Log Service allows you to query and analyze Network Attached Storage (NAS) access logs. It also provides out-of-the-box reports and alerts so that you can monitor the system in real time.

Alibaba Cloud NAS is a file storage service for compute nodes, such as Elastic Compute Service (ECS) instances, Elastic High Performance Computing (E-HPC) clusters, and Container Service clusters. NAS complies with standard file access protocols. Without modifying existing applications, you can have a distributed file system that features unlimited capacity and performance scaling, a single namespace, shared access, high reliability, and high availability.

Each request to NAS generates an access log that records the details of the access request, such as the operation type, target object, and response status of the current user.

Log Service allows you to query and analyze NAS access logs. It also provides out-of-the-box reports and alerts so that you can monitor the system in real time. By querying and analyzing NAS access logs, you can collect access events, audit sensitive operations, and diagnose problems in specific scenarios. You can also manage data kanbans and view access data in real time through default dashboards, and configure alert tasks in various scenarios to monitor access status in real time.


  • Simple configuration: collects real-time logs with simple configuration. For more information about how to collect NAS access logs and relevant log fields, see Procedure.
  • Real-time analysis: provides real-time log analysis and an out-of-the-box report center. This allows you to master all operations on important cloud assets and explore details in real time.
  • Real-time alerts: supports quasi-real-time monitoring and alerting based on custom operations to ensure timely response to critical business exceptions.
  • Collaboration: collaborates with other data solutions such as stream computing, cloud storage, and visualization to dig up more data value.
  • Free default configuration: allows you to prolong the storage duration as needed for compliance, tracing, and filing. Log data is stored for seven days by default and can be permanently stored. If log data is stored more than seven days, the minimum storage cost is about USD 0.049/GB/month. For more information about pricing, see Pay-as-you-go.

Limits and instructions

  • Dedicated Logstore

    A dedicated Logstore is created to store NAS access logs. Other data cannot be written to the dedicated Logstore. The query, statistics, alerting, and streaming consumption features of this Logstore are not limited.

  • Network File System (NFS) only

    Currently, only NFS NAS access logs can be analyzed. Other protocol types will be supported in the future.

  • Pay-as-you-go

    The NAS log collection feature is currently in the test phase and is free of charge by default. Your NAS access logs are stored in Log Service for seven days. If you store logs for a longer period, you are charged for the extra storage duration. Log Service supports the pay-as-you-go billing method. For more information about pricing, see Pay-as-you-go.


  • View the read and write operations of each NAS volume

    On the summary dashboard, you can view the number of active volumes, the total amount of read and write traffic, and the number and distribution of creation, deletion, read, and write operations on each volume.

  • View NAS access details

    On the details dashboard, you can view the distribution of operations within different periods, the details of successful or failed operations, and the causes of failure, for example:

    • The trend of data read and write flow, that is, the IP address that writes data, the volume that receives data, and the IP address that reads data.
    • The number and proportion of files accessed on each volume.
    • The queries per second (QPS) for each volume.
    • The total read and write traffic and average traffic of each volume per minute.
    • The IP addresses of clients whose read and write traffic ranks top N.
    • The IP addresses of clients whose operation errors rank top N. This metric is used to identify the source of operation errors.
    • The number of read, write, creation, and deletion operations on hotspot data.
    • The inodes of frequently accessed files.
    • The number of abnormal operations, such as authentication failure and operation failure.
    • The AuthRc and NFSProtocolRc fields that indicate the distribution of operation states.
  • Audit sensitive operations

    On the audit dashboard, you can view your sensitive operations on NAS, such as creating or deleting directories or files, and the files that are most frequently read and written.

  • Search for access logs
    • Run the following statement to search for logs of failed authentication attempts to identify operations with permission exceptions:
      AuthRc > 0
    • Run the following statement to search for logs of failed operations to check incorrect operation results:
      NFSProtocolRc > 0