Cloud Firewall integrates with Simple Log Service to provide the log analysis feature. This feature lets you collect, query, analyze, transform, and consume Internet traffic logs in real time to meet classified protection compliance requirements.
Asset details
-
Dedicated project and Logstore
After you enable log analysis, Simple Log Service automatically creates a project named cloudfirewall-project-<Alibaba Cloud account ID>-ap-southeast-1 and a Logstore named cloudfirewall-Logstore.
Important-
Do not delete the Simple Log Service project and Logstore for Cloud Firewall logs. Otherwise, logs cannot be sent to Simple Log Service.
-
If you previously enabled pay-by-ingested-data billing, the system creates a Logstore with this billing mode by default. To switch to pay-by-feature billing, Modify Logstore configurations.
-
-
Dedicated dashboard
A default dashboard is also created.
ImportantThis dashboard may update without notice. Do not modify it. To visualize custom queries, Create a dashboard.
Dashboard
Description
report
Displays basic Cloud Firewall metrics: traffic sources, outbound distribution, and system stability.
Billing
-
Cloud Firewall log analysis is billed by retention period and log storage. Billing methods for log analysis. After Cloud Firewall pushes logs to Simple Log Service, pay-by-feature Logstores incur Simple Log Service charges for data transformation, data shipping, and Internet read traffic in Simple Log Service. Billable items for the pay-by-feature billing mode.
-
With pay-by-ingested-data billing, data transformation and shipping in Simple Log Service are free. Standard Simple Log Service charges apply only when you read data from Simple Log Service over the Internet. Billing items for the pay-by-ingested-data billing mode.
Limitations
-
Only Cloud Firewall logs can be written to the dedicated Logstore. Query, statistics, alerting, and consumption features have no special restrictions.
-
You cannot modify the log retention period of the dedicated Logstore on the Simple Log Service console. Modify the retention period on the Cloud Firewall console instead.
-
Simple Log Service must be available with no overdue payments. Otherwise, Cloud Firewall log analysis is suspended.
-
Ensure sufficient log storage. When storage is full, new logs cannot be written.
NoteConsole storage usage has a two-hour delay from actual usage.
Benefits
-
Classified protection compliance: Stores website access logs for six months to meet classified protection requirements.
-
Simple configuration: Collects Internet traffic logs in real time with minimal configuration.
-
Real-time analysis: Provides real-time log analysis and an out-of-the-box report center powered by Simple Log Service, with visibility into Internet traffic and user access data.
-
Real-time alerting: Near-real-time monitoring and alerting on specific metrics to help you respond promptly to anomalies in critical services.