Use ALIYUN::SLS::Audit to configure Log Audit Service - Resource Orchestration Service

ALIYUN::SLS::Audit is used to configure Log Audit Service.

Note

For more information about Log Audit Service, see Overview of Log Audit Service.

Syntax

{
  "Type": "ALIYUN::SLS::Audit",
  "Properties": {
    "VariableMap": Map,
    "DisplayName": String,
    "MultiAccount": List
  }
}

Properties

Property	Type	Required	Editable	Description	Constraint
DisplayName	String	Yes	No	The display name of Log Audit Service.	The display name can be up to 128 characters in length.
VariableMap	Map	Yes	Yes	The configurations of Log Audit Service.	For more information, see VariableMap properties.
MultiAccount	List	No	Yes	The IDs of the Alibaba Cloud accounts for which you want to configure Log Audit Service.	Separate multiple Alibaba Cloud account IDs with commas (,). You can specify up to 100 Alibaba Cloud account IDs.

VariableMap syntax

"VariableMap": {
  "ApigatewayTtl": Number,
  "SasCrackEnabled": Boolean,
  "CpsEnabled": Boolean,
  "ApigatewayEnabled": Boolean,
  "WafEnabled": Boolean,
  "OssSyncTtl": Number,
  "SasTtl": Number,
  "ActiontrailTtl": Number,
  "OssAccessEnabled": Boolean,
  "OssSyncEnabled": Boolean,
  "SasSnapshotAccountEnabled": Boolean,
  "SlbSyncEnabled": Boolean,
  "SlbAccessTtl": Number,
  "BastionEnabled": Boolean,
  "RdsEnabled": Boolean,
  "SasSessionEnabled": Boolean,
  "SasLocalDnsEnabled": Boolean,
  "OssAccessTtl": Number,
  "SasHttpEnabled": Boolean,
  "BastionTtl": Number,
  "OssMeteringEnabled": Boolean,
  "SasProcessEnabled": Boolean,
  "NasEnabled": Boolean,
  "SasDnsEnabled": Boolean,
  "SasSnapshotPortEnabled": Boolean,
  "SasSecurityAlertEnabled": Boolean,
  "SlbAccessEnabled": Boolean,
  "NasTtl": Number,
  "SasNetworkEnabled": Boolean,
  "SasLoginEnabled": Boolean,
  "WafTtl": Number,
  "OssMeteringTtl": Number,
  "SasSnapshotProcessEnabled": Boolean,
  "SasSecurityHcEnabled": Boolean,
  "RdsTtl": Number,
  "CpsTtl": Number,
  "SlbSyncTtl": Number,
  "CloudfirewallTtl": Number,
  "ActiontrailEnabled": Boolean,
  "SasSecurityVulEnabled": Boolean,
  "ApigatewayTiEnabled": Boolean,
  "RdsSlowCollectionPolicy": String,
  "PolardbSlowCollectionPolicy": String,
  "BastionAuditCollectionPolicy": String,
  "DdosCooAccessPolicySetting": List,
  "RdsAuditCollectionPolicy": String,
  "ActiontrailOpenapiPolicySetting": List,
  "BastionTiEnabled": Boolean,
  "K8sIngressTiEnabled": Boolean,
  "PolardbEnabled": Boolean,
  "WafTiEnabled": Boolean,
  "RedisSyncTtl": Number,
  "OssAccessPolicySetting": List,
  "AppconnectTiEnabled": Boolean,
  "ApigatewayAccessPolicySetting": List,
  "NasTiEnabled": Boolean,
  "RdsPerfTiEnabled": Boolean,
  "ActiontrailOpenapiCollectionPolicy": String,
  "DrdsSyncTtl": Number,
  "K8sEventEnabled": Boolean,
  "RedisSyncEnabled": Boolean,
  "PolardbPerfTiEnabled": Boolean,
  "CpsTiEnabled": Boolean,
  "CloudfirewallTiEnabled": Boolean,
  "OssAccessTiEnabled": Boolean,
  "PolardbSlowTiEnabled": Boolean,
  "RedisAuditTtl": Number,
  "RdsAuditPolicySetting": List,
  "OssMeteringCollectionPolicy": String,
  "ActiontrailTiEnabled": Boolean,
  "SasTiEnabled": Boolean,
  "DdosCooAccessTiEnabled": Boolean,
  "WafAccessCollectionPolicy": String,
  "CloudfirewallAccessPolicySetting": List,
  "RedisAuditEnabled": Boolean,
  "CpsCallbackPolicySetting": List,
