Edge Security Acceleration (ESA) can collect system logs, application logs, or device operation logs of your website in real time. This helps monitor and analyze your business activities and tune related configurations if needed.
Benefits of real-time logs
After you add your website to ESA, you can analyze data such as user behavior and website health status to adjust service policies in the following scenarios:
Security monitoring: Your website suffers from attacks, such as DDoS attacks, crawler attacks, exploratory attacks, or other suspicious activities, and you want to identify the attack sources and configure security policies.
Performance monitoring: You want to monitor ESA metrics, such as request latency and error rate, for troubleshooting.
User behavior analysis: You want to analyze user behavior and access patterns, such as the most frequently requested content, access time, and stay duration.
Business analysis and optimization: You want to analyze data such as traffic, bandwidth, resource usage, geographic distribution, and cache hit ratio, to optimize your service policies.
Audit and compliance: You need audit evidence to comply with regulatory requirements, such as data retention policies and user privacy regulations.
Categories of real-time logs
Real-time logs are divided into the following categories. You can collect multiple categories of logs as needed.
The number of delivery tasks is separately calculated for each log category. For example, if you are on an Enterprise plan, you can create five tasks to deliver access logs and another five for firewall logs.
Edge Routine Log
Collection scope: All websites in the account
Content: Request information generated by calling ESA routines
Scenario: Business analysis and optimization
Edge Container Log
Collection scope: All websites in the account
Content: Business information generated by Edge Routine
Scenario: Performance monitoring, user behavior analysis, audit and compliance
Access and Origin Log
Collection scope: Individual website
Content: Detailed request information is generated when users access a website or service accelerated by ESA, and when an ESA POP fetches data from the origin
Scenario: User behavior analysis, business analysis and optimization, audit and compliance
Firewall Log
Collection scope: Individual website
Content: Details of all malicious requests that are detected and blocked by the Web Application Firewall (WAF) of ESA
Scenario: Security monitoring, business analysis and optimization, audit and compliance
TCP/UDP Proxy Log
Collection scope: Individual website
Content: Details about content delivery acceleration at the transport layer ESA
Scenario: Performance monitoring, business analysis and optimization
DNS Log
Collection scope: Individual website
Content: Detailed request information for ESA-accelerated DNS resolution
Scenario: Audit and compliance, DNS resolution modification
How it works
When a user initiates a request, the ESA point of presence (POP) processes and logs the request. The log system of ESA collects and processes the log. To facilitate the retrieval and analysis of real-time logs of your website, ESA allows you to deliver logs to Alibaba Cloud Simple Log Service (SLS), Object Storage Service (OSS), Amazon Simple Storage Service (S3), other S3-compatible storage services, HTTP servers, or Kafka. For more information, see Create a real-time log delivery task.
Availability
The number of delivery tasks that you can create for each log category is determined by the plan you purchased.
Feature | Entrance | Pro | Premium | Enterprise |
Real-time log delivery tasks | × | 2 | 3 | 5 |