This topic describes how to use Terraform and its CLI to configure Log Audit Service.

Prerequisites

Terraform is installed and configured. For more information, see Use Terraform in Cloud Shell and Install and configure Terraform in the local PC.

Background information

Terraform is an open source tool that you can use to preview, configure, and manage the infrastructure and resources of cloud services in a secure and efficient manner. Terraform provides an easy-to-use CLI that allows you to deploy configuration files on Alibaba Cloud or third-party cloud services and manage the versions of the configuration files.

Alibaba Cloud is the first cloud service provider in the Chinese mainland to offer services that can be integrated with Terraform. Alibaba Cloud supports more than 163 resources and 113 data sources across multiple Alibaba Cloud services in the following categories: computing, storage, networking, CDN, container, middleware, and database. This helps a large number of customers migrate data to the cloud in an automated manner. For more information, see Alibaba Cloud Provider.

Benefits of Terraform

  • Multi-cloud infrastructure deployment

    Terraform is suitable for multi-cloud scenarios in which multiple similar infrastructures are deployed across Alibaba Cloud, third-party cloud services, and data centers. Terraform allows developers to use the same tools and similar configuration files to manage infrastructures across different cloud service providers.

  • Automated infrastructure management

    Terraform allows you to create configuration file templates to define, provision, and configure Elastic Compute Service (ECS) resources in a repeated and predictable manner. This reduces human errors during deployment and management operations. You can use the same template multiple times to create identical development, test, and production environments.

  • Infrastructure as code (IaC)

    Terraform supports the code-based management and maintenance of resources. Terraform stores a copy of the current configurations of your infrastructure. This way, you can track changes made to the components in the IaC system and share infrastructure configurations with other users.

  • Reduced development costs

    You can use Terraform to create development and deployment environments based on your business requirements and reduce development and deployment costs. In addition, you can use Terraform to evaluate development costs before you make changes to your system.

Step 1: Specify the identity information and region of the central project for Log Audit Service

Use environment variables to specify the identity information and region of the central project for Log Audit Service.

export ALICLOUD_ACCESS_KEY="AccessKey ID"
export ALICLOUD_SECRET_KEY="AccessKey Secret"
export ALICLOUD_REGION="cn-huhehaote"
Parameter Description
ALICLOUD_ACCESS_KEY The AccessKey ID of your Alibaba Cloud account. For more information, see AccessKey pair.
ALICLOUD_SECRET_KEY The AccessKey secret of your Alibaba Cloud account. For more information, see AccessKey pair.
ALICLOUD_REGION The region where the central project of Log Audit Service resides. The following regions are supported:
  • Chinese mainland: China (Qingdao), China (Beijing), China (Hohhot), China (Hangzhou), China (Shanghai), China (Shenzhen), and China (Hong Kong)
  • Outside the Chinese mainland: Singapore (Singapore), Japan (Tokyo), Germany (Frankfurt), and Indonesia (Jakarta)

Step 2: Complete RAM authorization

If the AliyunServiceRoleForSLSAudit service-linked role does not exist in the central account, you must first create the service-linked role. For more information, see Initially configure Log Audit Service.

For information about how to configure other member accounts in custom authentication mode and the related custom policies, see Use a custom policy to authorize Log Service to collect and synchronize logs.

Step 3: Configure Log Audit Service

  1. Create a Terraform directory named sls and create a file named terraform.tf in the directory.
  2. Open the terraform.tf file and add the following content:
    resource "alicloud_log_audit" "example" {
      display_name = "tf-audit-test"
      aliuid       = "1379186349****"
    }

    The following table describes the parameters.

    Parameter Description
    example The name of the resource. You can specify a custom name.
    display_name The name of the collection configuration. You can specify a custom name.
    aliuid The ID of your Alibaba Cloud account.
  3. Run the following command in the sls directory to initialize the directory:
    terraform init
    If the command output contains Terraform has been successfully initialized!, the directory is initialized. Initialization
  4. Open the terraform.tf file and configure the parameters of Log Audit Service.

    The following sample code provides configuration examples. For more information about the parameters, see alicloud_log_audit.

    • Single-account logging
      resource "alicloud_log_audit" "example" {
        display_name = "tf-audit-test"
        aliuid       = "1379186349****"
        variable_map = {
          "actiontrail_enabled" = "true",
          "actiontrail_ttl" = "180"
        }
      }
    • Multi-account logging

      You can configure the multi-account logging feature in custom authentication mode or resource directory mode. In custom authentication mode, the central account is an Alibaba Cloud account. In resource directory mode, the central account must be a management account or a delegated administrator account of Resource Directory. For more information, see Configure multi-account collection.

