All Products
Search
Document Center

Simple Log Service:Usage notes

Last Updated:Aug 03, 2023

Simple Log Service and Anti-DDoS Pro and Anti-DDoS Premium jointly launch the log analysis feature that allows you to collect, query, analyze, transform, and consume website access logs and HTTP flood attack logs in real time. You can use the log analysis feature to troubleshoot website access issues, trace HTTP flood attackers, and analyze website operations. This topic describes the assets, billing, and limits of the log analysis feature.

Alibaba Cloud provides the following anti-DDoS solutions based on the regions where your servers are deployed: Anti-DDoS Pro and Anti-DDoS Premium. In the top navigation bar of the Anti-DDoS console, you can select a region to switch between Anti-DDoS Pro and Anti-DDoS Premium. Anti-DDoS Pro is suitable for scenarios in which your servers are deployed in the Chinese mainland. Anti-DDoS Premium is suitable for scenarios in which your servers are deployed outside the Chinese mainland.

Scenarios

You can use the log analysis feature in the following scenarios:

  • Troubleshoot website access issues

    After the log analysis feature is enabled for your website, you can query and analyze logs that are collected from the website in real time. For example, you can use SQL statements to analyze website access logs, troubleshoot access issues based on the analysis results, and view information such as the read and write latencies and the access distribution by Internet service provider (ISP).

  • Trace HTTP flood attackers

    HTTP flood attack logs record the sources and distribution of HTTP flood attackers. You can query and analyze HTTP flood attack logs in real time to trace the sources of HTTP flood attackers and attack events. This helps you choose appropriate mitigation policies. For example, you can analyze the geographical distribution of HTTP flood attackers and query the page views (PVs) of your website.

  • Analyze website operations

    Website access logs record information about website access in real time. You can use SQL statements to query and analyze the logs and obtain real-time access information. For example, you can identify the most visited websites, access sources and channels, and distribution of clients to facilitate the analysis of website operations.

Benefits

  • Ease of use: The feature allows you to collect Anti-DDoS Pro and Anti-DDoS Premium logs in real time after simple configuration. Log collection is automatically enabled for websites after the websites are added.

  • Real-time analysis: The feature provides real-time log analysis and out-of-the-box dashboards. You can obtain information about the HTTP flood attacks on your website and access to your website.

  • Real-time alerting: The feature supports custom quasi-real-time monitoring and alerting for specific metrics. You can respond to exceptions in critical workloads at the earliest opportunity.

  • High compatibility: The feature is compatible with solutions such as stream computing, cloud storage, and visualization. This allows you to extract more value from your business data.

Assets

  • Dedicated projects and Logstores

    • Anti-DDoS Pro

      After you enable the log analysis feature, Simple Log Service creates a project named ddoscoo-project-Alibaba Cloud account ID-cn-hangzhou and a dedicated Logstore named ddoscoo-logstore by default.

    • Anti-DDoS Premium

      After you enable the log analysis feature, Simple Log Service creates a project named ddosdip-project-Alibaba Cloud account ID-ap-southeast-1 and a Logstore named ddosdip-logstore by default.

    Important
    • Do not delete the projects or Logstores that are related to Anti-DDoS Pro and Anti-DDoS Premium logs. Otherwise, Anti-DDoS Pro and Anti-DDoS Premium logs cannot be sent to Simple Log Service.

    • If you have enabled the pay-by-ingested-data billing mode, Simple Log Service creates a dedicated Logstore that uses the pay-by-ingested-data billing mode by default. If you want to switch the billing mode from pay-by-ingested-data to pay-by-feature, you can modify the configuration of the Logstore. For more information, see Modify the configurations of a Logstore.

  • Dedicated dashboards

    By default, Simple Log Service generates two dashboards after you enable the feature.

    Important

    We recommend that you do not make changes to the dedicated dashboards because the dashboards may be upgraded or updated at any time. You can create a custom dashboard to visualize query results. For more information, see Create a dashboard.

    Dashboard

    Description

    DDoS Operation Center

    Displays the operational statistics of the websites that are protected by Anti-DDoS Pro or Anti-DDoS Premium. The statistics include the valid request ratio, valid traffic, requests and interception, and attacks.

    DDoS Access Center

    Displays the access statistics of the websites that are protected by Anti-DDoS Pro or Anti-DDoS Premium. The statistics include PVs, unique visitors (UVs), inbound traffic, peak inbound network traffic, peak outbound network traffic, access trends, and source distribution.

Billing

  • The fees that are generated for the log analysis feature are included in the bills of Anti-DDoS Pro or Anti-DDoS Premium. For more information, see Billing of the Log Analysis feature.

  • If a dedicated Logstore uses the pay-by-feature billing mode, you are charged for data transformation and data shipping when you transform or ship logs after the logs are collected from Anti-DDoS Pro or Anti-DDoS Premium to Simple Log Service. In addition, you are charged for read traffic over the Internet when you read logs in stream mode. The fees are included in the bills of Simple Log Service. For more information, see Billable items of pay-by-feature.

  • If a dedicated Logstore uses the pay-by-ingested-data billing mode, you are charged only for read traffic over the Internet when you read logs in stream mode. The fees are included in the bills of Simple Log Service. For more information, see Billable items of pay-by-ingested-data.

Limits

  • You can write only Anti-DDoS Pro or Anti-DDoS Premium logs to a dedicated Logstore. No limits are imposed for features such as query, analysis, alerting, and consumption.

  • If you have overdue payments for your Simple Log Service resources, the log analysis feature is automatically stopped. To ensure business continuity, you must settle your overdue payments within the prescribed time limit.

  • You cannot change the log retention period for a dedicated Logstore in the Simple Log Service console. However, you can change the log retention period in the Anti-DDoS Pro console or Anti-DDoS Premium console. You can specify a value that ranges from 30 to 180 days.

  • The available storage of logs must be sufficient. If the log storage is exhausted, new logs cannot be stored.

    Important

    The usage of log storage that is displayed in the Anti-DDoS Pro console or Anti-DDoS Premium console is not updated in real time. The displayed usage does not include the usage from the previous two hours.

  • The log analysis feature must be within the validity period. If you do not renew the feature within seven days after expiration, all Anti-DDoS Pro or Anti-DDoS Premium logs that are stored in Simple Log Service are automatically deleted.