Details of the Cloud Firewall log analysis feature - Simple Log Service

Cloud Firewall integrates with Simple Log Service to provide the log analysis feature. This feature lets you collect, query, analyze, transform, and consume Internet traffic logs in real time to meet classified protection compliance requirements. This topic describes the asset details, billing, and limitations of the log analysis feature.

Asset details

Dedicated project and Logstore

After you enable the log analysis feature, Simple Log Service automatically creates a project named cloudfirewall-project-<Alibaba Cloud account ID>-ap-southeast-1 and a dedicated Logstore named cloudfirewall-Logstore by default.
Important
- Do not delete the Simple Log Service project and Logstore for Cloud Firewall logs. Otherwise, logs cannot be sent to Simple Log Service.
- If you have previously enabled the pay-by-ingested-data billing mode, the system creates a dedicated Logstore that uses this billing mode by default. If you need to switch to the pay-by-feature billing mode, you can modify the Logstore configuration. For more information, see Modify Logstore configurations.

Dedicated dashboard

A default dashboard is also created.

Important

The dedicated dashboard may be upgraded or updated at any time. We recommend that you do not modify it. You can create a custom dashboard to visualize query results. For more information, see Create a dashboard.

Dashboard	Description
report	Displays basic metrics for Cloud Firewall, such as traffic sources, outbound traffic distribution, and system stability.

Billing

The Cloud Firewall log analysis feature is billed based on log retention period and log storage. For more information, see Billing methods for log analysis. After Cloud Firewall pushes logs to Simple Log Service, if a Logstore uses the pay-by-feature billing mode, Simple Log Service charges data transformation compute fees, data shipping fees, and Internet read traffic fees for operations such as data transformation, data shipping, and streaming data reads from Internet access points that are performed in Simple Log Service. For more information, see Billable items for the pay-by-feature billing mode.
When a Logstore uses the pay-by-ingested-data billing mode, operations such as data transformation and shipping in Simple Log Service are free of charge. You are charged based on the standard billing method of Simple Log Service only when you read data from Simple Log Service over the Internet. For more information, see Billing items for the pay-by-ingested-data billing mode.

Limitations

You can write only Cloud Firewall logs to the dedicated Logstore. Features such as querying, statistics, alerting, and consumption have no special limitations.
You cannot modify the log retention period of the dedicated Logstore on the Simple Log Service console. You can modify the retention period on the Cloud Firewall console.
Simple Log Service must be available and have no overdue payments. Otherwise, the log analysis feature for Cloud Firewall will be suspended.
Ensure that log storage is sufficient. If the log storage is full, new logs cannot be written.

Note
The log storage usage displayed in the console is not updated in real time. There is a two-hour delay between the displayed usage and the actual usage.

Benefits

Classified protection compliance: Stores website access logs for six months to help you meet classified protection compliance requirements.
Simple configuration: Collects Internet traffic logs in real time with minimal setup.
Real-time analysis: Powered by Simple Log Service, this feature provides real-time log analysis and an out-of-the-box report center, offering clear visibility into the Internet traffic that passes through Cloud Firewall and detailed user access data.
Real-time alerting: Lets you set up near-real-time monitoring and alerting based on specific metrics. This ensures that you can promptly respond to anomalies in critical services.