All Products
Search
Document Center

Simple Log Service:WAF 2.0 logs

Last Updated:Jun 10, 2026

The Simple Log Service for WAF feature lets you collect, query, analyze, process, and consume access logs and mitigation logs for your domain names in real time. This feature helps you meet classified protection compliance requirements and address website security and operational needs.

Asset Details

Warning

Do not delete the Simple Log Service projects or Logstores related to WAF logs. Deletion purges existing logs and prevents new logs from being delivered to Simple Log Service.

  • Dedicated projects and Logstores

    • For a Chinese mainland WAF instance, the system creates a project named waf-project-Alibaba Cloud account ID-cn-hangzhou and a Logstore named waf-logstore by default when you enable the feature.

    • For a WAF instance outside the Chinese mainland, the system creates a project named waf-project-Alibaba Cloud account ID-ap-southeast-1 and a Logstore named waf-logstore by default when you enable the feature.

    Important

    If you previously enabled pay-by-ingested-data billing, the system creates a dedicated Logstore with this billing mode. To switch to pay-by-feature billing, modify the Logstore configuration.

  • Dedicated dashboards

    Three dashboards are created by default.

    Note

    Dedicated dashboards may be upgraded or updated at any time. Do not modify them. To display custom query results, create a dashboard.

    Dashboard

    Description

    Operations Hub

    Displays operational metrics including website efficiency, attack status, peak inbound bandwidth, peak outbound bandwidth, request counts, and trend overviews.

    Access Center

    Displays access metrics such as PVs, UVs, access trends, and visitor source distribution.

    Security Center

    Displays attack metrics including attack types, trends, and source distribution.

Billing

Billing for the Simple Log Service for WAF feature is based on log storage duration and capacity.

Limits

  • Simple Log Service must be activated with no overdue payments. Otherwise, the feature is paused.

  • The dedicated Logstore does not support writing data from other sources. Queries, statistics, alerting, and consumption are not restricted.

  • You cannot delete the dedicated Logstore or modify its storage duration.

  • Ensure sufficient WAF log storage capacity. When storage is full, new logs cannot be written.

    Note

    Console-displayed storage usage has a two-hour delay from actual usage.

Benefits

  • Classified protection compliance: Stores website access logs for at least six months to meet compliance requirements.

  • Simple configuration: Configure real-time collection of access logs and mitigation logs for your domains, customize storage duration and capacity, and select target websites.

  • Real-time analysis: Provides real-time log analysis and an out-of-the-box report center for full visibility into web attacks and access patterns.

  • Real-time alerting: Configure near-real-time monitoring and alerts on specific metrics for prompt response to critical anomalies.

  • Ecosystem integration: Integrates with real-time computing, cloud storage, and visualization services to unlock data value.

Scenarios

  • Track web attack logs to trace security threats.

  • View web request activity in real time to gain insights into status and trends.

  • Quickly assess security operation efficiency for prompt feedback and response.

  • Export security logs to your self-managed data and computing centers.