The log analysis feature collects Internet traffic logs in real time. The feature also retrieves and analyzes the collected logs in real time, and displays the results in various dashboards. This topic describes how to enable the log analysis feature.

Background information

If you cannot determine the traffic situation, you can set the action of the access control policy to Monitor. In this case, the traffic between source addresses and destination addresses is allowed. You can use the log analysis feature to analyze traffic behavior and then change the action of the access control policy to Allow or Deny based on the analysis results.

Limits

The log analysis feature is provided only in the following editions of Cloud Firewall: Premium Edition, Enterprise Edition, and Ultimate Edition.

Procedure

  1. Log on to the Cloud Firewall console.
  2. In the left-side navigation pane, choose Log Analysis > Log Analysis.
  3. On the Log Analysis page, click Upgrade Now.
  4. In the dialog box that appears, click Buy Now.
  5. On the buy page of Cloud Firewall, configure the parameters based on your business requirements. Set Log Analysis to Yes and configure Log Storage.

    Cloud Firewall Premium Edition can store logs for up to 180 days. Cloud Firewall Enterprise Edition and Ultimate Edition can store logs for 7 to 360 days. For more information, see Functions and features.

    For more information about the parameters, see Purchase Cloud Firewall.

    For more information about the billing of the log analysis feature, see Billing.

  6. Click Buy Now and complete the payment.
  7. Go to the Log Analysis page of the Cloud Firewall console, click Log Delivery in the upper-right corner, and then turn on the switches for the traffic logs that you want to collect.

    You can turn on the following switches: internet_log, vpc_firewall_log, dns_firewall_log, ipv6_firewall_log, and nat_firewall_log.

    The log analysis feature collects inbound and outbound Internet traffic logs of Cloud Firewall. The feature also retrieves and analyzes the collected logs in real time.