When you purchase the Anti-DDoS Pro service, the log collection function is automatically enabled. You can disable or re-enable the log collection function of the specified website.
Log Service can collect website access logs and HTTP flood attack logs of Alibaba Cloud Anti-DDoS Pro in real time. Log Service also supports real-time retrieval and analysis of the collected log data and displays the query results in the form of dashboards. By analyzing the access and attack activities in real time through logs, Log Service helps the security department set protection policies.
- Log on to the Anti-DDoS Pro console, and choose in the left-side navigation pane.
- Select the website for which you want to enable log collection, turn on or off the
Status switch.By default, log collection is enabled when you purchase Anti-DDoS Pro. This function is also enabled for newly added websites.
Log Service automatically creates an exclusive project and an exclusive Logstore under your account. The Anti-DDoS Pro logs of all websites that have log collection enabled are imported to this exclusive Logstore. For more information about the default configurations of the exclusive project and Logstore, see the following table.
Table 1. Default configuration Default configuration item Description Project By default, a project is created. The name of the project is
ddoscoo-project-Alibaba Cloud account ID-cn-hangzhou.
Logstore By default, a Logstore is created. The name of the Logstore is
All log entries generated by the Anti-DDoS Pro log collection function are stored in this Logstore.
Region By default, the project is created under the China (Hangzhou) region. Shard By default, two shards are created and the automatic shard splitting function is enabled. Log TTL A log entry can be stored for 30 days. After 30 days, the log entry is automatically deleted. Log storage capacity You can purchase the storage capacity of the exclusive Logstore based on your business requirements. The maximum storage capacity is 1,000 TB, and log entries can be stored for up to 180 days. Dashboard By default, the following dashboards are created:
- Access center: displays website access metrics, client distribution, traffic, and performance data.
- Operations and maintenance center: displays attack status and operational metrics such as PV, UV, and success rate.
You can query and analyze collected log entries in real time on the Log Service page. For more information about log fields, see Log fields. In addition, apart from the operations and maintenance center and access center that are created by Log Service, you can also customize a dashboard.
What to do next
- Click Search & Analysis to query and analyze the collected log data.
- Click Log Reports to view built-in log reports.
- Click Advanced Management to go to the Log Service console. You can query log data, collect statistics, consume streaming data, and set alerts for the collected log data.