Anti-DDoS Pro and Anti-DDoS Premium integrate with Alibaba Cloud Simple Log Service to provide a log analysis feature for full logs. The log analysis feature is a value-added service that you must enable before you can use it. After you enable the feature, Simple Log Service collects access logs in real time from websites protected by Anti-DDoS Pro and Anti-DDoS Premium. You can then use the collected log data to query and analyze logs and view log reports.
What is the log analysis feature
The log analysis feature for Anti-DDoS Pro and Anti-DDoS Premium is based on Simple Log Service. It provides a page for log query and analysis in the Anti-DDoS Pro console. This helps you analyze your website services that are protected by Anti-DDoS Pro and Anti-DDoS Premium. After you enable the full logs feature, you can also use the log consumption and delivery features of Simple Log Service to manage all website access logs.
Anti-DDoS Pro and Anti-DDoS Premium products use different management platforms to collect logs based on the product region. On the Security Overview and Attack Analysis pages, you can view statistics about service traffic and attacks for services added to Anti-DDoS Pro and Anti-DDoS Premium. Charts and information are displayed based on the products that you purchase in different regions.
Anti-DDoS Pro and Anti-DDoS Premium products for the Chinese mainland are managed by the platform in the China (Hangzhou) region. After logs are processed, they are delivered to the China (Hangzhou) region.
Anti-DDoS Pro and Anti-DDoS Premium products for regions outside the Chinese mainland are managed by the platform in the Singapore region. After logs are processed, they can be delivered to Singapore, Indonesia (Jakarta), US (Virginia), China (Hong Kong), UK (London), Germany (Frankfurt), Japan (Tokyo), or Malaysia (Kuala Lumpur). You can specify the delivery region.
For more information about Simple Log Service, see What is Simple Log Service?.
Scenarios
The full log analysis feature of Anti-DDoS Pro and Anti-DDoS Premium addresses the following requirements:
Troubleshoot website access issues
After you enable log collection for your website, you can query and analyze the collected logs in real time. For example, you can use SQL statements to analyze website access logs, quickly troubleshoot access issues, and view information such as read and write latencies and carrier distribution.
Track the sources of CC attacks
Website access logs record the distribution and sources of CC attacks. By querying and analyzing access logs in real time, you can track the sources of CC attacks and trace attack events. This provides a reference for your response policies. For example, you can analyze the country distribution of CC attackers and query page views (PVs).
Website operational analysis
Website access logs record access data in real time. You can run SQL queries to analyze the collected log data and obtain real-time access information. For example, you can determine website popularity, access sources and channels, and client distribution to assist with website operation analysis.
How to calculate the required log storage capacity
Each request log uses about 2 KB of storage. For example, if your service averages 500 queries per second (QPS), you need about 82 GB of storage per day. The calculation is: 500 × 60 × 60 × 24 × 2 = 86,400,000 KB. The default log retention period is 180 days. To store logs for the last 180 days, you need a log storage capacity of 14,832 GB (about 14.5 TB).
Log collection description
If the queries per second (QPS) of your service is within the specifications of the Anti-DDoS Pro or Anti-DDoS Premium instance, the system collects logs of all traffic. A smaller volume of traffic results in a higher collection accuracy. If the service traffic spikes, the system automatically adjusts the collection ratio. A larger volume of traffic results in a higher collection ratio.
Billing information
The log analysis feature supports only the subscription billing method. For specific pricing, see the buy page of the log analysis instance.
Log storage capacity | Unit price for Anti-DDoS Pro and Anti-DDoS Premium (the Chinese mainland)(USD/month) | Unit price for Anti-DDoS Pro and Anti-DDoS Premium (outside the Chinese mainland)(USD/month) |
3 TB | 234 | 468 |
5 TB | 390 | 780 |
10 TB | 780 | 1,560 |
20 TB | 1,560 | 3,120 |
50 TB | 3,900 | 7,800 |
100 TB | 7,800 | 15,600 |
200 TB | 15,600 | 31,200 |
500 TB | 39,000 | 78,000 |
800 TB | 62,400 | 124,800 |
1000 TB | 78,000 | 156,000 |
References
Document | Description |
Describes how to enable and use the log analysis feature. Important If this is the first time you use the log analysis feature, you must enable and configure the service by following the instructions in this document. | |
Describes the fields that are included in the log data of Anti-DDoS Pro and Anti-DDoS Premium. | |
Describes how to use query statements to query and analyze the log data of Anti-DDoS Pro and Anti-DDoS Premium. | |
Describes how to use the preset dashboard charts provided by the log analysis feature, including the DDoS Operation Center and DDoS Access Center. |