After you enable the log analysis feature, adjust the log storage configurations if the default settings for Cloud Firewall log analysis do not meet your business requirements. You can modify the log types collected, the log delivery region, and the storage duration of logs to align your log management solution with your business strategy.
Prerequisites: Before performing the following operations, ensure that you have enabled the log analysis feature. For more information, see Enable the log analysis feature.
Access the console: Log on to the Cloud Firewall console. In the navigation pane on the left, choose .
Set log collection types
Cloud Firewall supports collecting the following traffic logs:
Internet traffic logs
Attack event logs: Traffic logs that match the intrusion prevention rules of Internet firewalls.
Access control logs: Traffic logs that match the access control policy of Internet firewalls.
Other traffic logs: Other traffic logs that pass through Internet firewalls.
VPC traffic logs
Attack event logs: Traffic logs that match the intrusion prevention rules of VPC firewalls.
Access control logs: Traffic logs that match the access control policy of VPC firewalls.
Other traffic logs: Other traffic logs that pass through VPC firewalls.
DNS traffic logs: All traffic logs that pass through DNS firewalls.
IPv6 traffic logs: Traffic logs that match the IPv6 access control policy of Internet firewalls.
NAT traffic logs: All traffic logs that pass through NAT firewalls.
Modify the log types collected by Cloud Firewall: In the upper-right corner of the Log Analysis page, click Log Delivery to modify the delivery switch for each log type.
If you disable the delivery switch for a log type, Cloud Firewall stops collecting logs of that type. The system does not automatically delete the corresponding Project or the delivered logs.
Modify log storage region
By default, logs collected by log analysis are stored in the Singapore region. If your business is not deployed in this region, cross-region log synchronization fees or data integration issues may occur. To resolve this, change the log storage region to the region where your business is located or to a nearby region.
Before switching the log analysis delivery region, note the following:
Switching creates a new log Project and deletes the original log Project. To retain the original logs, back them up manually.
The switching process takes approximately 5 to 10 minutes. Do not perform other log-related operations during this time.
Logs are not delivered or stored during the switch. We recommend performing the switch during off-peak business hours.
Procedure: In the upper-right corner of the Log Analysis page, click Log Settings. Then, configure the Log Delivery Mode and Delivery Region.
Log Delivery Mode: Supports Single-Region Shipping and Dual-Region Delivery. The Single-Region Shipping mode is used by default. If you have assets in multiple regions, both in the Chinese mainland and outside the Chinese mainland, and need to meet log compliance requirements, select the Dual-Region Delivery mode. After enabling Dual-Region Delivery, configure the storage capacity and storage duration independently for each region.
ImportantWhen you select Dual-Region Delivery, the log storage capacity allocated to each region must be at least 1 TB.
The legacy pay-as-you-go 1.0 billing method does not support this feature. To use this feature, upgrade to the new billing method.
You can switch delivery modes only three times per month.
Delivery Region: Select the log delivery region from the list of supported regions.
Modify log storage duration
The default storage duration of logs is 180 days. Logs older than this period are automatically deleted and cannot be recovered. Adjust the storage duration based on your log storage capacity and business needs. The supported range is 7 to 730 days.
When log storage capacity reaches its limit, the system stops collecting new logs. Set the storage duration of logs appropriately and regularly monitor storage usage.
After you modify the storage duration of logs, the Cloud Firewall log analysis service retains logs only within the specified duration and automatically deletes logs that exceed this duration. The automatic deletion operation usually completes within 1 to 2 hours. For example, if you adjust the storage duration of logs from 180 days to 30 days, logs older than 30 days are automatically deleted after the configuration takes effect.
Procedure: In the upper-right corner of the Log Analysis page, click Log Settings. Then, modify the settings in the Storage Duration area.
Storage capacity expansion
To prevent new logs from failing to write to Logstore because the log storage space is full—which can lead to incomplete log data—regularly monitor your log storage space usage.
View storage usage: In the upper-right corner of the Log Analysis page, view the storage usage.
The log storage usage displayed on this page is not updated in real time and has a two-hour delay compared to actual usage. Therefore, when log storage space is almost full, upgrade the capacity or purge logs in advance.
Storage capacity expansion: In the upper-right corner of the Log Analysis page, click Adjust Capacity. Select a larger log storage capacity specification and complete the payment for the expansion fee. If you selected the Dual-Region Delivery mode, manually allocate the capacity to the specified delivery region after upgrading the storage capacity.
Purge existing logs: In the upper-right corner of the Log Analysis page, click Delete All Logs. Then, click OK in the dialog box that appears. Purging logs takes approximately 1 to 2 hours.
WarningLogs cannot be recovered after they are purged. Use the purge feature with caution.
After enabling the Cloud Firewall log service, you get four opportunities to purge log storage space. Each time you renew the Cloud Firewall service, the opportunities to purge log storage space are refreshed, meaning you regain four opportunities.