All traffic that passes through Cloud Firewall is recorded on the Log Audit page. The logs are classified into traffic logs, event logs, and operation logs. You can use these logs to audit your network traffic and take necessary actions. By default, the logs are retained for seven days.

Cloud Firewall also provides the Log Analysis function, which saves log data for six months. If your business must meet classified protection requirements, we recommend that you enable Log Analysis. For more information about the fees of Log Analysis, see Log analysis billing method.

Event logs

The Event Logs tab displays the logs of events on the Internet and VPC firewalls. You can click the Internet Firewall or VPC Firewall tab to view information about event logs. The information includes the time each event was detected, threat type, direction (inbound or outbound), source IP address, destination IP address, application, severity, and policy action.

Event Logs

Event logs
On the Event Logs tab, specify the source IP address, destination IP address, threat type, policy action, or time range to search for event logs.
Note The time range must be within the last seven days.

Traffic logs

The Traffic Logs tab displays the logs of traffic on the Internet and VPC firewalls. You can click the Internet Firewall or VPC Firewall tab to view information about traffic logs. The information includes the time the traffic started and ended, the traffic direction (inbound or outbound), source IP address, destination IP address, source port, application, protocol, policy action, number of bytes, and number of packets.

Traffic logs
On the Traffic Logs tab, specify the source IP address, destination IP address, application, or time range to search for traffic logs.
Note The time range must be within the last seven days.
To search for traffic logs more precisely, click Show Advanced Search next to the search bar and specify search conditions such as Direction, Policy Source, Port, and Region.Advanced search

The name of the policy for traffic that matches an access control policy or IPS policy is displayed in the Policy Name column of the traffic log entry. For traffic that does not match any policy, the Policy Name column is empty.

Operation logs

The Operation Logs tab displays the time, type, severity, and other details about each operation performed in Cloud Firewall.Operation logs

On the Operation Logs tab, select an option from the Severity drop-down list to filter operation logs of specific severity.

Specify a time range within the last seven days to search for operation logs.