  "BastionAuditPolicySetting": List,
  "PolardbSlowEnabled": Boolean,
  "DrdsAuditEnabled": Boolean,
  "PolardbTtl": Number,
  "RdsPerfPolicySetting": List,
  "K8sIngressTtl": Number,
  "OssMeteringPolicySetting": List,
  "K8sEventCollectionPolicy": String,
  "DrdsAuditPolicySetting": List,
  "WafAccessPolicySetting": List,
  "CloudfirewallEnabled": Boolean,
  "PolardbAuditPolicySetting": List,
  "RedisAuditTiEnabled": Boolean,
  "RedisAuditPolicySetting": List,
  "SlbAccessPolicySetting": List,
  "PolardbTiEnabled": Boolean,
  "ApigatewayAccessCollectionPolicy": String,
  "DrdsAuditTtl": Number,
  "AppconnectEnabled": Boolean,
  "DrdsSyncEnabled": Boolean,
  "OssMeteringTiEnabled": Boolean,
  "K8sAuditTiEnabled": Boolean,
  "PolardbSlowTtl": Number,
  "DrdsAuditCollectionPolicy": String,
  "K8sAuditPolicySetting": List,
  "K8sEventPolicySetting": List,
  "RdsSlowTiEnabled": Boolean,
  "K8sIngressPolicySetting": List,
  "RedisAuditCollectionPolicy": String,
  "PolardbPerfTtl": Number,
  "AppconnectTtl": Number,
  "DrdsAuditTiEnabled": Boolean,
  "K8sAuditEnabled": Boolean,
  "PolardbPerfPolicySetting": List,
  "NasAuditPolicySetting": List,
  "K8sEventTtl": Number,
  "CpsCallbackCollectionPolicy": String,
  "PolardbAuditCollectionPolicy": String,
  "RdsPerfEnabled": Boolean,
  "RdsSlowEnabled": Boolean,
  "PolardbSlowPolicySetting": List,
  "DdosCooAccessTtl": Number,
  "PolardbPerfCollectionPolicy": String,
  "SlbAccessTiEnabled": Boolean,
  "PolardbPerfEnabled": Boolean,
  "AppconnectOpPolicySetting": List,
  "K8sEventTiEnabled": Boolean,
  "AppconnectOpCollectionPolicy": String,
  "NasAuditCollectionPolicy": String,
  "K8sAuditTtl": Number,
  "SlbAccessCollectionPolicy": String,
  "K8sIngressEnabled": Boolean,
  "K8sAuditCollectionPolicy": String,
  "RdsPerfTtl": Number,
  "OssAccessCollectionPolicy": String,
  "RdsSlowPolicySetting": List,
  "RdsSlowTtl": Number,
  "RdsPerfCollectionPolicy": String,
  "DdosCooAccessEnabled": Boolean,
  "DdosCooAccessCollectionPolicy": String,
  "CloudfirewallAccessCollectionPolicy": String,
  "RdsTiEnabled": Boolean,
  "K8sIngressCollectionPolicy": String,
  "CloudfirewallVpcEnabled": Boolean,
  "CloudfirewallVpcTtl": Number,
  "DdosBgpAccessEnabled": Boolean,
  "DdosBgpAccessTtl": Number,
  "DdosDipAccessEnabled": Boolean,
  "DdosDipAccessTtl": Number,
  "DnsIntranetCollectionPolicy": String,
  "DnsIntranetEnabled": Boolean,
  "DnsIntranetTtl": Number,
  "DnsSyncEnabled": Boolean,
  "DnsSyncTtl": Number,
  "IdaasMngCollectionPolicy": String,
  "IdaasMngEnabled": Boolean,
  "IdaasMngTtl": Number,
  "IdaasUserCollectionPolicy": String,
  "IdaasUserEnabled": Boolean,
  "IdaasUserTtl": Number,
  "VpcFlowCollectionPolicy": String,
  "VpcFlowEnabled": Boolean,
  "VpcFlowTtl": Number,
  "VpcSyncEnabled": Boolean,
  "VpcSyncTtl": Number,
  "AlbAccessCollectionPolicy": String,
  "AlbAccessEnabled": Boolean,
  "AlbAccessTtl": Number,
  "AlbSyncEnabled": Boolean,
  "AlbSyncTtl": Number,
  "CloudconfigChangeEnabled": Boolean,
  "CloudconfigChangeTtl": Number,
  "CloudconfigNoncomEnabled": Boolean,
  "CloudconfigNoncomTtl": Number,
  "PolardbErrorCollectionPolicy": String,
  "PolardbErrorEnabled": Boolean,
  "PolardbErrorTtl": Number,
  "RdsErrorCollectionPolicy": String,
  "RdsErrorEnabled": Boolean,
  "RdsErrorTtl": Number,
  "SasDnsQueryEnabled": Boolean,
}

