Cloud Firewall is integrated with Log Service. Cloud Firewall allows users to access traffic logs and provides the real-time log analysis feature.

Real-time log analysis automatically collects and stores the logs of inbound and outbound traffic in real time. This feature is developed based on Log Service and allows you to query and analyze log data, generate reports, and configure alerts. This feature can also deliver log data to downstream services for consumption. This way, you can query log data in an efficient manner and focus more on log analysis.

Benefits

The real-time log analysis feature of Cloud Firewall has the following benefits:
  • Compliance audits: This feature allows you to store website access logs for more than six months. This meets the requirements of classified protection.
  • Flexible configuration: This feature allows you to collect Internet traffic logs in real time with a few steps.
  • Real-time analysis: This feature is developed based on Log Service and provides real-time log analysis and out-of-the-box dashboards for log reports. You can obtain the access details and up-to-date information about Internet traffic that passes through Cloud Firewall.
  • Real-time alerting: This feature provides near real-time monitoring and alerting based on specific metrics. This feature helps you respond to exceptions that occur in critical workloads at the earliest opportunity.

Prerequisites and limits

Before you can use Cloud Firewall to analyze logs in real time, make sure that the following conditions are met:
  • Log Service is activated. For more information, see Activate Log Service.
  • Cloud Firewall Premium Edition, Enterprise Edition, or Ultimate Edition is activated, and log analysis is purchased. For more information, see Activate Cloud Firewall.
The Logstore dedicated to Cloud Firewall has the following limits:
  • You cannot use the Log Service API or SDKs to import data to the dedicated Logstore or modify the Logstore attributes, such as the retention period of log data.
    Note The dedicated Logstore has no limits on queries, statistics, alerting, and streaming consumption.
  • You are not charged for the dedicated Logstore. However, the dedicated Logstore can properly run only if Log Service has no overdue payments.
  • The built-in charts of the Logstore may be updated.

Scenarios

  • Track Internet traffic logs and trace security threats.
  • Monitor Internet requests in real time and view traffic trends.
  • Obtain information about the efficiency of security operations and handle issues at the earliest opportunity.
  • Deliver logs to self-managed data and computing centers.