All Products
Search
Document Center

Anti-DDoS:Overview

Last Updated:May 28, 2024

Anti-DDoS Proxy is integrated with Simple Log Service to collect and analyze full logs of website access. Log analysis is a value-added feature. You must enable this feature before you can use it. After you enable the log analysis feature, Simple Log Service collects the access logs of the website that is protected by Anti-DDoS Proxy in real time. Then, you can query and analyze the logs, and view the log reports.

Description of the log analysis feature

The log analysis feature of Anti-DDoS Proxy is provided based on Simple Log Service. You can query and analyze logs in the Anti-DDoS Proxy console. This helps you analyze your website services that are protected by Anti-DDoS Proxy. After you enable the log analysis feature, you can consume and deliver logs by using Simple Log Service. This allows you to manage the website access logs of Anti-DDoS Proxy.

Anti-DDoS Proxy provides two management platforms to collect logs based on the regions of purchased Anti-DDoS Proxy instances. The logs of Anti-DDoS Proxy (Chinese Mainland) instances are managed by using the management platform in the China (Hangzhou) region. Logs are delivered to the China (Hangzhou) region after processing. The logs of Anti-DDoS Proxy (Outside Chinese Mainland) instances are managed by using the management platform in the Singapore region. Logs are delivered to the Singapore region or Indonesia (Jakarta) region based on your configuration. On the Security Overview and Attack Analysis pages, you can view the statistics about the service traffic of and attacks on services that are added to Anti-DDoS Proxy. Anti-DDoS Proxy displays charts and information based on the instances that you purchase in different regions.

For more information about Simple Log Service, see What is Simple Log Service?

Scenarios

You can use the log analysis feature in the following scenarios:

  • Troubleshoot website access issues

    After the log analysis feature is enabled for your website, you can query and analyze logs that are collected from the website in real time. For example, you can use SQL statements to analyze website access logs, use the analysis results to troubleshoot and analyze access issues, and view information such as the read and write latencies and the distribution of access by Internet service provider (ISP).

  • Track HTTP flood attacks

    Website access logs record the sources and distribution of HTTP flood attacks. You can query and analyze access logs in real time to identify the attack sources and track attack events. This helps you choose appropriate mitigation policies. For example, you can analyze the geographical distribution of HTTP flood attacks and query page views (PVs) of your website.

  • Analyze website operations

    Website access logs record information about website traffic in real time. You can use SQL statements to query and analyze logs and obtain real-time information about website operations. For example, you can identify the most visited websites, source IP addresses of the clients, the browsers that initiated the requests, and the distribution of clients to facilitate the analysis of website operations.

Method to calculate the required log storage capacity

In most cases, each request log occupies about 2 KB of storage. If the average queries per second (QPS) of your service is 500, the storage required for a day is 86,400,000 KB (about 82 GB). The storage is calculated based on the following formula: 500 x 60 x 60 x 24 x 2 = 86,400,000. If you want to store logs of the last 180 days, the storage required is 14,832 GB (about 14.5 TB), and you need to specify the Log Storage parameter based on this value. The default log retention period is 180 days.

Log collection description

If the queries per second (QPS) of your service is within the specifications of the Anti-DDoS Pro or Anti-DDoS Premium instance, the system collects logs of all traffic. A smaller volume of traffic results in a higher collection accuracy. If the service traffic spikes, the system automatically adjusts the collection ratio. A larger volume of traffic results in a higher collection ratio.

Billing

The log analysis feature supports only the subscription billing method. For more information, visit the

buy page of log analysis.

Log storage

Unit price for Anti-DDoS Proxy (Chinese Mainland)

(USD per month)

Unit price for Anti-DDoS Proxy (Outside Chinese Mainland)

(USD per month)

3 TB

234

468

5 TB

390

780

10 TB

780

1,560

20 TB

1,560

3,120

50 TB

3,900

7,800

100 TB

7,800

15,600

200 TB

15,600

31,200

500 TB

39,000

78,000

800 TB

62,400

124,800

1000 TB

78,000

156,000

References

Topic

Description

Use the log analysis feature

This topic describes how to enable and use the log analysis feature.

Important

If this is the first time you use the log analysis feature, you must enable and configure the feature by referring to this topic.

Fields included in full logs

This topic describes the fields that are included in the logs of Anti-DDoS Proxy.

Query and analyze logs

This topic describes how to use query statements to query and analyze the logs of Anti-DDoS Proxy.

Query log reports

This topic describes how to use the DDoS Access Center and DDoS Operation Center dashboards that are preset in the log analysis feature.