      • Custom authentication mode
        resource "alicloud_log_audit" "example" {
          display_name = "tf-audit-test"
          aliuid     = "1379186349****"
          variable_map = {
            "actiontrail_enabled" = "true",
            "actiontrail_ttl" = "180"
          }
          multi_account = ["1257918632****", "1324567349****"]
        
        }
      • Custom mode in resource directory mode
        resource "alicloud_log_audit" "example" {
          display_name = "tf-audit-test"
          aliuid    = "1379186349****"
          variable_map = {
            "actiontrail_enabled" = "true",
            "actiontrail_ttl" = "180"
          }
          multi_account = ["1257918632****", "1324567349****"]
        resource_directory_type="custom"
        }
      • All Members mode in resource directory mode
        resource "alicloud_log_audit" "example" {
          display_name = "tf-audit-test"
          aliuid       = "1379186349****"
          variable_map = {
            "actiontrail_enabled" = "true",
            "actiontrail_ttl" = "180"
          }
        resource_directory_type="all"
        }

    The following table describes the parameters.

    Parameter Description
    multi_account If you configure multi-account logging in custom authentication mode or by using the Custom mode in resource directory mode, you must configure the multi_account parameter.
    Note The custom authentication mode requires complex configurations. We recommend that you configure multi-account logging in resource directory mode.
    • If you use the custom authentication mode, the resource_directory_type parameter is unavailable, and you must set the multi_account parameter to the ID of an Alibaba Cloud account.
    • If you use the Custom mode in resource directory mode, the resource_directory_type parameter is set to custom, and you must set the multi_account parameter to a member in your resource directory.
    resource_directory_type If you configure multi-account logging in resource directory mode, you must configure the resource_directory_type parameter. Valid values:
    • all: The All Members mode in resource directory mode is used.
    • custom: The Custom mode in resource directory mode is used.
    Note If you use the custom authentication mode, you do not need to configure the resource_directory_type parameter.
    variable_map Specifies the objects to collect, whether to collect specific data, and the retention period of the objects. For information about the parameters in the variable_map parameter, see Appendix: parameters in variable_map.
  5. Apply the configurations in the terraform.tf file.
    1. Run the following command:
      terraform apply
    2. Enter yes.

      If the command output contains Apply complete!, the configurations take effect, and Log Audit Service collects and stores logs based on the configurations.

      Configurations applied

What to do next

You can use Terraform to perform the following operations:

  • Import existing collection configurations.
    terraform import alicloud_log_audit.example tf-audit-test

    You must replace example and tf-audit-test with actual values.

    Import configurations

    After the command is run, you can view the content of the terraform.tfstate file in the Terraform directory. The terraform.tfstate file contains the imported collection configurations.

    Notice
    • If you want to migrate the imported collection configurations to the terraform.tf file, you must copy the configurations and adjust the format of the configurations to meet the format requirements of the terraform.tf file.
    • If you run the terrraform apply or terraform import command once in the Terraform directory, the next execution of the terraform import command fails. Before you can run the terraform import command again, you must delete the terraform.tfstate file from the directory.
  • View the current collection configurations.
    terraform show
    View configurations
  • View the differences between the terraform.tf file in the Terraform directory and the collection configurations that are in effect.
    terraform plan
    Configuration file

