This topic describes how to enable the log analysis feature in the Cloud Firewall console and collect traffic logs to Log Service.
The AliyunServiceRoleForCloudFW service-linked role is created. For more information, see Authorize Cloud Firewall to access other cloud resources.
If you do not know the actual traffic condition when you create an access control policy, you can set the Policy Action parameter for the policy to Monitor. In this case, traffic from the source address to the destination address is allowed. You can use the log analysis feature to analyze traffic logs and monitor traffic behavior. Then, you can determine whether to change the parameter value to Allow or Deny.
The log analysis feature is available only in the following editions of Cloud Firewall: Premium Edition, Enterprise Edition, and Ultimate Edition.
The log analysis feature is unavailable in the following editions of Cloud Firewall: Basic Edition (in the China East 1 Finance region of Alibaba Finance Cloud) and Free Edition. The feature is also unavailable for Cloud Firewall that uses the pay-as-you-go billing method.
Visit the Cloud Firewall buy page.
On the buy page, configure the following parameters and click Buy Now.
Select Subscription for Product Type and Yes for Log Analysis. Then, specify a value for Log Storage based on your business requirements. For more information about other parameters, see Purchase Cloud Firewall.
Complete the payment as prompted.
In the left-side navigation pane of the Cloud Firewall console, choose Log Analysis > Log Analysis.
On the Log Analysis page, view the log content.
Internet traffic logs, Virtual Private Cloud (VPC) traffic logs, Alibaba Cloud DNS (DNS) traffic logs, IPv6 traffic logs, and NAT Gateway traffic logs are supported.Important
We recommend that you monitor the storage usage at regular intervals when you use the log analysis feature. If the storage usage exceeds 70%, we recommend that you upgrade the log storage specifications at the earliest opportunity. Otherwise, you cannot store new logs.
Disable the log delivery feature
On the Logs tab of the Log Analysis page, click Log Delivery and disable the log delivery feature for specific types of logs.
After you disable the log delivery feature, your project and the logs that are delivered to Log Service are not automatically deleted. To prevent unwanted fees after you disable the feature, we recommend that you manually delete the project in the Log Service console. For more information, see Delete a project.
Increase the storage capacity
On the Log Analysis page, click Upgrade Storage. For more information, see Manage log storage space.
On the Log Analysis page, click Clear. For more information, see Manage log storage space.
You cannot restore logs after the logs are deleted. Proceed with caution.
Change the log retention period
On the Log Analysis page, click Log Storage Period and specify a log retention period.
Logs that are stored for longer than the specified retention period are automatically deleted. Logs cannot be restored after the logs are deleted.
What to do next
After you collect traffic logs to Log Service, you can query, analyze, download, ship, and transform the logs. You can also configure alerts for the logs. For more information, see Common operations on logs of Alibaba Cloud services.