After you enable the Log Service for WAF feature, you can enable log collection for domain names that are added to Web Application Firewall (WAF). After you enable log collection for domain names, the Log Service for WAF feature automatically stores logs of the domain names in the dedicated Logstore for WAF. You can query and analyze the collected log data. This topic describes how to enable log collection for domain names.

Prerequisites

  • The Log Service for WAF feature is enabled. For more information, see Enable Log Service for WAF.
  • The domain names of your website are added to WAF. For more information, see Tutorial.

Background information

Log Service for WAF stores only the logs of the domain names for which log collection is enabled.

After you enable log collection for a domain name, the Log Service for WAF feature automatically stores the logs of the domain name based on the following default configurations.

Default configuration Modification
By default, the Log Service for WAF feature stores all logs of domain names, including the logs that are generated when WAF allows and blocks requests. Supported. You can modify the default configuration to store only the logs that are generated when WAF blocks requests.
By default, logs are stored for 180 days. Supported. You can change the log storage duration. Valid values: 30 to 360. Unit: days.
Notice You can change the log storage duration for subscription WAF instances that run Business or a higher edition.
By default, WAF logs contain all required fields and some optional fields. For more information, see Log fields supported by WAF. Supported. You can modify the default configuration to adjust the optional fields that are included in WAF logs.

For more information about how to modify the default configurations, see Modify log settings.

Procedure

  1. Log on to the Web Application Firewall console.
  2. In the top navigation bar, select the resource group and region to which the WAF instance belongs. The region can be Mainland China or International.
  3. In the left-side navigation pane, choose Log Management > Log Service.
  4. Select a domain name from the domain name drop-down list and turn on Status to enable log collection for the domain name. Turn on Status
    The domain name drop-down list contains only the domain names that are protected by WAF. If the domain name that you want to select is not added to WAF, add the domain name. For more information, see Tutorial.
    After you enable log collection for the domain name that you select, the Log Service for WAF feature automatically collects the logs of the domain name and stores the logs in the dedicated Logstore. You can repeat the preceding steps to enable log collection for other domain names.

What to do next

After you enable log collection for the domain names, you can query and analyze the collected log data on the Log Service page. For more information, see Query and analyze logs.