VariableMap properties

Property	Type	Required	Editable	Description	Constraint
PolardbErrorTtl	Number	Yes	Yes	The period of time during which error logs of PolarDB for MySQL are retained in the central Logstore.	Unit: day.
ActiontrailEnabled	Boolean	No	Yes	Specifies whether to audit operation logs of ActionTrail.	Valid values: true (default) false
ActiontrailOpenapiCollectionPolicy	String	No	Yes	The collection policy for API logs of ActionTrail.	None.
ActiontrailOpenapiPolicySetting	List	No	Yes	The settings of the API policy for ActionTrail.	None.
ActiontrailTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for ActionTrail.	Valid values: true false (default)
ActiontrailTtl	Number	No	Yes	The period of time during which operation logs of ActionTrail are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
AlbAccessCollectionPolicy	String	No	Yes	The collection policy for access logs of Application Load Balancer (ALB).	None.
AlbAccessEnabled	Boolean	No	Yes	Specifies whether to collect access logs of ALB.	Valid values: true false (default)
AlbAccessTtl	Number	No	Yes	The period of time during which access logs of ALB are retained in the regional Logstore.	Unit: day.
AlbSyncEnabled	Boolean	No	Yes	Specifies whether to synchronize access logs of ALB to the central project.	Valid values: true false (default)
AlbSyncTtl	Number	No	Yes	The period of time during which access logs of ALB are retained in the central Logstore.	Unit: day.
ApigatewayAccessCollectionPolicy	String	No	Yes	The audit policy for API Gateway.	None.
ApigatewayAccessPolicySetting	List	No	Yes	The settings of the audit policy for API Gateway.	None.
ApigatewayEnabled	Boolean	No	Yes	Specifies whether to audit access logs of API Gateway.	Valid values: true (default) false
ApigatewayTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for API Gateway.	Valid values: true false (default)
ApigatewayTtl	Number	No	Yes	The period of time during which access logs of API Gateway are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
AppconnectEnabled	Boolean	No	Yes	Specifies whether to audit operation logs of Cloud Service Bus (CSB) App Connect.	Valid values: true false (default)
AppconnectOpCollectionPolicy	String	No	Yes	The collection policy for CSB App Connect logs.	None.
AppconnectOpPolicySetting	List	No	Yes	The settings of the audit policy for CSB App Connect.	None.
AppconnectTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for CSB App Connect.	Valid values: true false (default)
AppconnectTtl	Number	No	Yes	The period of time during which operation logs of CSB App Connect are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
BastionAuditCollectionPolicy	String	No	Yes	The collection policy for audit logs of Bastionhost (BH).	None.
BastionAuditPolicySetting	List	No	Yes	The settings of the collection policy for BH logs.	None.
BastionEnabled	Boolean	No	Yes	Specifies whether to audit operation logs of BH.	Valid values: true (default) false
BastionTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for BH.	Valid values: true false (default)
BastionTtl	Number	No	Yes	The period of time during which operation logs of BH are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
CloudconfigChangeEnabled	Boolean	No	Yes	Specifies whether to collect change logs of Cloud Config.	Valid values: true false (default)
CloudconfigChangeTtl	Number	No	Yes	The period of time during which change logs of Cloud Config are retained in the central Logstore.	Unit: day.
CloudconfigNoncomEnabled	Boolean	No	Yes	Specifies whether to collect non-compliance events of Cloud Config.	Valid values: true false (default)
CloudconfigNoncomTtl	Number	No	Yes	The period of time during which non-compliance events of Cloud Config are retained in the central Logstore.	Unit: day.
CloudfirewallAccessCollectionPolicy	String	No	Yes	The collection policy for audit logs of Web Application Firewall (WAF).	None.
CloudfirewallAccessPolicySetting	List	No	Yes	The settings of the collection policy for Cloud Firewall logs.	None.
CloudfirewallEnabled	Boolean	No	Yes	Specifies whether to audit virtual private cloud (VPC) firewall traffic logs of Cloud Firewall.	Valid values: true (default) false
CloudfirewallTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for Cloud Firewall.	Valid values: true false (default)
CloudfirewallTtl	Number	No	Yes	The period of time during which Internet firewall traffic logs of Cloud Firewall are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
