This topic describes the limits and billing of the Log Audit Service application.

Limits

  • Limits on storage methods and regions
    • Centralized storage
      Logs that are collected from multiple Alibaba Cloud accounts across regions can be stored in a central project of an Alibaba Cloud account. The central project can reside in the following regions.
      Note When you switch the region where the central Alibaba Cloud account resides, Log Service creates a central project in the region. The original project is not deleted.
      • Chinese mainland: China (Beijing), China (Hohhot), China (Hangzhou), China (Shanghai), China (Shenzhen), and China (Hong Kong)
      • Outside the Chinese mainland: Singapore (Singapore), Japan (Tokyo), Germany (Frankfurt), and Indonesia (Jakarta)
    • Regional storage

      The access logs of Server Load Balancer (SLB), Object Storage Service (OSS), and Distributed Relational Database Service (DRDS), and the flow logs of Virtual Private Cloud (VPC) are collected from multiple Alibaba Cloud accounts across different regions. The access logs and flow logs are stored in the Logstores of the projects in the region in which the instances and VPCs reside. For example, the access logs collected from an OSS bucket that resides in the China (Hangzhou) region are stored in the Logstore of the project in the China (Hangzhou) region.

    • Synchronization to a central project

      You can synchronize log data from the Logstores of the regional project for SLB, OSS, DRDS, and VPC to a central project. This improves the efficiency when you query, analyze, and visualize the collected logs. You can also configure alerts for the logs and perform secondary development.

      The synchronization process is based on the data transformation feature of Log Service.

  • Limits on resources
    • Each Alibaba Cloud account has only one central project in a region. The name of the central project is in the format of slsaudit-center-Alibaba Cloud account ID-Region, for example, slsaudit-center-1234567890-cn-beijing. You cannot delete a central project in the Log Service console. If you want to delete a central project, you can use the Alibaba Cloud command-line interface (CLI) or call the related API operation.
    • SLB, OSS, DRDS, and VPC have multiple regional projects. The names of the projects that store the access logs of SLB instances, OSS buckets, and DRDS instances and the flow logs of VPCs are in the format of slsaudit-region-Alibaba Cloud account ID-Region, for example, slsaudit-region-1234567890-cn-beijing. You cannot delete a regional project in the Log Service console. If you want to delete a regional project, you can use the Alibaba Cloud CLI or call the related API operation.
    • If you turn on the related switches for Alibaba Cloud services on the Audit-Related Logs tab, Log Audit Service creates one or more dedicated Logstores for data storage. You can manage the dedicated Logstores the same way you manage other Logstores. However, the dedicated Logstores have the following limits:
      • To prevent data tampering, you can write only the logs of the specified Alibaba Cloud service to the specified Logstore. In addition, you cannot modify or delete the indexes of the specified Logstore.
      • You can modify the retention period of logs and delete the dedicated Logstores only on the Global Configuration page of Log Audit Service or by calling the related API operation.
      • If you turn on Synchronization to Central Project for SLB, OSS, DRDS, or VPC on the Global Configuration page, data transformation tasks are generated in the regional projects.
        • The data transformation task that is generated for OSS is named Internal Job: SLS Audit Service Data Sync for OSS Access. The data transformation task that is generated for SLB is named Internal Job: SLS Audit Service Data Sync for SLB. The data transformation task that is generated for DRDS is named Internal Job: SLS Audit Service Data Sync for DRDS. The data transformation task that is generated for VPC is named Internal Job: SLS Audit Service Data Sync for VPC.
        • You can stop the task only on the Global Configuration page of Log Audit Service or by calling the related API operation.
        • If you turn on Synchronization to Central Project for SLB, OSS, DRDS, or VPC, the log data in the Logstores of the regional projects is synchronized to the dedicated Logstore of the central project that corresponds to SLB, OSS, DRDS or VPC. You cannot manage the regional Logstores. However, you can perform operations such as log queries on the central Logstore.

Billing

  • Log Service
    You must activate Log Service and enable Log Audit Service for the central Alibaba Cloud account that is used to collect logs from other Alibaba Cloud accounts. You do not need to activate Log Service for other Alibaba Cloud accounts. However, if Log Audit Service is based on specific modules of the cloud services for these accounts, you must activate Log Service. No fees are incurred in these Alibaba Cloud accounts. When you use Log Audit Service, you are charged for the data storage, the read and write traffic, and the data transformation feature based on the pay-as-you-go billing method. For more information, see Billable items.
    Notice
    • If you turn on Synchronization to Central Project for SLB, OSS, or DRDS, log data is synchronized by using the data transformation feature. If you turn on the switch for Container Service for Kubernetes (ACK) on the Audit-Related Logs tab, the log data of ACK is also synchronized by using the data transformation feature. You are charged for the data transformation feature and the cross-network traffic based on the pay-as-you-go billing method. For more information, see Billable items.
    • You can use Log Audit Service to collect logs. You can also use the common collection method to collect logs. Both of the methods incur fees. If you use both of the methods to collect logs, Log Service stores two copies of data. However, the two copies of data are applicable to different scenarios.
      • Log Audit Service: The application provides an automated and centralized method to collect and audit the logs of cloud services across Alibaba Cloud accounts in real time. The collected logs are used for compliance and audit.
      • Common method: Logs are collected based on regions and managed in a decentralized manner. The collected logs are used for log analysis. For more information, see Alibaba Cloud service logs.

    You can use resource plans and free resource quotas to offset the incurred fees.

  • Alibaba Cloud services
    After you enable Log Audit Service in the Log Service console and turn on the related switches for Alibaba Cloud services on the Audit-Related Logs tab, you may be charged additional fees. The charges are included into the bills for the corresponding Alibaba Cloud service. The following table describes the Alibaba Cloud services that may incur additional fees.
    Alibaba Cloud service Additional fee
    Web Application Firewall (WAF) You can log on to the WAF console and click Log Service to enable the log analysis feature. For information about additional fees, see Billing.
    Security Center You can log on to the Security Center console and click Log Analysis to enable the log analysis feature. For information about additional fees, see Billing.
    Cloud Firewall You can log on to the Cloud Firewall console and click Log Analysis to enable the log analysis feature. For information about additional fees, see Billing.
    ApsaraDB RDS After you enable the log collection feature for ApsaraDB RDS, SQL Explorer is automatically enabled on the RDS instances that meet the specific requirements. All editions of ApsaraDB RDS for PostgreSQL and ApsaraDB RDS for SQL Server are supported. Only the basic edition of ApsaraDB RDS for MySQL is not supported. For information about additional fees, see Billable items, billing methods, and pricing.
    PolarDB After you enable the log collection feature for PolarDB, SQL Explorer is automatically enabled on the PolarDB clusters that meet the specific requirements. Only PolarDB for MySQL clusters are supported. For more information, see Billable items.
    Anti-DDoS You can log on to the Anti-DDoS Pro console and click Log Analysis to enable the log analysis feature. For information about additional fees, see Overview.
    VPC The log pull fee is calculated based on the amount of network log data that is pulled. The flow log feature is in public preview and you are not charged for the log pull fee.