All Products
Search

This Product

    Anti-DDoS:Query advanced mitigation logs

    Document Center

    Anti-DDoS:Query advanced mitigation logs

    Last Updated:Aug 27, 2025

    If advanced mitigation sessions are provided free of charge for your instance, or if you purchased global advanced mitigation sessions, you can view the usage of the sessions on the Adv. Mitigation Logs page. This topic describes how to query advanced mitigation logs.

    Instance types that support advanced mitigation sessions

    • Anti-DDoS Pro (the Chinese mainland): Pro

    • Anti-DDoS Premium (outside the Chinese mainland): Insurance mitigation plan, Unlimited mitigation plan, and Sec-CMA (including Sec-CMA 1.0, Sec-CMA (Basic), Sec-CMA 2.0 (Insurance), and Sec-CMA 2.0 (Unlimited))

    Procedure

    1. Log on to the Anti-DDoS Proxy console.

    2. In the top navigation bar, select the region of your instance.

      • Anti-DDoS Proxy (Chinese Mainland): Choose the Chinese Mainland region.

      • Anti-DDoS Proxy (Outside Chinese Mainland): Choose the Outside Chinese Mainland region.

    3. In the left-side navigation pane, choose Investigation > Adv. Mitigation Logs.

    4. On the Adv. Mitigation Logs page, select the instance that you want to manage and the time range during which you want to query the logs.

      You can query the advanced mitigation logs within the last 90 days on the Adv. Mitigation Logs page.

      Parameter

      Description

      Protection Time

      The time range during which a DDoS attack event occurred.

      Instance

      The ID of the instance to which the attacked asset assigned a public IP address is added.

      Peak Volume

      The peak bandwidth of the DDoS attack.

      Included Events

      The number of blackhole filtering events or scrubbing events that occurred during the time range of the DDoS attack.

      Status

      Determines whether a DDoS attack event consumes an advanced mitigation session.

      • Used: The attack ended. A session is used to protect your service.

      • In Use: The attack continues. A session is being used to protect your service.

      Actions

      If a DDoS attack event occurred within the last 30 days, you can click View Events to go to the Attack Analysis page to view the details of the DDoS attack event. For more information, see View information on the Attack Analysis page.

      Note

      If a DDoS attack event occurred 30 days ago or earlier, the View Events button is dimmed, and you cannot view the details of the DDoS attack event.