All Products
Search

This Product

    Anti-DDoS:Query advanced mitigation logs

    Document Center

    Anti-DDoS:Query advanced mitigation logs

    Last Updated:Apr 01, 2024

    If advanced mitigation sessions are provided free of charge for your instance, or if you purchased global advanced mitigation sessions, you can view the usage of the sessions on the Adv. Mitigation Logs page. This topic describes how to query advanced mitigation logs.

    Instance types that support advanced mitigation sessions

    Anti-DDoS Proxy (Chinese Mainland) instances of the Advanced mitigation plan, Anti-DDoS Proxy (Outside Chinese Mainland) instances of the Insurance mitigation plan, Anti-DDoS Proxy (Outside Chinese Mainland) instances of the Secure Chinese Mainland Acceleration (Sec-CMA) mitigation plan, and Anti-DDoS Proxy (Outside Chinese Mainland) instances of the Sec-CMA (Basic) mitigation plan.

    Prerequisites

    An Anti-DDoS Proxy (Chinese Mainland) or Anti-DDoS Proxy (Outside Chinese Mainland) instance is purchased. For more information, see Purchase an Anti-DDoS Proxy instance.

    Procedure

    1. Log on to the Anti-DDoS Proxy console.

    2. In the top navigation bar, select the region of your instance.

      • Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Proxy (Chinese Mainland) instance, select Chinese Mainland.

      • Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Proxy (Outside Chinese Mainland), select Outside Chinese Mainland.

    3. In the left-side navigation pane, choose Investigation > Adv. Mitigation Logs.

    4. On the Adv. Mitigation Logs page, select the instance that you want to manage and the time range during which you want to query the logs.

      You can query the advanced mitigation logs within the last 90 days on the Adv. Mitigation Logs page.

      Parameter

      Description

      Protection Time

      The time range during which a DDoS attack event occurred.

      Instance

      The ID of the instance to which the attacked asset assigned a public IP address is added.

      Peak Volume

      The peak bandwidth of the DDoS attack.

      Included Events

      The number of blackhole filtering events or scrubbing events that occurred during the time range of the DDoS attack.

      Status

      Indicates whether a session is used to protect your service against the DDoS attack.

      • Used: The attack ended. A session is used to protect your service.

      • In Use: The attack continues. A session is being used to protect your service.

      Actions

      If a DDoS attack event occurred within the last 30 days, you can click View Events to go to the Attack Analysis page to view the details of the DDoS attack event. For more information, see View information on the Attack Analysis page.

      Note

      If a DDoS attack event occurred 30 days ago or earlier, the View Events button is dimmed, and you cannot view the details of the DDoS attack event.