Appendix: parameters in variable_map

Parameter Description Default value
actiontrail_enabled Specifies whether to collect ActionTrail logs. Valid values:
  • true: The system collects ActionTrail logs.
  • false: The system does not collect ActionTrail logs.
false
actiontrail_ttl The retention period of ActionTrail logs in the central Logstore. Unit: days. 180
actiontrail_ti_enabled Specifies whether to enable the threat intelligence feature for ActionTrail logs. Valid values:
  • true: The system enables the threat intelligence feature.
  • false: The system disables the threat intelligence feature.
false
oss_access_enabled Specifies whether to collect Object Storage Service (OSS) access logs. Valid values:
  • true: The system collects OSS access logs.
  • false: The system does not collect OSS access logs.
false
oss_access_ttl The retention period of OSS access logs in the regional Logstore. Unit: days. 7
oss_sync_enabled Specifies whether to synchronize OSS access logs to the central project. Valid values:
  • true: The system synchronizes OSS access logs to the central project.
  • false: The system does not synchronize OSS access logs to the central project.
true
oss_sync_ttl The retention period of OSS access logs in the central Logstore. Unit: days. 180
oss_access_ti_enabled Specifies whether to enable the threat intelligence feature for OSS access logs. Valid values:
  • true: The system enables the threat intelligence feature.
  • false: The system disables the threat intelligence feature.
false
oss_metering_enabled Specifies whether to collect OSS metering logs. Valid values:
  • true: The system collects OSS metering logs.
  • false: The system does not collect OSS metering logs.
false
oss_metering_ttl The retention period of OSS metering logs in the central Logstore. Unit: days. 180
rds_enabled Specifies whether to collect ApsaraDB RDS for MySQL audit logs. Valid values:
  • true: The system collects ApsaraDB RDS for MySQL audit logs.
  • false: The system does not collect ApsaraDB RDS for MySQL audit logs.
false
rds_audit_collection_policy The collection policy for ApsaraDB RDS for MySQL audit logs. ""
rds_ttl The retention period of ApsaraDB RDS for MySQL audit logs in the central Logstore. Unit: days. 180
rds_ti_enabled Specifies whether to enable the threat intelligence feature for ApsaraDB RDS for MySQL audit logs. Valid values:
  • true: The system enables the threat intelligence feature.
  • false: The system disables the threat intelligence feature.
false
rds_slow_enabled Specifies whether to collect ApsaraDB RDS for MySQL slow query logs. Valid values:
  • true: The system collects ApsaraDB RDS for MySQL slow query logs.
  • false: The system does not collect ApsaraDB RDS for MySQL slow query logs.
false
rds_slow_collection_policy The collection policy for ApsaraDB RDS for MySQL slow query logs. ""
rds_slow_ttl The retention period of ApsaraDB RDS for MySQL slow query logs in the central Logstore. Unit: days. 180
rds_error_enabled Specifies whether to collect ApsaraDB RDS for MySQL error logs. Valid values:
  • true: The system collects ApsaraDB RDS for MySQL error logs.
  • false: The system does not collect ApsaraDB RDS for MySQL error logs.
false
rds_error_collection_policy The collection policy for ApsaraDB RDS for MySQL error logs. ""
rds_error_ttl The retention period of ApsaraDB RDS for MySQL error logs in the central Logstore. Unit: days. 180
rds_perf_enabled Specifies whether to collect ApsaraDB RDS for MySQL performance logs. Valid values:
  • true: The system collects ApsaraDB RDS for MySQL performance logs.
  • false: The system does not collect ApsaraDB RDS for MySQL performance logs.
false
rds_perf_collection_policy The collection policy for ApsaraDB RDS for MySQL performance logs. ""
rds_perf_ttl The retention period of ApsaraDB RDS for MySQL performance logs in the central Logstore. Unit: days. 180
vpc_flow_enabled Specifies whether to collect Virtual Private Cloud (VPC) flow logs. Valid values:
  • true: The system collects VPC flow logs.
  • false: The system does not collect VPC flow logs.
false
vpc_flow_ttl The retention period of VPC flow logs in the regional Logstore. Unit: days. 7
vpc_flow_collection_policy The collection policy for VPC flow logs. ""
vpc_sync_enabled Specifies whether to synchronize VPC flow logs to the central project. Valid values:
  • true: The system synchronizes VPC flow logs to the central project.
  • false: The system does not synchronize VPC flow logs to the central project.
true
vpc_sync_ttl The retention period of VPC flow logs in the central Logstore. Unit: days. 180
polardb_enabled Specifies whether to collect PolarDB for MySQL audit logs. Valid values:
  • true: The system collects PolarDB for MySQL audit logs.
  • false: The system does not collect PolarDB for MySQL audit logs.
false
polardb_audit_collection_policy The collection policy for PolarDB for MySQL audit logs. ""
polardb_ttl The retention period of PolarDB for MySQL audit logs in the central Logstore. Unit: days. 180
