All the traffic that passes through Cloud Firewall is recorded as logs and displayed on the Log Audit page. The logs are classified into traffic logs, event logs, and operations logs. You can use the logs to audit your network traffic in real time and take measures accordingly. By default, the log audit feature retains logs for seven days.
Cloud Firewall also provides the log analysis feature, which can retain logs for six months. If your business must meet classified protection requirements, we recommend that you enable the log analysis feature. For information about the billing method of the log analysis feature, see Billing.
The Event Logs tab displays the logs of events on the Internet firewall and VPC firewalls. You can click the Internet Firewall or VPC Firewall tab to view information about event logs. The information includes the time an event was detected, the threat type, source IP address, destination IP address, application, severity, and policy action.
The Traffic Logs tab displays the logs of traffic on the Internet firewall and VPC firewalls. You can click the Internet Firewall or VPC Firewall tab to view information about traffic logs. The information includes the start time and end time of traffic, source IP address, destination IP address, application type, source port, application, protocol, policy action, number of bytes, and number of packets.
On the Operation Logs tab, you can select an option from the Severity drop-down list to obtain operations logs of a specific severity.
You can also specify a time range within the last seven days to search for operations logs.