All traffic that passes through Cloud Firewall is recorded on the Log Audit page. The logs are classified into traffic logs, event logs, and operation logs. You can use these logs to audit your network traffic and take necessary actions. By default, the logs are retained for seven days.
Cloud Firewall also provides the Log Analysis function, which saves log data for six months. If your business must meet classified protection requirements, we recommend that you enable Log Analysis. For more information about the fees of Log Analysis, see Log analysis billing method.
The Event Logs tab displays the logs of events on the Internet and VPC firewalls. You can click the Internet Firewall or VPC Firewall tab to view information about event logs. The information includes the time each event was detected, threat type, direction (inbound or outbound), source IP address, destination IP address, application, severity, and policy action.
The Traffic Logs tab displays the logs of traffic on the Internet and VPC firewalls. You can click the Internet Firewall or VPC Firewall tab to view information about traffic logs. The information includes the time the traffic started and ended, the traffic direction (inbound or outbound), source IP address, destination IP address, source port, application, protocol, policy action, number of bytes, and number of packets.
The name of the policy for traffic that matches an access control policy or IPS policy is displayed in the Policy Name column of the traffic log entry. For traffic that does not match any policy, the Policy Name column is empty.
On the Operation Logs tab, select an option from the Severity drop-down list to filter operation logs of specific severity.
Specify a time range within the last seven days to search for operation logs.