All Products
Search

This Product

    Web Application Firewall:Enable or disable Simple Log Service for WAF

    Document Center

    Web Application Firewall:Enable or disable Simple Log Service for WAF

    Last Updated:Apr 02, 2024

    By default, Simple Log Service is disabled for Web Application Firewall (WAF). To store, query, and analyze the logs of the protected objects of WAF, you must enable Simple Log Service for WAF. If you no longer use Simple Log Service, you can reduce the log storage capacity if you use a subscription WAF instance or disable the feature if you use a pay-as-you-go WAF instance. This topic describes how to enable Simple Log Service for WAF.

    Enable Simple Log Service for WAF

    Prerequisites

    A subscription WAF 3.0 Pro Edition, Enterprise Edition, or Ultimate Edition instance or a pay-as-you-go WAF 3.0 instance is purchased. For more information, see Purchase a subscription WAF 3.0 instance and Purchase a pay-as-you-go WAF 3.0 instance.

    Note

    You cannot enable Simple Log Service for a subscription WAF 3.0 Basic Edition instance. If you use a subscription WAF 3.0 Basic Edition instance and want to use Simple Log Service, upgrade the edition of your instance. For more information, see Upgrade or downgrade a WAF instance.

    Enable Simple Log Service for a subscription WAF instance

    • On the WAF buy page

      On the WAF 3.0 (Subscription) buy page, set the Log Service parameter to Enable and specify a log storage capacity based on your business requirements.

    • In the WAF console

      1. Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and the region in which the WAF instance is deployed. You can select Chinese Mainland or Outside Chinese Mainland for the region.

      2. In the left-side navigation pane, choose Security Operations > Log Service.

      3. In the Enable the Log Service for WAF feature for the protected object section, select the region where you want to store logs.

        You can select one of the following regions:

        • Chinese mainland: China (Hangzhou) and China (Beijing).

        • Outside the Chinese mainland:Malaysia (Kuala Lumpur), Indonesia (Jakarta), Philippines (Manila), Thailand (Bangkok), UAE (Dubai), Germany (Frankfurt), US (Virginia), US (Silicon Valley), Japan (Tokyo), South Korea (Seoul), UK (London), and China (Hong Kong).

        Warning

        After you enable Simple Log Service for WAF, you cannot change the region where logs are stored. If you want to store logs in another region, you must release the WAF instance and purchase a new WAF instance.

      4. Click Enable Now. In the Tips message, click OK.

    Note

    If you already enabled Simple Log Service for WAF, Enable Now does not appear on the Log Service page. You can view log data on the Log Service page. For more information, see Query logs.

    Enable Simple Log Service for a pay-as-you-go WAF instance

    1. Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and the region in which the WAF instance is deployed. You can select Chinese Mainland or Outside Chinese Mainland for the region.

    2. In the left-side navigation pane, choose Security Operations > Log Service.

    3. In the Enable the Log Service for WAF feature for the protected object section, select the region where you want to store logs.

      You can select one of the following regions:

      • Chinese mainland: China (Hangzhou) and China (Beijing).

      • Outside the Chinese mainland: Malaysia (Kuala Lumpur), Indonesia (Jakarta), Philippines (Manila), Thailand (Bangkok), UAE (Dubai), Germany (Frankfurt), US (Virginia), US (Silicon Valley), Japan (Tokyo), South Korea (Seoul), UK (London), and China (Hong Kong).

      Warning

      After you enable Simple Log Service for WAF, you cannot change the region where logs are stored. If you want to store logs in another region, you must release the WAF instance and purchase a new WAF instance.

    4. Enable Now In the OK message, click OK.

      Note

      • If you already enabled Simple Log Service for WAF, Enable Now does not appear on the Log Service page. You can view log data on the Log Service page. For more information, see Query logs.

      • If you use a pay-as-you-go WAF instance, fees for Simple Log Service are not included in the bills of WAF. The fees that you are charged for Simple Log Service are included in the bills of Simple Log Service.

    After you enable Simple Log Service for WAF, the AliyunServiceRoleForWAF service-linked role, a dedicated Simple Log Service project, and a dedicated Logstore are automatically created.

    • Service-linked role AliyunServiceRoleForWAF

      The service-linked role can be used to access other cloud resources. To view the service-linked role, log on to the Resource Access Management (RAM) console and choose Identities > Roles in the left-side navigation pane. For more information about RAM roles, see RAM role overview.

      Note

      The service-linked role AliyunServiceRoleForWAF is created only once.

    • Dedicated project and Logstore

      The following table describes the default configurations of the dedicated project and Logstore.

      Warning

      If you delete or modify the default project or Logstore that is automatically created by Simple Log Service, user data may be cleared. Proceed with caution.

      Resource type

      Description

      Project

      Simple Log Service automatically creates a dedicated project for WAF based on the region where your WAF instance resides.

      • WAF instances in the Chinese mainland: The project name is wafnew-project-Alibaba Cloud account ID-cn-hangzhou. The project resides in the China (Hangzhou) region.

      • WAF instances outside the Chinese mainland: The project name is wafnew-project-Alibaba Cloud account ID-ap-southeast-1. The project resides in the Singapore region.

      To view information about the dedicated project for WAF, log on to the Simple Log Service console and click the name of the project.

      For more information about Simple Log Service projects, see Manage a project.

      Logstore

      By default, a Logstore is created in the project. The name of the Logstore is wafnew-logstore. All logs that are collected by WAF are stored in the Logstore. You can view the Logstore in the dedicated project for WAF.

      Only WAF logs can be written to the dedicated Logstore. Various write methods are supported, such as calling an API or using an SDK. The dedicated Logstore does not impose limits on features such as query, statistics, alerting, or streaming consumption.

      Important

      You can use the dedicated Logstore only when Simple Log Service is running as expected within your Alibaba Cloud account. If your account has overdue payments for Simple Log Service, the log collection feature of WAF is suspended until you complete the overdue payments.

      For more information about Logstores, see Manage a Logstore.

    What to do next

    After you enable Simple Log Service for WAF, you must enable the log collection feature for the protected objects whose logs you want to collect. Then, WAF collects and stores the logs of the protected objects to allow you to query and analyze the logs.

    • On the Log Service page, you can select the protected objects for which you want to enable the log collection feature and turn on Status. 开启日志采集

    • To enable the log collection feature for multiple protected objects, click Log Configuration in the upper-right corner of the Log Service page. On the Log Collection tab of the Log Configuration page, select the protected objects for which you want to enable the log collection feature and turn on the switches in the Log Collection column. For more information, see the "Enable or disable the log collection feature" section in the Configure log settings and manage log storage topic.

    Disable Simple Log Service for WAF

    Disable Simple Log Service for a subscription WAF instance

    You cannot manually disable Simple Log Service for a subscription WAF instance. Simple Log Service is automatically disabled for WAF when the subscription WAF instance expires and is no longer renewed. You can reduce the log storage capacity to reduce costs. For more information, see Upgrade or downgrade a WAF instance.

    Warning

    If your log storage usage exceeds the upper limit, WAF logs cannot be written. Proceed with caution when you reduce the log storage capacity.

    Disable Simple Log Service for a pay-as-you-go WAF instance

    Warning

    If you disable Simple Log Service for a pay-as-you-go WAF instance, the dedicated Logstore and the logs that are stored in the Logstore are deleted. Proceed with caution.

    1. Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and the region in which the WAF instance is deployed. You can select Chinese Mainland or Outside Chinese Mainland for the region.

    2. In the left-side navigation pane, choose Security Operations > Log Service.

    3. On the Log Service page, click Disable. In the Tips message, click OK.