How to use Simple Log Service for KMS - Key Management Service

Key Management Service (KMS) provides the Simple Log Service for KMS feature. This topic describes how to enable the Simple Log Service for KMS feature and how to query and analyze logs.

Usage notes

After the Simple Log Service for KMS feature is enabled, logs are stored for a continuous period of 180 days from the first day you use the feature. On the 181st day, the logs that are stored on the first day are overwritten. This ensures that only the most recent 180 days of logs are retained.
Important
If the log storage capacity is exhausted before the 180 days, logs cannot be stored. To address this issue, you must increase the log storage capacity.
If the following message is displayed in the KMS console, submit a ticket and contact technical support to upgrade your KMS instance.

Step 1: Enable the Simple Log Service for KMS feature

You can enable the feature when you purchase a KMS instance. For more information, see Purchase and enable a KMS instance. If you purchased a KMS instance, you can enable the feature by performing the following steps:

Log on to the KMS console. In the top navigation bar, select the required region. In the left-side navigation pane, click Simple Log Service for KMS.
Select an instance ID and click Purchase Now. Then, select Enable for Log Analysis and specify a value for Log Storage Capacity.
Read and select Terms of Service, click Buy Now, and then complete the payment.

After you enable the feature, the following operations are automatically performed:

RAM creates the AliyunServiceRoleForSLSSecurityLens service-linked role to authorize Simple Log Service to access KMS resources.
Simple Log Service creates a project for the KMS instance. The project name is in the kms-log-{KMS instance ID} format. You can view the project on the homepage of the Simple Log Service console. For more information about projects, see Project. Simple Log Service also creates a Logstore named kms_audit_log in the project to manage the logs of the KMS instance. For more information about Logstores, see Logstore.

Step 2: Query and analyze logs

On the Simple Log Service for KMS page, select an instance ID.
Optional. Enter the required key ID, secret ID, HTTP status code, or request ID, and click Search to query logs.
Specify a query time range.
Note
- Logs are stored for 180 days. Logs that are stored 180 days ago are deleted. Therefore, you can query only the logs within the previous 180 days.
- The query results may contain the logs that are generated 1 minute earlier or later than the specified time range.
Enter a query statement in the search box and click Search & Analyze. For more information, see Log search overview and Log analysis overview.
Note
No additional fees are generated for query and analysis operations.
You can also configure alert rules based on the charts in a dashboard to monitor service status in real time. For more information, see Configure an alert monitoring rule in Simple Log Service.

Related operations

Increase log storage capacity

You can only increase the log storage capacity. You cannot reduce the log storage capacity.

Log on to the KMS console. In the top navigation bar, select the required region. In the left-side navigation pane, click Instances.
Find your KMS instance and click Upgrade in the Actions column.
In the KMS (International) | Upgrade/Downgrade page, configure Log Storage Capacity and click Buy Now. Then, read and select Terms of Service.
Click Subscribe and complete the payment.

FAQ

How do I renew the Simple Log Service for KMS feature?

The feature does not support separate renewal. You can only renew the feature together with your KMS instance. For more information about how to renew a KMS instance, see Billing.