All Products
Search
Document Center

Edge Security Acceleration:Real-time logs

Last Updated:Mar 20, 2025

Edge Security Acceleration (ESA) can collect system logs, application logs, or device operation logs of your website in real time. This helps monitor and analyze your business activities and tune related configurations if needed.

Benefits of real-time logs

After you add your website to ESA, you can analyze data such as user behavior and website health status to adjust service policies in the following scenarios:

  • Security monitoring: Your website suffers from attacks, such as DDoS attacks, crawler attacks, exploratory attacks, or other suspicious activities, and you want to identify the attack sources and configure security policies.

  • Performance monitoring: You want to monitor ESA metrics, such as request latency and error rate, for troubleshooting.

  • User behavior analysis: You want to analyze user behavior and access patterns, such as the most frequently requested content, access time, and stay duration.

  • Business analysis and optimization: You want to analyze data such as traffic, bandwidth, resource usage, geographic distribution, and cache hit ratio, to optimize your service policies.

  • Audit and compliance: You need audit evidence to comply with regulatory requirements, such as data retention policies and user privacy regulations.

Categories of real-time logs

Real-time logs are divided into the following categories. You can collect multiple categories of logs as needed.

Note

The number of delivery tasks is separately calculated for each log category. For example, if you are on an Enterprise plan, you can create five tasks to deliver access logs and another five for firewall logs.

  • Edge Routine logs

    Collection scope: All websites in the account

    Content: Request information generated by calling ESA routines

    Scenario: Business analysis and optimization

  • Edge Container logs

    Collection scope: All websites in the account

    Content: Business information generated by Edge Routine

    Scenario: Performance monitoring, user behavior analysis, audit and compliance

  • Access logs

    Collection scope: Individual website

    Content: Detailed request information generated when users access an ESA-accelerated website or service

    Scenario: User behavior analysis, business analysis and optimization, audit and compliance

  • Firewall logs

    Collection scope: Individual website

    Content: Details of all malicious requests that are detected and blocked by the Web Application Firewall (WAF) of ESA

    Scenario: Security monitoring, business analysis and optimization, audit and compliance

  • TCP/UDP proxy logs

    Collection scope: Individual website

    Content: Details about content delivery acceleration at the transport layer ESA

    Scenario: Performance monitoring, business analysis and optimization

  • DNS logs

    Collection scope: Individual website

    Content: Detailed request information for ESA-accelerated DNS resolution

    Scenario: Audit and compliance, DNS resolution modification

How it works

When a user initiates a request, the ESA point of presence (POP) processes and logs the request. The log system of ESA collects and processes the log. To facilitate the retrieval and analysis of real-time logs of your website, ESA allows you to deliver logs to Alibaba Cloud Simple Log Service (SLS), Object Storage Service (OSS), Amazon Simple Storage Service (S3), other S3-compatible storage services, HTTP servers, or Kafka. For more information, see Create a real-time log delivery task.

image

Availability

The number of delivery tasks that you can create for each log category is determined by the plan you purchased.

Feature

Entrance

Pro

Premium

Enterprise

Real-time log delivery tasks

×

2

3

5