Web Application Firewall (WAF) integrates Log Service to provide the Log Service for WAF feature. The feature collects logs of websites protected by WAF in a near-real-time manner and displays the results on dashboards. Then, you can query and analyze the collected log data. This feature helps meet the classified protection requirements for your website as well as your requirements for optimized operations and protection. This topic describes how to enable the Log Service for WAF feature.

Prerequisites

  • A WAF subscription instance of the Pro edition or higher is purchased.

    For more information, see Purchase a WAF instance.

  • Your website is added to WAF.

    Before you enable the Log Service for WAF feature, we recommend that you add your website to WAF. If your website is not added to WAF, WAF does not generate logs for your website. For more information about how to add domain names to WAF, see Tutorial.

  • Log Service is activated.

    If you log on to the Log Service console for the first time, you must activate Log Service as prompted.

Procedure

  1. Log on to the Web Application Firewall console.
  2. In the top navigation bar, select the resource group and region to which the WAF instance belongs. The region can be Mainland China or International.
  3. In the left-side navigation pane, choose Log Management > Log Service.
  4. Optional:On the Log Service page, click Upgrade and complete the upgrade as prompted.
    Note If the Log Service for WAF feature is enabled, skip this step.

    Upgrade procedure:

    1. On the Upgrade/Downgrade page, enable Log Service. Then, configure Log Storage Period and Log Storage Size based on your business requirements.
      For more information about the parameters that are related to the Log Service for WAF feature, see Purchase a WAF instance.
    2. Click Buy Now and complete the payment.
  5. Optional:Authorize WAF to access the required cloud services.
    WAF needs to access Log Service to store WAF logs and provide log query and analysis services. Before you can use the Log Service for WAF feature, you must authorize WAF to access the required cloud services.
    Notice You need only to perform the authorization operation once. After the authorization is complete, Alibaba Cloud automatically creates the AliyunServiceRoleForWAF service-linked role. This role allows WAF to access the required cloud services. If the role has been created, you do not need to perform the authorization operation. You can view the service-linked role on the RAM Roles page of the RAM console. For more information, see Authorize WAF to access cloud services.

    Authorization procedure:

    1. On the Log Service page, click Authorize Now.
    2. In the Tips message, click OK.

What to do next

After the Log Service for WAF feature is enabled, you must enable log collection for the required domain name that is added to WAF. Then, WAF can store logs related to the domain name and provide query and analysis services. For more information about how to enable log collection, see Enable log collection.