Anti-DDoS Proxy is integrated with Simple Log Service to collect and analyze full logs of website access. Log analysis is a value-added feature. You must enable this feature before you can use it. After you enable the log analysis feature, Simple Log Service collects the access logs of the website that is protected Anti-DDoS Proxy in real time. Then, you can query and analyze the logs, and view the log reports.
Description of the log analysis feature
The log analysis feature of Anti-DDoS Proxy is provided based on Simple Log Service. You can query and analyze logs in the Anti-DDoS Proxy console. This helps you analyze your website services that are protected by Anti-DDoS Proxy. After you enable the log analysis feature, you can consume and deliver logs by using Simple Log Service. This allows you to manage the website access logs of Anti-DDoS Proxy.
Anti-DDoS Proxy provides two management platforms to collect logs based on the regions of purchased Anti-DDoS Proxy instances. The logs of Anti-DDoS Proxy (Chinese Mainland) instances are managed by using the management platform in the China (Hangzhou) region. The logs of Anti-DDoS Proxy (Outside Chinese Mainland) instances are managed by using the management platform in the Singapore region. On the Security Overview and Attack Analysis pages, you can view the statistics about the service traffic of and attacks on services that are added to Anti-DDoS Proxy. Anti-DDoS Proxy displays charts and information based on the instances that you purchase in different regions.
For more information about Simple Log Service, see What is Simple Log Service?
Scenarios
You can use the log analysis feature in the following scenarios:
Troubleshoot website access issues
After the log analysis feature is enabled for your website, you can query and analyze logs that are collected from the website in real time. For example, you can use SQL statements to analyze website access logs and use the analysis results to troubleshoot and analyze access issues, and view information such as the read and write latencies and the distribution of access by Internet service provider (ISP).
Track HTTP flood attacks
Website access logs record the sources and distribution of HTTP flood attacks. You can query and analyze access logs in real time to identify the attack sources and track attack events. This helps you choose appropriate mitigation policies. For example, you can analyze the geographical distribution of HTTP flood attacks and query page views (PVs) of your website.
Analyze website operations
Website access logs record information about website traffic in real time. You can use SQL statements to query and analyze logs and obtain real-time information about website operations. For example, you can identify the most visited websites, source IP addresses of the clients, the browsers that initiated the requests, and the distribution of clients to facilitate the analysis of website operations.
Method to calculate the required log storage capacity
In most cases, each request log occupies about 2 KB of storage. If the average queries per second (QPS) of your service is 500, the storage required for a day is 86,400,000 KB (about 82 GB). The storage is calculated based on the following formula: 500 x 60 x 60 x 24 x 2 = 86,400,000. If you want to store logs of the last 180 days, the storage required is 14,832 GB (about 14.5 TB), and you need to specify the Log Storage parameter based on this value. The default log retention period is 180 days.
Log collection description
If the queries per second (QPS) of your service is within the specifications of the Anti-DDoS Pro or Anti-DDoS Premium instance, the system collects logs of all traffic. A smaller volume of traffic results in a higher collection accuracy. If the service traffic spikes, the system automatically adjusts the collection ratio. A larger volume of traffic results in a higher collection ratio.
Billing
The log analysis feature supports only the subscription billing method. For more information, visit the buy page of log analysis.
Log Storage | Unit price for Anti-DDoS Proxy (Chinese Mainland) (USD per month) | Unit price for Anti-DDoS Proxy (Outside Chinese Mainland) (USD per month) |
3 TB | 234 | 468 |
5 TB | 390 | 780 |
10 TB | 780 | 1,560 |
20 TB | 1,560 | 3,120 |
50 TB | 3,900 | 7,800 |
100 TB | 7,800 | 15,600 |
200 TB | 15,600 | 31,200 |
500 TB | 39,000 | 78,000 |
800 TB | 62,400 | 124,800 |
1000 TB | 78,000 | 156,000 |
References
Topic | Description |
This topic describes how to enable and use the log analysis feature. Important If this is the first time you use the log analysis feature, you must enable and configure the feature based on this topic. | |
This topic describes the fields that are included in the logs of Anti-DDoS Proxy. | |
This topic describes how to use query statements to query and analyze the logs of Anti-DDoS Proxy. | |
This topic describes how to use the DDoS Access Center and DDoS Operation Center dashboards that are preset in the log analysis feature. |