polardb_ti_enabled Specifies whether to enable the threat intelligence feature for PolarDB for MySQL audit logs. Valid values:
  • true: The system enables the threat intelligence feature.
  • false: The system disables the threat intelligence feature.
false
polardb_slow_enabled Specifies whether to collect PolarDB for MySQL slow query logs. Valid values:
  • true: The system collects PolarDB for MySQL slow query logs.
  • false: The system does not collect PolarDB for MySQL slow query logs.
false
polardb_slow_collection_policy The collection policy for PolarDB for MySQL slow query logs. ""
polardb_slow_ttl The retention period of PolarDB for MySQL slow query logs in the central Logstore. Unit: days. 180
polardb_error_enabled Specifies whether to collect PolarDB for MySQL error logs. Valid values:
  • true: The system collects PolarDB for MySQL error logs.
  • false: The system does not collect PolarDB for MySQL error logs.
false
polardb_error_collection_policy The collection policy for PolarDB for MySQL error logs. ""
polardb_error_ttl The retention period of PolarDB for MySQL error logs in the central Logstore. Unit: days. 180
polardb_perf_enabled Specifies whether to collect PolarDB for MySQL performance logs. Valid values:
  • true: The system collects PolarDB for MySQL performance logs.
  • false: The system does not collect PolarDB for MySQL performance logs.
false
polardb_perf_collection_policy The collection policy for PolarDB for MySQL performance logs. ""
polardb_perf_ttl The retention period of PolarDB for MySQL performance logs in the central Logstore. Unit: days. 180
drds_audit_enabled Specifies whether to collect PolarDB-X 1.0 audit logs. Valid values:
  • true: The system collects PolarDB-X 1.0 audit logs.
  • false: The system does not collect PolarDB-X 1.0 audit logs.
false
drds_audit_collection_policy The collection policy for PolarDB-X 1.0 audit logs. ""
drds_audit_ttl The retention period of PolarDB-X 1.0 audit logs in the regional Logstore. Unit: days. 7
drds_sync_enabled Specifies whether to synchronize PolarDB-X 1.0 audit logs to the central project. Valid values:
  • true: The system synchronizes PolarDB-X 1.0 audit logs to the central project.
  • false: The system does not synchronize PolarDB-X 1.0 audit logs to the central project.
true
drds_sync_ttl The retention period of PolarDB-X 1.0 audit logs in the central Logstore. Unit: days. 180
slb_access_enabled Specifies whether to collect Server Load Balancer (SLB) access logs. Valid values:
  • true: The system collects SLB access logs.
  • false: The system does not collect SLB access logs.
false
slb_access_collection_policy The collection policy for SLB access logs. ""
slb_access_ttl The retention period of SLB access logs in the regional Logstore. Unit: days. 7
slb_sync_enabled Specifies whether to synchronize SLB access logs to the central project. Valid values:
  • true: The system synchronizes SLB access logs to the central project.
  • false: The system does not synchronize SLB access logs to the central project.
true
slb_sync_ttl The retention period of SLB access logs in the central Logstore. Unit: days. 180
slb_access_ti_enabled Specifies whether to enable the threat intelligence feature for SLB access logs. Valid values:
  • true: The system enables the threat intelligence feature.
  • false: The system disables the threat intelligence feature.
false
alb_access_enabled Specifies whether to collect Application Load Balancer (ALB) access logs. Valid values:
  • true: The system collects ALB access logs.
  • false: The system does not collect ALB access logs.
false
alb_access_collection_policy The collection policy for ALB access logs. ""
alb_access_ttl The retention period of ALB access logs in the regional Logstore. Unit: days. 7
alb_sync_enabled Specifies whether to synchronize ALB access logs to the central project. Valid values:
  • true: The system synchronizes ALB access logs to the central project.
  • false: The system does not synchronize ALB access logs to the central project.
true
alb_sync_ttl The retention period of ALB access logs in the central Logstore. Unit: days. 180
bastion_enabled Specifies whether to collect Bastionhost operation logs. Valid values:
  • true: The system collects Bastionhost operation logs.
  • false: The system does not collect Bastionhost operation logs.
false
bastion_ttl The retention period of Bastionhost operation logs in the central Logstore. Unit: days. 180
bastion_ti_enabled Specifies whether to enable the threat intelligence feature for Bastionhost operation logs. Valid values:
  • true: The system enables the threat intelligence feature.
  • false: The system disables the threat intelligence feature.
false
waf_enabled Specifies whether to collect Web Application Firewall (WAF) access logs. Valid values:
  • true: The system collects WAF access logs.
  • false: The system does not collect WAF access logs.
false