CloudfirewallVpcEnabled	Boolean	No	Yes	Specifies whether to collect VPC firewall traffic logs of Cloud Firewall.	Valid values: true false (default)
CloudfirewallVpcTtl	Number	No	Yes	The period of time during which VPC firewall traffic logs of Cloud Firewall are retained in the central Logstore.	Unit: day.
CpsCallbackCollectionPolicy	String	No	Yes	The collection policy for Alibaba Cloud Mobile Push logs.	None.
CpsCallbackPolicySetting	List	No	Yes	The settings of the collection policy for Alibaba Cloud Mobile Push logs.	None.
CpsEnabled	Boolean	No	Yes	Specifies whether to audit push receipt events of Alibaba Cloud Mobile Push.	Valid values: true (default) false
CpsTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for Alibaba Cloud Mobile Push.	Valid values: true false (default)
CpsTtl	Number	No	Yes	The period of time during which push receipt events of Alibaba Cloud Mobile Push are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
DdosBgpAccessEnabled	Boolean	No	Yes	Specifies whether to collect Anti-DDoS Origin logs.	Valid values: true false (default)
DdosBgpAccessTtl	Number	No	Yes	The period of time during which Anti-DDoS Origin logs are retained in the central Logstore.	Unit: day.
DdosCooAccessCollectionPolicy	String	No	Yes	The collection policy for audit logs of Anti-DDoS.	None.
DdosCooAccessEnabled	Boolean	No	Yes	Specifies whether to audit access logs of Anti-DDoS.	Valid values: true false (default)
DdosCooAccessPolicySetting	List	No	Yes	The settings of the audit policy for Anti-DDoS.	None.
DdosCooAccessTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for Anti-DDoS.	Valid values: true false (default)
DdosCooAccessTtl	Number	No	Yes	The period of time during which Anti-DDoS logs are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
DdosDipAccessEnabled	Boolean	No	Yes	Specifies whether to collect Anti-DDoS Proxy (Outside Chinese Mainland) logs.	Valid values: true false (default)
DdosDipAccessTtl	Number	No	Yes	The period of time during which Anti-DDoS Proxy (Outside Chinese Mainland) logs are retained in the central Logstore.	Unit: day.
DnsIntranetCollectionPolicy	String	No	Yes	The collection policy for intranet private logs of Alibaba Cloud DNS (DNS).	None.
DnsIntranetEnabled	Boolean	No	Yes	Specifies whether to collect intranet private DNS logs.	Valid values: true false (default)
DnsIntranetTtl	Number	No	Yes	The period of time during which intranet private DNS logs are retained in the regional Logstore.	Unit: day.
DnsSyncEnabled	Boolean	No	Yes	Specifies whether to synchronize intranet private DNS logs to the central project.	Valid values: true false (default)
DnsSyncTtl	Number	No	Yes	The period of time during which intranet private DNS logs are retained in the central Logstore.	Unit: day.
DrdsAuditCollectionPolicy	String	No	Yes	The collection policy for audit logs of PolarDB-X 1.0.	None.
DrdsAuditEnabled	Boolean	No	Yes	Specifies whether to audit the SQL audit logs of PolarDB-X 1.0.	Valid values: true (default) false
DrdsAuditPolicySetting	List	No	Yes	The settings of the audit policy for PolarDB-X 1.0.	None.
DrdsAuditTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for PolarDB-X 1.0.	Valid values: true false (default)
DrdsAuditTtl	Number	No	Yes	The period of time during which SQL audit logs of PolarDB-X 1.0 are retained in the regional Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
DrdsSyncEnabled	Boolean	No	Yes	Specifies whether to synchronize SQL audit logs of PolarDB-X 1.0 to the central project.	Valid values: true (default) false
DrdsSyncTtl	Number	No	Yes	The period of time during which audit logs of PolarDB-X 1.0 are retained in the central Logstore.	Unit: day.
IdaasMngCollectionPolicy	String	No	Yes	The collection policy for management logs of Identity as a Service (IDaaS).	None.
IdaasMngEnabled	Boolean	No	Yes	Specifies whether to collect management logs of IDaaS.	Valid values: true false (default)
IdaasMngTtl	Number	No	Yes	The period of time during which management logs of IDaaS are retained in the central Logstore.	Unit: day.
IdaasUserCollectionPolicy	String	No	Yes	The collection policy for behavioral logs of IDaaS.	None.
IdaasUserEnabled	Boolean	No	Yes	Specifies whether to collect behavioral logs of IDaaS.	Valid values: true false (default)
IdaasUserTtl	Number	No	Yes	The period of time during which behavioral logs of IDaaS are retained in the central Logstore.	Unit: day.
K8sAuditCollectionPolicy	String	No	Yes	The collection policy for audit logs of Container Service for Kubernetes (ACK).	None.
