Query advanced mitigation logs - Anti-DDoS - Alibaba Cloud Documentation Center

If advanced mitigation sessions are provided free of charge for your instance, or if you purchased global advanced mitigation sessions, you can view the usage of the sessions on the Adv. Mitigation Logs page. This topic describes how to query advanced mitigation logs.

Prerequisites

An Anti-DDoS Pro instance of the Advanced mitigation plan is purchased or an Anti-DDoS Premium instance of the Secure Chinese Mainland Acceleration (Sec-CMA) or Sec-CMA (Basic) mitigation plan is purchased. Fore more information, see Purchase an Anti-DDoS Pro or Anti-DDoS Premium instance.

Procedure

Log on to the Anti-DDoS Pro console.
In the top navigation bar, select the region where your instance resides.
- Anti-DDoS Pro: If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.
- Anti-DDoS Premium: If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.
You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.
In the left-side navigation pane, choose Investigation > Adv. Mitigation Logs.

On the Adv. Mitigation Logs page, select the instance that you want to manage and the time range during which you want to query the logs.

You can query the advanced mitigation logs within the last 90 days on the Adv. Mitigation Logs page.

Note In the Anti-DDoS Pro console, you can select only an Anti-DDoS Pro instance of the Advanced mitigation plan from the instance drop-down list. In the Anti-DDoS Premium console, you can select only an Anti-DDoS Premium instance of the Sec-CMA or Sec-CMA (Basic) mitigation plan from the instance drop-down list.


Parameter	Description
Mitigation Duration	The time range during which a DDoS attack event occurred.
Instance	The ID of the instance to which the attacked asset IP address is added.
Peak Attack	The peak bandwidth of the DDoS attack.
Events Included	This parameter is displayed only in the Anti-DDoS Premium console. The number of blackhole filtering events or scrubbing events that occurred during the time range of the DDoS attack.
Status	Indicates whether a session is used to protect your service against the DDoS attack. Finished: The attack ended. A session is used to protect your service. In progress: The attack continues. A session is being used to protect your service.
Actions	If a DDoS attack event occurred within the last 30 days, you can click Check Attack Event to go to the Security Overview page to view the details of the DDoS attack event. For more information, see Security Overview. Note If a DDoS attack event occurred 30 days ago or earlier, the Check Attack Event button is dimmed and you cannot view the details of the DDoS attack event.