The log analysis feature of Alibaba Cloud Anti-DDoS Pro and Anti-DDoS Premium allows you to query, analyze, transform, and consume website access logs and HTTP flood attack logs in real time. You can use the log analysis feature to troubleshoot website access errors, trace HTTP flood attacks, and analyze website operations. This topic describes the assets, billing, and limits of the log analysis feature.

Alibaba Cloud provides the following two Anti-DDoS solutions based on the regions where your servers are deployed: Anti-DDoS Pro and Anti-DDoS Premium. In the top navigation bar of the Anti-DDoS Pro console, you can select a region where the servers of Anti-DDoS Pro or Anti-DDoS Premium are deployed. Anti-DDoS Pro applies to scenarios where servers are deployed in mainland China. Anti-DDoS Premium applies to scenarios where servers are deployed outside mainland China.

Assets

  • Dedicated projects and dedicated Logstores
    • Anti-DDoS Pro

      After you enable the log analysis feature of Anti-DDoS Pro, Log Service creates a project named ddoscoo-project-Alibaba Cloud account ID-cn-hangzhou and a Logstore named ddoscoo-logstore.

    • Anti-DDoS Premium

      After you enable the log analysis feature of Anti-DDoS Premium, Log Service creates a project named ddosdip-project-Alibaba Cloud account ID-ap-southeast-1 and a Logstore named ddoscoo-logstore.

  • Dedicated dashboards
    After you enable the log analysis feature of Anti-DDoS Pro or Anti-DDoS Premium, Log Service generates two dashboards by default.
    Note We recommend that you do not make changes to the dedicated dashboards because this may affect the usability of the dashboards. You can manually create a dashboard to visualize log analysis results. For more information, see Create a dashboard.
    Dashboard Description
    DDoS Operation Center Shows the operational statistics of the websites that are protected by Anti-DDoS Pro or Anti-DDoS Premium.
    DDoS Access Center Shows the access statistics of the websites that are protected by Anti-DDoS Pro or Anti-DDoS Premium.

Billing

You are billed for the log analysis feature when you enable the log analysis feature in the Anti-DDoS Pro or Anti-DDoS Premium console. You are also billed when you transform logs, ship logs, and read data from the Internet in the Log Service console. For more information, see Log Service pricing.

Limits

  • You can write only Anti-DDoS log data to a dedicated Logstore.
  • If you have overdue payments for your Log Service resources, the log analysis feature is automatically stopped. To ensure service continuity, you must pay your overdue payment within the prescribed time limit.
  • You cannot delete a dedicated Logstore or modify its data retention period in the Log Service console. You can modify the data retention period only in the Anti-DDoS Pro or Anti-DDoS Premium console. You can specify a retention period. The retention period must be between 30 and 180 days.
  • If the storage space of a dedicated Logstore is full, no more logs can be written to the Logstore.
    Note You can view the usage of log storage space in the Anti-DDoS Pro or Anti-DDoS Premium console. However, the usage is not updated in real time. The storage space usage displayed is delayed for two hours.
  • The log analysis feature must be within the validity period. If you do not renew the feature within seven days after expiration, all logs stored in the dedicated Logstore are automatically deleted.

Benefits

  • Simple configuration: You can perform a few simple steps to enable the analysis feature and start to collect Anti-DDoS logs in real time. After you add a website to an Anti-DDoS instance, logs of the website are automatically collected.
  • Real-time analysis: Based on Log Service, the log analysis feature provides real-time analysis and log reports of HTTP flood attacks and access details.
  • Real-time alerts: The log analysis feature can be used to monitor specified indicators and send alerts in real time. This helps you resolve business exceptions at the earliest opportunity.
  • High compatibility: The log analysis feature is compatible with other data solutions such as stream processing, cloud storage, and visualization. This allows you to maximize the value of your business data.