All Products
Search
Document Center

Anti-DDoS:Query advanced mitigation logs

Last Updated:Feb 22, 2024

If advanced mitigation sessions are provided free of charge for your instance, or if you purchased global advanced mitigation sessions, you can view the usage of the sessions on the Adv. Mitigation Logs page. This topic describes how to query advanced mitigation logs.

Instance types that support advanced mitigation sessions

Anti-DDoS Pro instances of the Advanced mitigation plan, Anti-DDoS Premium instances of the Insurance mitigation plan, Anti-DDoS Premium instances of the Secure Chinese Mainland Acceleration (Sec-CMA) mitigation plan, and Anti-DDoS Premium instances of the Sec-CMA (Basic) mitigation plan.

Prerequisites

An Anti-DDoS Pro or Anti-DDoS Premium instance is purchased. For more information, see Purchase an Anti-DDoS Pro or Anti-DDoS Premium instance.

Procedure

  1. Log on to the Anti-DDoS Pro console.

  2. In the top navigation bar, select the region of your asset.

    • Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.

    • Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.

    You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.

  3. In the left-side navigation pane, choose Investigation > Adv. Mitigation Logs.

  4. On the Adv. Mitigation Logs page, select the instance that you want to manage and the time range during which you want to query the logs.

    You can query the advanced mitigation logs within the last 90 days on the Adv. Mitigation Logs page.

    Parameter

    Description

    Protection Time

    The time range during which a DDoS attack event occurred.

    Instance

    The ID of the instance to which the attacked asset assigned a public IP address is added.

    Peak Volume

    The peak bandwidth of the DDoS attack.

    Included Events

    The number of blackhole filtering events or scrubbing events that occurred during the time range of the DDoS attack.

    Status

    Indicates whether a session is used to protect your service against the DDoS attack.

    • Used: The attack ended. A session is used to protect your service.

    • In Use: The attack continues. A session is being used to protect your service.

    Actions

    If a DDoS attack event occurred within the last 30 days, you can click View Events to go to the Attack Analysis page to view the details of the DDoS attack event. For more information, see View information on the Attack Analysis page.

    Note

    If a DDoS attack event occurred 30 days ago or earlier, the View Events button is dimmed, and you cannot view the details of the DDoS attack event.