This topic describes how to enable log collection for a specific domain name in the Web Application Firewall (WAF) console. You must enable log collection before you can use the Log Service for WAF feature. After you enable log collection, all the log data of the specified domain name is automatically stored in the dedicated Logstore for WAF. Then, you can analyze and query the log data in real time.
- Log on to the Web Application Firewall console.
- In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
- In the left-side navigation pane, choose .
- Optional:If this is your first time to enable log collection, click Authorize. Then, follow the instructions on the page and authorize WAF to write all log data to the dedicated Logstore for WAF.
- Select the domain name for which you want to enable log collection and turn on Status next to the domain name.
Log collection is enabled for the domain name. Log Service automatically creates a dedicated project and a dedicated Logstore for your Alibaba Cloud account. WAF automatically writes all the log data of the domain name to this Logstore.
Dedicated project and Logstore for WAF
The following table describes the default items that Log Service creates for your WAF instance after you enable the Log Service for WAF feature.
|Project||Log Service automatically creates a dedicated project for your WAF instance. The project
name is determined based on the region of your WAF instance.
|Logstore||Log Service automatically creates a dedicated Logstore for your WAF instance. The
Logstore is named
All the log data collected by WAF is stored in this Logstore.
|Shard||Log Service automatically creates two shards for your WAF instance and enables the automatic sharding feature. For more information, see Manage shards.|
|Dashboard||Log Service automatically creates the following three dashboards for your WAF instance:
For more information about dashboards, see Enable log analysis.
- Only the log data of WAF can be written into the dedicated Logstore.
The log data of WAF is stored in the dedicated Logstore. Other data cannot be written into this dedicated Logstore, regardless of whether API operations are called or SDKs are used.Note The dedicated Logstore has no limits on features such as queries, statistics, alerting, or streaming consumption.
- The dedicated Logstore is not billed.
To use the dedicated Logstore, you must activate Log Service for your Alibaba Cloud account.Note If your Log Service bill is overdue, log collection of WAF is suspended until you pay the bill.
- Do not delete or modify the configurations of the default project, Logstore, index, and dashboards created by Log Service. The log query and analysis service of WAF is automatically updated and upgraded with Log Service on an irregular basis. Log Service also updates the index of the dedicated Logstore and the default dashboards.
- A RAM user can use the log query and analysis service of WAF only after the permissions on Log Service are granted to the RAM user. For more information, see Grant log query and analysis permissions to a RAM user.