All Products
Search
Document Center

Simple Log Service:Cloud Firewall logs

Last Updated:Jun 02, 2026

Cloud Firewall integrates with Simple Log Service to provide the log analysis feature. This feature lets you collect, query, analyze, transform, and consume Internet traffic logs in real time to meet classified protection compliance requirements.

Asset details

  • Dedicated project and Logstore

    After you enable log analysis, Simple Log Service automatically creates a project named cloudfirewall-project-<Alibaba Cloud account ID>-ap-southeast-1 and a Logstore named cloudfirewall-Logstore.

    Important
    • Do not delete the Simple Log Service project and Logstore for Cloud Firewall logs. Otherwise, logs cannot be sent to Simple Log Service.

    • If you previously enabled pay-by-ingested-data billing, the system creates a Logstore with this billing mode by default. To switch to pay-by-feature billing, Modify Logstore configurations.

  • Dedicated dashboard

    A default dashboard is also created.

    Important

    This dashboard may update without notice. Do not modify it. To visualize custom queries, Create a dashboard.

    Dashboard

    Description

    report

    Displays basic Cloud Firewall metrics: traffic sources, outbound distribution, and system stability.

Billing

Limitations

  • Only Cloud Firewall logs can be written to the dedicated Logstore. Query, statistics, alerting, and consumption features have no special restrictions.

  • You cannot modify the log retention period of the dedicated Logstore on the Simple Log Service console. Modify the retention period on the Cloud Firewall console instead.

  • Simple Log Service must be available with no overdue payments. Otherwise, Cloud Firewall log analysis is suspended.

  • Ensure sufficient log storage. When storage is full, new logs cannot be written.

    Note

    Console storage usage has a two-hour delay from actual usage.

Benefits

  • Classified protection compliance: Stores website access logs for six months to meet classified protection requirements.

  • Simple configuration: Collects Internet traffic logs in real time with minimal configuration.

  • Real-time analysis: Provides real-time log analysis and an out-of-the-box report center powered by Simple Log Service, with visibility into Internet traffic and user access data.

  • Real-time alerting: Near-real-time monitoring and alerting on specific metrics to help you respond promptly to anomalies in critical services.