the Optional Fields section, select the optional fields in the Available Fields section and click the rightwards arrow to add the selected fields to the Selected Fields section.

    Storage Type The type of logs that you want to store. Valid values:
    • Logs: All logs are stored, including logs that are generated when WAF allows and blocks requests.
    • Block Logs: Only the logs that are generated when WAF blocks requests are stored.
  6. Click Save.

Result

After you modify the log settings, the Log Service for WAF feature stores logs based on the settings that you configured.