waf_ttl The retention period of WAF access logs in the central Logstore. Unit: days. 180
waf_ti_enabled Specifies whether to enable the threat intelligence feature for WAF access logs. Valid values:
  • true: The system enables the threat intelligence feature.
  • false: The system disables the threat intelligence feature.
false
cloudfirewall_enabled Specifies whether to collect Internet firewall traffic logs for Cloud Firewall. Valid values:
  • true: The system collects Internet firewall traffic logs for Cloud Firewall.
  • false: The system does not collect Internet firewall traffic logs for Cloud Firewall.
false
cloudfirewall_ttl The retention period of Cloud Firewall Internet firewall traffic logs in the central Logstore. Unit: days. 180
cloudfirewall_ti_enabled Specifies whether to enable the threat intelligence feature for Cloud Firewall Internet firewall traffic logs. Valid values:
  • true: The system enables the threat intelligence feature.
  • false: The system disables the threat intelligence feature.
false
cloudfirewall_vpc_enabled Specifies whether to collect VPC firewall traffic logs for Cloud Firewall. Valid values:
  • true: The system collects VPC firewall traffic logs for Cloud Firewall.
  • false: The system does not collect VPC firewall traffic logs for Cloud Firewall.
false
cloudfirewall_vpc_ttl The retention period of Cloud Firewall VPC firewall traffic logs in the central Logstore. Unit: days. 180
cloudfirewall_vpc_ti_enabled Specifies whether to enable the threat intelligence feature for Cloud Firewall VPC firewall traffic logs. Valid values:
  • true: The system enables the threat intelligence feature.
  • false: The system disables the threat intelligence feature.
false
ddos_coo_access_enabled Specifies whether to collect Anti-DDoS Pro access logs. Valid values:
  • true: The system collects Anti-DDoS Pro access logs.
  • false: The system does not collect Anti-DDoS Pro access logs.
false
ddos_coo_access_ttl The retention period of Anti-DDoS Pro access logs in the central Logstore. Unit: days. 180
ddos_coo_access_ti_enabled Specifies whether to enable the threat intelligence feature for Anti-DDoS Pro access logs. Valid values:
  • true: The system enables the threat intelligence feature.
  • false: The system disables the threat intelligence feature.
false
ddos_bgp_access_enabled Specifies whether to collect Anti-DDoS Origin access logs. Valid values:
  • true: The system collects Anti-DDoS Origin access logs.
  • false: The system does not collect Anti-DDoS Origin access logs.
false
ddos_bgp_access_ttl The retention period of Anti-DDoS Origin access logs in the central Logstore. Unit: days. 180
ddos_dip_access_enabled Specifies whether to collect Anti-DDoS Premium access logs. Valid values:
  • true: The system collects Anti-DDoS Premium access logs.
  • false: The system does not collect Anti-DDoS Premium access logs.
false
ddos_dip_access_ttl The retention period of Anti-DDoS Premium access logs in the central Logstore. Unit: days. 180
ddos_dip_access_ti_enabled Specifies whether to enable the threat intelligence feature for Anti-DDoS Premium access logs. Valid values:
  • true: The system enables the threat intelligence feature.
  • false: The system disables the threat intelligence feature.
false
sas_ttl The retention period of Security Center (SAS) logs in the central Logstore. Unit: days. 180
sas_process_enabled Specifies whether to collect SAS process startup logs. Valid values:
  • true: The system collects SAS process startup logs.
  • false: The system does not collect SAS process startup logs.
false
sas_network_enabled Specifies whether to collect SAS network connection logs. Valid values:
  • true: The system collects SAS network connection logs.
  • false: The system does not collect SAS network connection logs.
false
sas_login_enabled Specifies whether to collect SAS logon logs. Valid values:
  • true: The system collects SAS logon logs.
  • false: The system does not collect SAS logon logs.
false
sas_crack_enabled Specifies whether to collect SAS brute-force attack logs. Valid values:
  • true: The system collects SAS brute-force attack logs.
  • false: The system does not collect SAS brute-force attack logs.
false
sas_snapshot_process_enabled Specifies whether to collect SAS process snapshot logs. Valid values:
  • true: The system collects SAS process snapshot logs.
  • false: The system does not collect SAS process snapshot logs.
false
sas_snapshot_account_enabled Specifies whether to collect SAS account snapshot logs. Valid values:
  • true: The system collects SAS account snapshot logs.
  • false: The system does not collect SAS account snapshot logs.
false
sas_snapshot_port_enabled Specifies whether to collect SAS port snapshot logs. Valid values:
  • true: The system collects SAS port snapshot logs.
  • false: The system does not collect SAS port snapshot logs.
false
sas_dns_enabled Specifies whether to collect SAS DNS logs. Valid values:
  • true: The system collects SAS DNS logs.
