All the traffic that passes through Cloud Firewall is recorded in logs, and the logs are displayed on the Log Audit page. The logs are classified into traffic logs, event logs, and operation logs. You can use the logs to audit all traffic in real time and detect suspicious traffic.
Cloud Firewall provides the log analysis feature. This feature allows you to specify a log storage duration that ranges from 7 days to 365 days. If your business needs to meet the requirements for classified protection and compliance, we recommend that you enable the log analysis feature. For more information about the billing of the log analysis feature, see Billing.
Event logs
The Event Logs tab displays the logs of events on traffic that passes through the Internet firewall and virtual private cloud (VPC) firewalls. On the Event Logs tab, you can click the Internet Firewall or VPC Firewall tab to view the information about event logs. The information includes the time when an event was detected, threat type, source IP address, destination IP address, application type, severity, and policy action.

Traffic logs
The Traffic Logs tab displays the logs of traffic that passes through the Internet firewall and VPC firewalls. On the Traffic Logs tab, you can click the Internet Firewall or VPC Firewall tab to view the information about traffic logs. The information includes the start time and end time of access, source IP address, destination port, protocol, policy action, number of bytes, and number of packets.
On the Internet Firewall or VPC Firewall tab, you can click List Configuration to the right of search conditions. In the List Configuration dialog box, you can select the columns that you want to display in the log list and click OK. You can select up to eight columns.
Operation log
