This topic describes how to enable the log collection feature of Web Application Firewall (WAF) for a specified domain in the WAF console. After this feature is enabled, all log data in this domain is automatically stored in the dedicated Logstore of WAF. In this way, you can analyze and query log data in real time.
Prerequisites
- WAF is activated and domains are added to WAF for protection.
- Log Service is activated.
Background information
Procedure
Dedicated project and Logstore
The following table describes default configurations of a dedicated project and a dedicated Logstore.
Item | Description |
---|---|
Project | A project is created by default. The project name is determined based on the region
of your WAF instance.
|
Logstore | The Logstore named waf-logstore is created by default.
All log data collected by the WAF log collection feature is stored in this Logstore. |
Region |
|
Shard | Two shards are created by default, with the automatic sharding feature enabled. For more information, see Manage shards. |
Dashboard | Three dashboards are created by default:
For more information, see Enable log analysis. |
- Only log data of WAF can be written into this Logstore.
Log data of WAF is stored in this Logstore. Other data cannot be written into this Logstore, whether by calling API operations or using SDKs.Note The Logstore has no limits on features such as queries, statistics, alerts, and streaming consumption.
- The Logstore is not billed.
To use the Logstore, you must activate Log Service for your Alibaba Cloud account.Note When your Log Service is overdue, the log collection feature of WAF is suspended until you pay the overdue bills.
- Do not delete or modify configurations of the default project, Logstore, index, and dashboards created in Log Service. Log Service automatically updates data from the log query and analysis function of WAF, the index of the Logstore, and the default reports.
- A RAM user can use the log query and analysis service of WAF only after the Log Service permissions are granted to the RAM user. For more information, see Grant log query and analysis permissions to a RAM user.