Anti-DDoS Pro and Anti-DDoS Premium are integrated with Alibaba Cloud Log Service to collect and analyze full logs of website access. Log Analysis is a value-added feature. You must enable this feature before you can use it. After you enable Log Analysis, Log Service collects the access logs of the website that is protected by Anti-DDoS Pro or Anti-DDoS Premium in real time. Then, you can query and analyze the logs, and view the log reports.

Description of Log Analysis

The Log Analysis feature of Anti-DDoS Pro or Anti-DDoS Premium is provided based on Log Service. You can query and analyze logs in the Anti-DDoS Pro console. This helps you analyze your website services that are protected by Anti-DDoS Pro or Anti-DDoS Premium. After you enable Log Analysis, you can consume and deliver logs by using Log Service. This allows you to manage the website access logs of Anti-DDoS Pro or Anti-DDoS Premium.

For more information about Log Service, see What is Log Service?.

Scenarios

You can use Log Analysis in the following scenarios:
  • Troubleshoot website access issues

    After Log Analysis is enabled for your website, you can query and analyze logs that are collected from the website in real time. For example, you can use SQL statements to analyze website access logs and use the analysis results to troubleshoot and analyze access issues, and view information, such as the read and write latencies and the distribution of Internet service providers (ISPs).

  • Track HTTP flood attacks

    Website access logs record the sources and distribution of HTTP flood attacks. You can query and analyze access logs in real time to identify the attack sources and track attack events. This helps you choose appropriate protection policies. For example, you can analyze the geographical distribution of HTTP flood attacks and query page views (PVs) of your website.

  • Analyze website operations

    Website access logs record information about website traffic in real time. You can use SQL statements to query and analyze logs and obtain real-time information about website operations. For example, you can identify the most visited websites, source IP addresses of the clients, the browsers that initiated the requests, and the distribution of clients to facilitate the analysis of website operations.

Billing

Log Analysis supports only the subscription billing method. For more information, visit the buy page of Log Analysis.

References

Topic Description
Quick start This topic describes how to enable and use Log Analysis.
Notice If this is the first time you use Log Analysis, you must enable and configure the feature based on this topic.
Fields supported by full log This topic describes the fields that are included in the logs of Anti-DDoS Pro or Anti-DDoS Premium.
Query and analyze logs This topic describes how to use query and analysis statements to query and analyze the logs of Anti-DDoS Pro or Anti-DDoS Premium.
Query log reports This topic describes how to use the DDoS Access Center and DDoS Operation Center dashboards that are preset in Log Analysis.