K8sAuditEnabled	Boolean	No	Yes	Specifies whether to collect Kubernetes audit logs of ACK.	Valid values: true false (default)
K8sAuditPolicySetting	List	No	Yes	The settings of the audit policy for ACK.	None.
K8sAuditTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for ACK.	Valid values: true false (default)
K8sAuditTtl	Number	No	Yes	The period of time during which Kubernetes audit logs of ACK are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
K8sEventCollectionPolicy	String	No	Yes	The collection policy for event logs of ACK.	None.
K8sEventEnabled	Boolean	No	Yes	Specifies whether to collect Kubernetes event logs of ACK.	Valid values: true false (default)
K8sEventPolicySetting	List	No	Yes	The settings of the event policy for ACK.	None.
K8sEventTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for ACK events.	Valid values: true false (default)
K8sEventTtl	Number	No	Yes	The period of time during which event logs of ACK are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
K8sIngressCollectionPolicy	String	No	Yes	The collection policy for Ingress access logs of ACK.	None.
K8sIngressEnabled	Boolean	No	Yes	Specifies whether to audit Ingress access logs of ACK.	Valid values: true false (default)
K8sIngressPolicySetting	List	No	Yes	The settings of the Ingress policy for ACK.	None.
K8sIngressTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for Ingress access logs of ACK.	Valid values: true false (default)
K8sIngressTtl	Number	No	Yes	The period of time during which Ingress access logs of ACK are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
NasAuditCollectionPolicy	String	No	Yes	The collection policy for audit logs of Apsara File Storage NAS (NAS).	None.
NasAuditPolicySetting	List	No	Yes	The settings of the audit policy for NAS.	None.
NasEnabled	Boolean	No	Yes	Specifies whether to audit access logs of NAS.	Valid values: true (default) false
NasTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for NAS.	Valid values: true false (default)
NasTtl	Number	No	Yes	The period of time during which access logs of NAS are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
OssAccessCollectionPolicy	String	No	Yes	The collection policy for access logs of Object Storage Service (OSS).	None.
OssAccessEnabled	Boolean	No	Yes	Specifies whether to audit access logs of OSS.	Valid values: true (default) false
OssAccessPolicySetting	List	No	Yes	The settings of the access policy for OSS.	None.
OssAccessTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for OSS.	Valid values: true false (default)
OssAccessTtl	Number	No	Yes	The period of time during which access logs of OSS are retained in the regional Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
OssMeteringCollectionPolicy	String	No	Yes	The collection policy for metering logs of OSS.	None.
OssMeteringEnabled	Boolean	No	Yes	Specifies whether to audit metering logs of OSS.	Valid values: true (default) false
OssMeteringPolicySetting	List	No	Yes	The settings of the metering policy for OSS.	None.
OssMeteringTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for metering logs of OSS.	Valid values: true false (default)
OssMeteringTtl	Number	No	Yes	The period of time during which metering logs of OSS are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
OssSyncEnabled	Boolean	No	Yes	Specifies whether to synchronize access logs of OSS to the central project.	Valid values: true (default) false Note You can synchronize the collected logs to the central project. This way, you can query, analyze, and visualize the collected logs in a more efficient manner. You can also configure alerts for the logs and perform secondary development.
OssSyncTtl	Number	No	Yes	The period of time during which OSS logs are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day. For more information about centralized storage, see the "Benefits" section of the Overview of Log Audit Service topic.
PolardbAuditCollectionPolicy	String	No	Yes	The collection policy for audit logs of PolarDB for MySQL.	None.
PolardbAuditPolicySetting	List	No	Yes	The settings of the audit policy for PolarDB for MySQL.	None.
PolardbEnabled	Boolean	No	Yes	Specifies whether to collect audit logs of PolarDB for MySQL.	Valid values: true (default) false
PolardbErrorCollectionPolicy	String	No	Yes	The collection policy for error logs of PolarDB for MySQL.	None.
PolardbErrorEnabled	Boolean	No	Yes	Specifies whether to collect error logs of PolarDB for MySQL.	None.
PolardbPerfCollectionPolicy	String	No	Yes	The collection policy for performance logs of PolarDB for MySQL.	None.
