All Products
Search
Document Center

Cloud Firewall:Overview

Last Updated:Feb 22, 2024

Cloud Firewall and Simple Log Service jointly launch the log analysis feature. The feature allows you to collect, query, analyze, transform, and consume traffic logs of protected assets in real time. The feature helps you monitor and protect network assets and meet compliance requirements.

Scenarios

The log analysis feature is suitable for enterprises and organizations that require network security compliance, require flexible configuration, and want to perform in-depth monitoring and real-time analysis of network traffic. The following section describes the common scenarios of the feature:

  • Compliance audit: Enterprises that need to comply with data protection and network security regulations can use the log analysis feature to store access logs for more than six months. This helps the enterprises meet compliance requirements for classified protection and respond to log audits.

  • Security analysis and emergency response: Enterprises that need to trace, analyze, and respond to security incidents can use the tools provided by the log analysis feature. This way, security teams of the enterprises can quickly identify threat sources, analyze attack patterns, and take measures to prevent potential attacks.

  • Data center integration: Enterprises that have self-managed data processing and computing centers and want to manage logs in a centralized manner can use Cloud Firewall to export logs to the centers to implement centralized log management and analysis, and improve data security and management.

  • Performance monitoring and optimization: Enterprises can use the log analysis feature to monitor network performance in real time, and identify and diagnose issues. This helps optimize the user access experience and improve online performance and operational efficiency of your services.

Supported editions

The log analysis feature is available only in Premium Edition, Enterprise Edition, and Ultimate Edition of Cloud Firewall that uses the subscription billing method. The log analysis feature is unavailable in Cloud Firewall that uses the pay-as-you-go billing method.

Billing rules

You are charged for the log analysis feature based on the log storage duration and log storage capacity. For more information, see Subscription.

After Cloud Firewall delivers logs to Simple Log Service, Simple Log Service does not charge you additional fees for the Logstore dedicated to Cloud Firewall. If you perform operations such as data transformation and data shipping in the Simple Log Service console, you are charged.

  • If the dedicated Logstore uses the pay-by-feature billing mode, you are charged for data transformation and data shipping when you transform or ship logs in the Simple Log Service console. When you read logs in stream mode, you are charged for read traffic over the Internet. The fees are included in the bills of Simple Log Service. For more information, see Billable items of pay-by-feature.

  • If the dedicated Logstore uses the pay-by-ingested-data billing mode, you are not charged for data transformation or data shipping. You are charged only for read traffic over the Internet. The fees are included in the bills of Simple Log Service. For more information, see Billable items of pay-by-ingested-data.

Logstore description

After you enable the log analysis feature, Cloud Firewall automatically creates a dedicated project named cloudfirewall-project-Alibaba Cloud account ID-RegionID and a dedicated Logstore named cloudfirewall-logstore to store all log data collected by Cloud Firewall.

Important

You can log on to the Simple Log Service console to view the project and Logstore dedicated to Cloud Firewall. Do not delete the project or Logstore. If you delete the dedicated project or Logstore, the log data is deleted and cannot be restored. Before you can continue to use the dedicated project or Logstore, you must re-enable the log analysis feature. For more information about how to enable log analysis, see Enable log analysis.

Limits

The Logstore is dedicated to Cloud Firewall. The following limits are imposed on the Logstore:

  • You can write only Cloud Firewall logs to the dedicated Logstore. No limits are imposed for features such as query, analysis, alerting, and consumption.

  • You cannot change the log storage duration of the dedicated Logstore in the Simple Log Service console. You can change the log storage duration in the Cloud Firewall console.

  • If you have overdue payments for your Simple Log Service resources, the log analysis feature is automatically stopped. To ensure business continuity, you must complete your overdue payments within the prescribed time limit.

  • By default, Cloud Firewall provides fields that support indexes. You cannot specify custom fields or modify the fields. For more information about the fields, see Fields that support indexes.

  • The available log storage capacity must be sufficient. If the log storage capacity is exhausted, new logs cannot be stored.

    Note

    The log storage usage that is displayed in the Cloud Firewall console is not updated in real time. The displayed usage does not include the usage from the previous 2 hours.

Enable the log analysis feature

  1. Visit the Cloud Firewall buy page.

  2. Set the Log Analysis parameter to Yes, configure the Log Storage parameter, click Buy Now, and then complete the payment.

    For more information, see Subscription.

    image

  3. Log on to the Cloud Firewall console.

  4. In the left-side navigation pane, choose Log Analysis > Log Analysis.

  5. Click Enable Now to enable the log analysis feature.

What to do next

  • After you enable the log analysis feature, you can specify the log data that you want to collect, query logs, export logs, and change the destination region for log delivery. For more information, see Query and analyze logs.

  • You can turn on or turn off the log delivery switch, and configure the storage duration, storage region, and storage capacity of logs to ensure that the configurations for the log analysis feature meet your business requirements. For more information, see Modify log storage configurations.

  • You can download the collected logs to your computer or ship the logs to Object Storage Service (OSS) for storage. For more information, see Export logs.

  • You can grant a Resource Access Management (RAM) user the permissions to query and analyze logs. For more information, see Grant a RAM user the permissions to query and analyze logs.