This topic describes how to enable, modify, and disable the service log feature for a project in the Log Service console. After you enable this feature for a project, Log Service stores all logs generated under the project to a project that you specify. The service log feature is disabled by default.

Prerequisites

  • At least one project is created.
  • If you log on to the Log Service console as a RAM user, the RAM user must be granted relevant permissions by your Alibaba Cloud account. For more information, see Authorize a RAM user.

Background information

The service log feature allows you to record alert log data of Logtail, data about operations performed in a specified project, and other data. You can store the log data in a new or existing project. After you specify a project, Log Service automatically creates Logstores under the project to store operations logs and other logs. Log Service also provides five dashboards for different log scenarios. You can monitor the running status of your project in real time.
Note
  • After you enable the service log feature, Log Service creates Logstores and dashboards in the specified storage location. The Logstore that stores operations logs is charged based on your specified billing method. The Logstore that stores other logs is free of charge.
  • We recommend that you specify automatic creation of a project and store logs generated in the same region into the automatically created project.
  • Only service logs generated after you enable the feature are recorded.

Enable the service log feature

  1. Log on to the Log Service console, and then click the target project name.
  2. On the Overview page, expand the Operations Log section, and then click Enable Service Log.
    1
  3. Select the services that you want to enable.
    You can select Detailed Logs or Important Logs.
    • Detailed Logs: logs of operations performed on all resources in the project, including resource creations, modifications, updates, deletions, and read/write operations. These logs are stored in the internal-operation_log Logstore of the specified project.
    • Important logs: metering logs, consumption delay logs of consumption groups, Logtail errors, Logtail heartbeats, and Logtail statistical logs in each Logstore. These logs are stored in the internal-diagnostic_log Logstore of the specified project.
  4. Set Log Storage Location.
    • If you select Automatic creation (recommended), Log Service creates a project named log-service-{User ID}-{region}. This project resides in the same region where the project for the service log feature is enabled. We recommend that you store logs generated in the same region into this project.
    • If you select an existing project, Log Service stores service logs in the selected project.
  5. Click OK.
    The service log feature is enabled. Then, Log Service stores logs generated under the project in the specified storage location in real time.
    Figure 1. Enable the service log feature
    Enable Service Logs

Modify the service log feature

  1. On the Overview page, click Actions on the right of the Operations Log section.
  2. Change the log type.
    Select or clear Detailed Logs or Important Logs in the Service Logs section.
  3. Modify the Log Storage Location.
    Specify a project from the Log Storage Location drop-down list.
    Note
    • We recommend that you select automatic creation of a project and store service logs in the automatically created project. You can also specify a project and store logs generated under different projects in the project. These projects reside in the same region as the specified project.
    • After you modify the Log Storage Location, new log data is stored in the specified project. The logs and dashboards stored in the original project are not automatically deleted or migrated to the new project. You can manually delete the data if you no long need the data.
    Figure 2. Modify the service log feature
    Modify Service Logs
  4. Click OK.

Disable the service log feature

Note After the service log feature is disabled, the logs and dashboards stored in the project are not automatically deleted. You can manually delete the project or Logstores.
  1. On the Overview page, click Actions on the right of the Operations Log section.
  2. Clear the Detailed Logs and Important Logs check boxes.
    Disable the service log feature
  3. Click OK.

Authorize a RAM user

Before you can use the service log feature as a RAM user, you must use your Alibaba Cloud account to grant the RAM user relevant permissions. For more information, see Authorize a RAM user to connect to Log Service. The permission policy is as follows:
{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "log:CreateDashboard",
        "log:UpdateDashboard"
      ],
      "Resource": "acs:log:*:*:project/{The project where logs are stored}/dashboard/*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "log:GetProject",
        "log:CreateProject",
        "log:ListProject"
      ],
      "Resource": "acs:log:*:*:project/*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "log:List*",
        "log:Create*"
        "log:Get*",
        "log:Update*",
      ],
      "Resource": "acs:log:*:*:project/{The project where logs are stored}/logstore/*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "log:*"
      ],
      "Resource": "acs:log:*:*:project/{The project for which the service log feature is enabled}/logging",
      "Effect": "Allow"
    }
  ]
}