All Products
Search

This Product

    Simple Log Service:Enable the audit log feature

    Document Center

    Simple Log Service:Enable the audit log feature

    Last Updated:Nov 19, 2024

    Simple Log Service (SLS) and Tair (Redis OSS-compatible) jointly launch the audit log feature that allows you to query, analyze, and export logs. Security auditors can use the feature to promptly detect unusual or unauthorized data manipulation activities, and rapidly pinpoint the identity of the user who altered the data and the exact time of alteration. Developers and O&M personnel can use the feature to identify performance-related issues. This feature also empowers business systems to meet security and compliance requirements. This topic describes how to enable the audit log feature in the Tair (Redis OSS-compatible) console. This topic also describes how to use the audit log feature to push Redis audit logs to Simple Log Service.

    Prerequisites

    To enable the audit log feature, a Resource Access Management (RAM) user must have the permissions to manage Simple Log Service.

    • You can attach the AliyunLogFullAccess system policy to a RAM user. After the RAM user is granted the permissions defined in the system policy, the RAM user can manage all Logstores. For more information, see Grant permissions to a RAM user.

    • You can also customize a policy to restrict the RAM user to only manage the audit logs of Tair Redis.

      Examples of custom policies

      {
 "Version": "1",
 "Statement": [
  {
   "Action": "log:*",
   "Resource": "acs:log:*:*:project/nosql-*",
   "Effect": "Allow"
  }
 ]
}

    Procedure

    1. Log on to the console and go to the Instances page. In the top navigation bar, select the region in which the instance is deployed. Then, find the instance and click its ID.

    2. In the left-side navigation pane, choose Logs > Audit Logs.

    3. Specify a log retention period.

      Note

      This configuration is applicable to the instance and all instances that reside in the same region as the instance. Audit logs are billed based on the storage usage and retention period of logs. Valid values for the log retention period are 1 to 365. Unit: days.

    4. Click Estimate Fees and Enable Audit Logs.

    5. In the dialog box that appears, estimate log fees, read the prompt, and then click Enable.

      Note

      The audit log feature depends on Simple Log Service. If Simple Log Service is not activated for your Alibaba Cloud account, you are prompted to activate Simple Log Service.

    What to do next

    • For information about the billing, scenarios, and API operations of the audit log feature of Tair (Redis OSS-compatible), see Enable the audit log feature.

    • After Simple Log Service collects Tair (Redis OSS-compatible) logs, you can query, analyze, download, ship, and transform the logs. You can also create alert rules for the logs. For more information, see Common operations on logs of Alibaba Cloud services.