  • false: The system does not collect SAS DNS logs.
false
sas_local_dns_enabled Specifies whether to collect SAS local DNS logs. Valid values:
  • true: The system collects SAS local DNS logs.
  • false: The system does not collect SAS local DNS logs.
false
sas_session_enabled Specifies whether to collect SAS network session logs. Valid values:
  • true: The system collects SAS network session logs.
  • false: The system does not collect SAS network session logs.
false
sas_http_enabled Specifies whether to collect SAS web access logs. Valid values:
  • true: The system collects SAS web access logs.
  • false: The system does not collect SAS web access logs.
false
sas_security_vul_enabled Specifies whether to collect SAS vulnerability logs. Valid values:
  • true: The system collects SAS vulnerability logs.
  • false: The system does not collect SAS vulnerability logs.
false
sas_security_hc_enabled Specifies whether to collect SAS baseline logs. Valid values:
  • true: The system collects SAS baseline logs.
  • false: The system does not collect SAS baseline logs.
false
sas_security_alert_enabled Specifies whether to collect SAS security alert logs. Valid values:
  • true: The system collects SAS security alert logs.
  • false: The system does not collect SAS security alert logs.
false
sas_ti_enabled Specifies whether to enable the threat intelligence feature for SAS logs. Valid values:
  • true: The system enables the threat intelligence feature.
  • false: The system disables the threat intelligence feature.
false
apigateway_enabled Specifies whether to collect API Gateway access logs. Valid values:
  • true: The system collects API Gateway access logs.
  • false: The system does not collect API Gateway access logs.
false
apigateway_ttl The retention period of API Gateway access logs in the central Logstore. Unit: days. 180
apigateway_ti_enabled Specifies whether to enable the threat intelligence feature for API Gateway access logs. Valid values:
  • true: The system enables the threat intelligence feature.
  • false: The system disables the threat intelligence feature.
false
nas_enabled Specifies whether to collect Apsara File Storage NAS access logs. Valid values:
  • true: The system collects NAS access logs.
  • false: The system does not collect NAS access logs.
false
nas_ttl The retention period of NAS access logs in the central Logstore. Unit: days. 180
nas_ti_enabled Specifies whether to enable the threat intelligence feature for NAS access logs. Valid values:
  • true: The system enables the threat intelligence feature.
  • false: The system disables the threat intelligence feature.
false
appconnect_enabled Specifies whether to collect Cloud Service Bus (CSB) App Connect logs. Valid values:
  • true: The system collects App Connect logs.
  • false: The system does not collect App Connect logs.
false
appconnect_ttl The retention period of App Connect logs in the central Logstore. Unit: days. 180
appconnect_ti_enabled Specifies whether to enable the threat intelligence feature for App Connect logs. Valid values:
  • true: The system enables the threat intelligence feature.
  • false: The system disables the threat intelligence feature.
false
cps_enabled Specifies whether to collect Alibaba Cloud Mobile Push logs. Valid values:
  • true: The system collects Alibaba Cloud Mobile Push logs.
  • false: The system does not collect Alibaba Cloud Mobile Push logs.
false
cps_ttl The retention period of Alibaba Cloud Mobile Push logs in the central Logstore. Unit: days. 180
cps_ti_enabled Specifies whether to enable the threat intelligence feature for Alibaba Cloud Mobile Push logs. Valid values:
  • true: The system enables the threat intelligence feature.
  • false: The system disables the threat intelligence feature.
false
k8s_audit_enabled Specifies whether to collect Kubernetes audit logs. Valid values:
  • true: The system collects Kubernetes audit logs.
  • false: The system does not collect Kubernetes audit logs.
false
k8s_audit_collection_policy The collection policy for Kubernetes audit logs. ""
k8s_audit_ttl The retention period of Kubernetes audit logs in the central Logstore. Unit: days. 180
k8s_event_enabled Specifies whether to collect Kubernetes event logs. Valid values:
  • true: The system collects Kubernetes event logs.
  • false: The system does not collect Kubernetes event logs.
false
k8s_event_collection_policy The collection policy for Kubernetes event logs. ""
k8s_event_ttl The retention period of Kubernetes event logs in the central Logstore. Unit: days. 180
k8s_ingress_enabled Specifies whether to collect Kubernetes Ingress access logs. Valid values:
  • true: The system collects Kubernetes Ingress access logs.
  • false: The system does not collect Kubernetes Ingress access logs.
false
k8s_ingress_collection_policy The collection policy for Kubernetes Ingress access logs. ""
k8s_ingress_ttl The retention period of Kubernetes Ingress access logs in the central Logstore. Unit: days. 180