PolardbPerfEnabled	Boolean	No	Yes	Specifies whether to collect performance logs of PolarDB for MySQL.	Valid values: true false (default)
PolardbPerfPolicySetting	List	No	Yes	The settings of the performance log policy for PolarDB for MySQL.	None.
PolardbPerfTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for performance logs of PolarDB for MySQL.	Valid values: true false (default)
PolardbPerfTtl	Number	No	Yes	The period of time during which performance logs of PolarDB for MySQL are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
PolardbSlowCollectionPolicy	String	No	Yes	The collection policy for slow query logs of PolarDB for MySQL.	None.
PolardbSlowEnabled	Boolean	No	Yes	Specifies whether to audit slow query logs of PolarDB for MySQL.	Valid values: true false (default)
PolardbSlowPolicySetting	List	No	Yes	The settings of the slow query log policy for PolarDB for MySQL.	None.
PolardbSlowTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for slow query logs of PolarDB for MySQL.	Valid values: true false (default)
PolardbSlowTtl	Number	No	Yes	The period of time during which slow query logs of PolarDB for MySQL are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
PolardbTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for PolarDB for MySQL.	Valid values: true false (default)
PolardbTtl	Number	No	Yes	The period of time during which audit logs of PolarDB for MySQL are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
RdsAuditCollectionPolicy	String	No	Yes	The collection policy for audit logs of ApsaraDB RDS for MySQL.	None.
RdsAuditPolicySetting	List	No	Yes	The settings of the audit policy for ApsaraDB RDS for MySQL.	None.
RdsEnabled	Boolean	No	Yes	Specifies whether to audit the SQL audit logs of ApsaraDB RDS for MySQL.	Valid values: true (default) false
RdsErrorCollectionPolicy	String	No	Yes	The collection policy for error logs of ApsaraDB RDS for MySQL.	None.
RdsErrorEnabled	Boolean	No	Yes	Specifies whether to collect error logs of ApsaraDB RDS for MySQL.	Valid values: true false (default)
RdsErrorTtl	Number	No	Yes	The period of time during which error logs of ApsaraDB RDS for MySQL are retained in the central Logstore.	Unit: day.
RdsPerfCollectionPolicy	String	No	Yes	The collection policy for performance logs of ApsaraDB RDS for MySQL.	None.
RdsPerfEnabled	Boolean	No	Yes	Specifies whether to audit performance logs of ApsaraDB RDS for MySQL.	Valid values: true false (default)
RdsPerfPolicySetting	List	No	Yes	The settings of the performance policy for ApsaraDB RDS for MySQL.	None.
RdsPerfTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for performance logs of ApsaraDB RDS for MySQL.	Valid values: true false (default)
RdsPerfTtl	Number	No	Yes	The period of time during which performance logs of ApsaraDB RDS for MySQL are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
RdsSlowCollectionPolicy	String	No	Yes	Specifies whether to audit the slow query log policy for ApsaraDB RDS for MySQL.	Valid values: true false (default)
RdsSlowEnabled	Boolean	No	Yes	Specifies whether to audit slow query logs of ApsaraDB RDS for MySQL.	Valid values: true false (default)
RdsSlowPolicySetting	List	No	Yes	The settings of the slow query log policy for ApsaraDB RDS for MySQL.	None.
RdsSlowTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for slow query logs of ApsaraDB RDS for MySQL.	Valid values: true false (default)
RdsSlowTtl	Number	No	Yes	The period of time during which slow query logs of ApsaraDB RDS for MySQL are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
RdsTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for ApsaraDB RDS for MySQL.	Valid values: true false (default)
RdsTtl	Number	No	Yes	The period of time during which SQL audit logs of ApsaraDB RDS for MySQL are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
RedisAuditCollectionPolicy	String	No	Yes	The collection policy for audit logs of ApsaraDB for Redis.	None.
RedisAuditEnabled	Boolean	No	Yes	Specifies whether to audit the audit logs of ApsaraDB for Redis.	Valid values: true (default) false
RedisAuditPolicySetting	List	No	Yes	The settings of the audit policy for ApsaraDB for Redis.	None.
RedisAuditTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for ApsaraDB for Redis.	Valid values: true false (default)
RedisAuditTtl	Number	No	Yes	The period of time during which access logs of ApsaraDB for Redis are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 7. Unit: day.
