This topic describes how to enable and disable the service log feature and how to modify service log configurations.

Prerequisites

Enable the service log feature

  1. Log on to the Log Service console.
  2. Click the project for which you want to enable the service log feature.
  3. On the Overview page, click Enable Service Logs in the Operations Log section.
  4. The following table describes the parameters for enabling the service log feature.
    Parameter Description
    Service Logs
    • Detailed Logs: Detailed logs include logs of operations performed on all resources in the project, including creation, modification, deletion, read, and write operations. These logs are stored in the internal-operation_log Logstore of the project.
    • Important Logs: Important logs include consumption delay logs of consumer groups and Logtail heartbeat logs in each Logstore. These logs are stored in the internal-diagnostic_log Logstore of the project.
    Log Storage Location
    • Automatic creation (recommended): Log Service automatically creates a project named log-service-{User ID}-{region} in the same region as the project for which the service log feature is enabled. We recommend that you store all logs generated within the same region in this project.
    • Current Project: Log Service stores service logs in the current project.
    • Other projects in the drop-down list: Log Service stores service logs in other projects that already exist in the current region. If you specify a project to store service logs, the specified project must reside in the same region as the project for which the service log feature is enabled.
  5. Click OK.
    Note
    • After the service log feature is enabled, corresponding Logstores are created in the specified log storage location. The billing method of the Logstore used to store detailed logs is the same as that of common Logstores. For more information, see Billable items. You are not charged for the Logstore that stores important logs.
    • Only service logs generated after you enable the feature are recorded.

Modify service log configurations

  1. Log on to the Log Service console.
  2. In the Projects section, click the name of the project that you want to view.
  3. On the Overview page, click Modify in the Operations Log section.
  4. In the Modify Service Logs Settings dialog box, select required log types and clear log types that are not required.
  5. Select a project to store service logs from the Log Storage Location drop-down list.
    Note
    • We recommend that you select Automatic creation (recommended) and store service logs in the automatically created project. You can also specify a project and store service logs generated under different projects in the project. These projects reside in the same region as the specified project.
    • After you modify the Log Storage Location value, new log data is stored in the specified project. The log data stored in the original project is not synchronously deleted or migrated to the new project. You can manually delete the original project if you no longer need the data in it.
  6. Click OK.

Disable the service log feature

  1. Log on to the Log Service console.
  2. In the project list, click the project for which you want to disable the service log feature.
  3. On the Overview page, click Modify in the Operations Log section.
  4. In the Modify Service Logs Settings dialog box, clear all log types.
  5. Click OK to disable the service log feature.
    Note After the service log feature is disabled, the log data stored in the project is not automatically deleted. You can manually delete the project if you no longer need to store the data.

Authorize a RAM user to use the service log feature

Before you can use the service log feature as a RAM user, you must use your Alibaba Cloud account to grant the RAM user relevant permissions. For more information, see Create a RAM user and authorize the RAM user to access Log Service. The following code shows the content of the permission policy:
{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "log:CreateDashboard",
        "log:UpdateDashboard"
      ],
      "Resource": "acs:log:*:*:project/{The project where logs are stored}/dashboard/*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "log:GetProject",
        "log:CreateProject",
        "log:ListProject"
      ],
      "Resource": "acs:log:*:*:project/*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "log:List*",
        "log:Create*",
        "log:Get*",
        "log:Update*"
      ],
      "Resource": "acs:log:*:*:project/{The project where logs are stored}/logstore/*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "log:*"
      ],
      "Resource": "acs:log:*:*:project/{The project for which the service log feature is enabled}/logging",
      "Effect": "Allow"
    }
  ]
}