All Products
Search

This Product

    Simple Log Service:Version comparison

    Document Center

    Simple Log Service:Version comparison

    Last Updated:Nov 10, 2025

    This topic describes the differences between the new and previous versions of Log Audit Service.

    Version comparison

    Item

    Log Audit Service (Legacy): Limitations

    Log Audit Service Upgrade Highlights

    Connection type

    • Logs are collected to the dedicated logstore for Log Audit Service (slsaudit-center-<AlibabaCloudAccountID>-<ConfiguredRegion>).

    • Updates to log fields and content lag behind changes on the cloud service.

    • Duplicate collection may occur if you have already enabled log collection for the cloud service. This results in extra storage costs.

    • Logs are first collected to the default destination Logstore of the cloud service. For example, logs of cloud services such as ApsaraDB RDS, PolarDB, Application Load Balancer (ALB), and Classic Load Balancer (CLB) are delivered to aliyun-product-data-<AlibabaCloudAccountID>-<ConfiguredRegion> by default.

    • Log fields and content are fully synchronized with the cloud service.

    • Logs are collected only once. No extra storage costs are incurred if centralized collection is disabled.

    Logstore storage property configuration

    Configuration is available only on the global configuration page of Log Audit Service.

    • Storage period

    • IA storage class period (formerly cold storage)

    The following configurations are not supported:

    • Billing mode

    • Archive Storage

    • Logstore deletion

    • You can configure the log storage period.

    • You can configure the IA storage class (formerly cold storage).

    • You can configure the billing mode.

    • You can enable Archive Storage.

    • You can delete Logstores.

    Central log project

    • You can centrally collect logs to only one log project.

    • After you select a central region, logs can be collected only to a log project and Logstore that have fixed names.

    • You can centrally collect logs to multiple projects to meet cross-region data compliance requirements.

    • You can select the central region, log project, and Logstore.

    Cross-account feature

    You can configure only one audit collection destination for logs.

    • If an Alibaba Cloud account has Log Audit Service enabled and member accounts are configured, the member accounts cannot have Log Audit Service enabled. Otherwise, a conflict error occurs.

    • If a member account has Log Audit Service enabled, the multi-account configuration of the Alibaba Cloud account cannot include the member account. Otherwise, a log delivery conflict error occurs.

    You can configure multiple audit collection destinations for logs.

    Data transformation fees for centralized synchronization

    After you enable the Sync to Center feature, data transformation fees are charged when logs are synchronized from a regional Logstore to a central destination Logstore.

    The following fees are waived when logs are collected from the default destination Logstore of a cloud service to a central destination Logstore:

    • Data transformation traffic

    • Write traffic

    • Write operations

    Collection filtering

    • You must configure a collection policy. This requires an understanding of how to use collection policies.

    • You can configure only one collection policy for the logs of a cloud service.

    • Three resource modes are provided: Select All, Resource Properties, and Instance List.

    • You can configure multiple rules for different scenarios to implement flexible orchestration.

    Collect runtime logs

    Not supported.

    You can use Logtail to collect runtime logs from open source agents, such as Tetragon and Falco, to a Logstore.

    OpenAPI

    No external OpenAPI is provided.

    • You can control log collection using Collection rules of cloud services.

    • Collection rules for cloud services are decoupled from Log Audit Service and are associated using a central project.

    Terraform

    Coupled cloud service configuration:

    • Collection configurations for multiple cloud services depend on a single configuration file.

    Configurations are independent and defined at a cloud service granularity. Terraform is supported. For more information, see the Usage example.

    Log field comparison

    Cloud service

    New version

    Previous version

    Description (In the new version, the log fields are consistent with those displayed for collection in the cloud service console)

    Details

    ActionTrail

    Log fields

    ActionTrail

    The field structure is different.

    The new version adds resource and identity fields, such as event.resourceName and event.userIdentity.sessionContext. The previous version of ActionTrail included the event.requestParameters.HostId, event.requestParameters.Name, and event.requestParameters.Region fields.

    In this version, the event.requestParameters and event.requestParameterJson fields replace the previous output.

    Cloud Config

    Log fields

    Cloud Config

    The field content is different.

    The new version adds log fields for scheduled resource snapshots.

    Object Storage Service

    Log fields

    Object Storage Service

    The field content is different.

    • Access log: The new version adds the bucket_location, ec, user_defined_log_fields, and archive_direct_read_size fields.

    • Batch delete log: The new version does not have the owner_id field.

    • Hourly metering log: The new version has the bucket_location field, which is not available in the previous version.

    ApsaraDB RDS

    Log fields

    ApsaraDB RDS

    The field content is different.

    • Audit log: The previous version has the owner_id, region, instance_name, db_type, db_version, threat_client_ip, and hash fields, which are not available in the new version.

    • Slow query log: The previous version has the instance_name field, which is not available in the new version.

    Server Load Balancer

    Log fields

    Server Load Balancer

    The field content is different.

    The previous version has the owner_id, region, instance_id, instance_name, network_type, and vpc_id fields, which are not available in the new version.

    VPC

    Log fields

    VPC

    The field content is different.

    The previous version has the __topic__ and region fields, which are not available in the new version.

    Cloud Firewall

    Log fields

    Cloud Firewall

    No differences.

    -

    Anti-DDoS

    Fields in logs

    Anti-DDoS

    The field content is different.

    In the new version, all log fields are categorized into event fields, traffic detection fields, and traffic scrubbing fields based on their functions. For more information, see Log field description.

    Anti-DDoS Proxy

    Fields included in full logs

    Anti-DDoS

    The field content is different.

    The new version has more client request-related parameters, such as the ssl_protocol, ssl_cipher, and ssl_handshake_time fields.

    Security Center

    Log categories and field description

    Security Center

    The field content is different.

    The new version provides more log fields than the previous version. For more information, see Log categories.

    API Gateway

    Log fields

    API Gateway

    No differences.

    -

    File Storage NAS

    Log fields

    File Storage

    The field content is different.

    The new version provides more log fields than the previous version. For more information, see Extreme NAS file system.

    Web Application Firewall 3.0

    Log field description

    Web Application Firewall

    The field content is different.

    The new version of WAF supports optional fields. This feature is not supported in the previous version.