RedisSyncEnabled	Boolean	No	Yes	Specifies whether to synchronize audit logs of ApsaraDB for Redis to the central project.	Valid values: true (default) false
RedisSyncTtl	Number	No	Yes	The period of time during which audit logs of ApsaraDB for Redis are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
SasCrackEnabled	Boolean	No	Yes	Specifies whether to audit brute-force attack logs of Security Center.	Valid values: true false (default)
SasDnsEnabled	Boolean	No	Yes	Specifies whether to audit Domain Name System (DNS) logs of Security Center.	Valid values: true false (default)
SasDnsQueryEnabled	Boolean	No	Yes	Specifies whether to collect DNS request logs of Security Center.	Valid values: true false (default)
SasHttpEnabled	Boolean	No	Yes	Specifies whether to audit web access logs of Security Center.	Valid values: true false (default)
SasLocalDnsEnabled	Boolean	No	Yes	Specifies whether to audit internal DNS logs of Security Center.	Valid values: true false (default)
SasLoginEnabled	Boolean	No	Yes	Specifies whether to audit logon logs of Security Center.	Valid values: true false (default)
SasNetworkEnabled	Boolean	No	Yes	Specifies whether to audit network connection logs of Security Center.	Valid values: true false (default)
SasProcessEnabled	Boolean	No	Yes	Specifies whether to audit process startup logs of Security Center.	Valid values: true false (default)
SasSecurityAlertEnabled	Boolean	No	Yes	Specifies whether to audit alert logs of Security Center.	Valid values: true false (default)
SasSecurityHcEnabled	Boolean	No	Yes	Specifies whether to audit baseline logs of Security Center.	Valid values: true false (default)
SasSecurityVulEnabled	Boolean	No	Yes	Specifies whether to audit vulnerability logs of Security Center.	Valid values: true false (default)
SasSessionEnabled	Boolean	No	Yes	Specifies whether to audit network session logs of Security Center.	Valid values: true false (default)
SasSnapshotAccountEnabled	Boolean	No	Yes	Specifies whether to audit account snapshots of Security Center.	Valid values: true false (default)
SasSnapshotPortEnabled	Boolean	No	Yes	Specifies whether to audit port snapshots of Security Center.	Valid values: true false (default)
SasSnapshotProcessEnabled	Boolean	No	Yes	Specifies whether to audit process snapshots of Security Center.	Valid values: true false (default)
SasTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for Security Center.	Valid values: true false (default)
SasTtl	Number	No	Yes	The period of time during which Security Center logs are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
SlbAccessCollectionPolicy	String	No	Yes	The collection policy for audit logs of Server Load Balancer (SLB).	None.
SlbAccessEnabled	Boolean	No	Yes	Specifies whether to audit access logs of SLB.	Valid values: true (default) false
SlbAccessPolicySetting	List	No	Yes	The settings of the audit policy for SLB.	None.
SlbAccessTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for SLB.	Valid values: true false (default)
SlbAccessTtl	Number	No	Yes	The period of time during which access logs of SLB are retained in the regional Logstore.	Unit: day.
SlbSyncEnabled	Boolean	No	Yes	Specifies whether to synchronize access logs of SLB to the central project.	Valid values: true (default) false
SlbSyncTtl	Number	No	Yes	The period of time during which access logs of SLB are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.
VpcFlowCollectionPolicy	String	No	Yes	The collection policy for flow logs of Virtual Private Cloud (VPC).	None.
VpcFlowEnabled	Boolean	No	Yes	Specifies whether to collect flow logs of VPC.	Valid values: true false (default)
VpcFlowTtl	Number	No	Yes	The period of time during which flow logs of VPC are retained in the regional Logstore.	Unit: day.
VpcSyncEnabled	Boolean	No	Yes	Specifies whether to synchronize flow logs of VPC to the central project.	Valid values: true false (default)
VpcSyncTtl	Number	No	Yes	The period of time during which flow logs of VPC are retained in the central Logstore.	Unit: day.
WafAccessCollectionPolicy	String	No	Yes	The collection policy for WAF logs.	None.
WafAccessPolicySetting	List	No	Yes	The settings of the audit policy for WAF.	None.
WafEnabled	Boolean	No	Yes	Specifies whether to audit access logs of WAF.	Valid values: true (default) false
WafTiEnabled	Boolean	No	Yes	Specifies whether to enable threat intelligence for WAF.	Valid values: true false (default)
WafTtl	Number	No	Yes	The period of time during which access logs of WAF are retained in the central Logstore.	Valid values: 3 to 3000. Default value: 180. Unit: day.

