All the traffic that passes through Cloud Firewall is recorded as logs and displayed on the Log Audit page. The logs are classified into traffic logs, event logs, and operation logs. You can use the logs to audit all traffic in real time and take specific measures on suspicious traffic. Cloud Firewall retains the logs for seven days.
Cloud Firewall also provides the log analysis feature, which allows you to set Log Storage Period to a value that ranges from 30 to 365. If your business must meet classified protection requirements, we recommend that you enable the log analysis feature. For more information about the billing of the log analysis feature, see Billing.
The Event Logs tab displays the logs of events on both the Internet firewall and Virtual Private Cloud (VPC) firewalls. On the Event Logs tab, you can click the Internet Firewall or VPC Firewall tab to view the information about event logs. The information includes the time an event was detected, threat type, source IP address, destination IP address, application type, severity, and policy action.
The Traffic Logs tab displays the logs of traffic on both the Internet firewall and VPC firewalls. On the Traffic Logs tab, you can click the Internet Firewall or VPC Firewall tab to view the information about traffic logs. The information includes the start time and end time of traffic, source IP address, destination IP address, application type, source port, application, protocol, policy action, number of bytes, and number of packets.