This topic describes how to enable the log collection feature of Web Application Firewall (WAF) for a specified domain in the WAF console. After this feature is enabled, all log data in this domain is automatically stored in the dedicated Logstore of WAF. In this way, you can analyze and query log data in real time.
- WAF is activated and domains are added to WAF for protection.
- Log Service is activated.
- Log on to the Web Application Firewall console.
- In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
- In the left-side navigation pane, choose .
- Optional:If you configure the log collection feature for the first time, click Authorize and follow the instructions on the Log Service page to authorize WAF to write all log data to your dedicated Logstore.
- Select the target domain and turn on Status next to the domain.The log collection feature is enabled for the domain. A dedicated project and a dedicated Logstore are automatically created by Log Service under your Alibaba Cloud account. WAF automatically imports logs from the domains with the log collection feature enabled to this Logstore.
Dedicated project and Logstore
The following table describes default configurations of a dedicated project and a dedicated Logstore.
|Project||A project is created by default. The project name is determined based on the region
of your WAF instance.
|Logstore||The Logstore named
All log data collected by the WAF log collection feature is stored in this Logstore.
|Shard||Two shards are created by default, with the automatic sharding feature enabled. For more information, see Manage shards.|
|Dashboard||Three dashboards are created by default:
For more information, see Enable log analysis.
- Only log data of WAF can be written into this Logstore.
Log data of WAF is stored in this Logstore. Other data cannot be written into this Logstore, whether by calling API operations or using SDKs.Note The Logstore has no limits on features such as queries, statistics, alerts, and streaming consumption.
- The Logstore is not billed.
To use the Logstore, you must activate Log Service for your Alibaba Cloud account.Note When your Log Service is overdue, the log collection feature of WAF is suspended until you pay the overdue bills.
- Do not delete or modify configurations of the default project, Logstore, index, and dashboards created in Log Service. Log Service automatically updates data from the log query and analysis function of WAF, the index of the Logstore, and the default reports.
- A RAM user can use the log query and analysis service of WAF only after the Log Service permissions are granted to the RAM user. For more information, see Grant log query and analysis permissions to a RAM user.