Return values

Fn::GetAtt

DisplayName: the display name of Log Audit Service.

Examples

`YAML` format

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  DisplayName:
    Description: Name of SLS log audit.
    MaxLength: 128
    Type: String
  MultiAccount:
    Description: Multi-account configuration, please fill in multiple aliuid.
    MaxLength: 100
    MinLength: 0
    Type: Json
  VariableMap:
    Description: Log audit detailed configuration.
    Type: Json
Resources:
  Audit:
    Properties:
      DisplayName:
        Ref: DisplayName
      MultiAccount:
        Ref: MultiAccount
      VariableMap:
        Ref: VariableMap
    Type: ALIYUN::SLS::Audit
Outputs:
  DisplayName:
    Description: Name of SLS log audit.
    Value:
      Fn::GetAtt:
      - Audit
      - DisplayName

`JSON` format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "VariableMap": {
      "Type": "Json",
      "Description": "Log audit detailed configuration."
    },
    "DisplayName": {
      "Type": "String",
      "Description": "Name of SLS log audit.",
      "MaxLength": 128
    },
    "MultiAccount": {
      "Type": "Json",
      "Description": "Multi-account configuration, please fill in multiple aliuid.",
      "MinLength": 0,
      "MaxLength": 100
    }
  },
  "Resources": {
    "Audit": {
      "Type": "ALIYUN::SLS::Audit",
      "Properties": {
        "VariableMap": {
          "Ref": "VariableMap"
        },
        "DisplayName": {
          "Ref": "DisplayName"
        },
        "MultiAccount": {
          "Ref": "MultiAccount"
        }
      }
    }
  },
  "Outputs": {
    "DisplayName": {
      "Description": "Name of SLS log audit.",
      "Value": {
        "Fn::GetAtt": [
          "Audit",
          "DisplayName"
        ]
      }
    }
  }
}