All Products
Search

This Product

    Security Center:[Notice] Updates on log analysis and CTDR features

    Document Center

    Security Center:[Notice] Updates on log analysis and CTDR features

    Last Updated:Feb 27, 2025

    Dear Alibaba Cloud users,

    To enhance our security services, Security Center is scheduled to update the log analysis and Cloud Threat Detection and Response (CTDR) features on March 27, 2025, UTC+8.

    Update details

    • Log Analysis

      • Starting March 27, 2025, the log analysis feature no longer supports the delivery of network logs, including web access logs, DNS logs, network session logs, and local DNS logs.

      • If you have activated network log delivery, the service will be discontinued on March 27, 2025. New network log data will not be delivered, but previously delivered data will be preserved and available for queries.

    • CTDR

      • Starting March 27, 2025, the CTDR feature no longer supports adding DNS logs, web access logs, network session logs, and failed MySQL/FTP logon logs.

      • From March 27, 2025, the log management capability of the CTDR feature no longer supports the delivery of the aforementioned network logs.

      • If you have enabled the log management capability for delivering network logs before this date, the service will be discontinued on March 27, 2025. New network log data will not be delivered, but previously delivered data will be preserved and available for queries.

    Update impacts

    Effective March 27, 2025, the Security Center will discontinue support for network log delivery. This update applies exclusively to the Security Center Enterprise and Ultimate. If you require network log delivery, you will need to seek alternative solutions.

    Alternative solutions for adding or delivering network logs

    Security Center offers several alternative solutions for different types of network logs, allowing you to select the best fit for your needs.

    DNS logs

    Consider the DNS request log feature provided by Security Center. For more information, see DNS request logs.

    Note

    • DNS request logs do not support recording DNS requests within containers.

    • For Linux servers, only systems with a kernel version of 4.X.X or higher are supported.

    • For Windows servers, only Windows Server 2012 and later versions are supported.

    Web access logs

    Consider Cloud Firewall and Web Application Firewall (WAF) as alternatives:

    • Cloud Firewall: Enable NAT firewall and log analysis features to collect and store web server request logs. For more information, see NAT firewall.

    • WAF: Enable the WAF log service to collect and store web server response logs. For more information, see Log fields.

    Network session logs

    Use the Network Connection and Network Snapshot log features provided by Security Center. For more information, see Network connection logs and Network snapshot logs.

    Note

    Network connection logs capture all outbound network requests and successful connection attempts. Security Center records network connectivity data for servers in real time. An outbound connection (connect) triggers a record upon initiation, while an inbound connection (accept) triggers a record upon success.

    Local DNS logs

    • Log analysis feature of Security Center

      Consider the DNS request log feature provided by Security Center. For more information, see DNS request logs.

      Note

      • DNS request logs do not support recording DNS requests within containers.

      • For Linux servers, only systems with a kernel version of 4.X.X or higher are supported.

      • For Windows servers, only Windows Server 2012 and later versions are supported.

    • Alibaba Cloud DNS

      Store Private DNS logs to Simple Log Service.

    Failed MySQL/FTP logon logs

    No alternative solution is available now.