After you enable the Log Service for Web Application Firewall (WAF) feature, you can configure log settings such as the log storage type, log storage period, and optional log fields, and specify whether to enable the log collection feature for protected objects. To use your log storage capacity in a more efficient manner, we recommend that you configure log settings based on your business requirements. This topic describes how to configure log settings.

Prerequisites

Configure log fields and specify the log storage type

  1. Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and the region to which the WAF instance that you want to manage belongs. You can select Chinese Mainland or Outside Chinese Mainland for the region.
  2. In the left-side navigation pane, choose Security Operations > Log Service.
  3. In the upper-right corner of the Log Service page, click Log Configuration.
  4. On the Fields tab, configure the parameters and click Save. The following table describes the parameters.
    ParameterDescriptionOperation
    Custom Field ConfigurationThe fields that you want WAF logs to include. WAF log fields are classified into required fields and optional fields.
    • Required Fields: Required fields must be included in WAF logs and cannot be modified.
    • Optional Fields: Optional fields can be modified.

    For information about WAF log fields, see Fields in logs.

    • Enable optional fields

      In the Optional Fields section, select the log fields that you want to enable and click the rightwards arrow to move the fields from the Available Fields section to the Selected Fields section.

      After you save the settings, the selected optional fields are included in newly generated WAF logs.

    • Disable optional fields

      In the Selected Fields section, select the log fields that you want to disable and click the leftwards arrow to move the log fields to the Available Fields section.

      After you save the settings, the disabled optional fields are no longer included in newly generated WAF logs.

    Log TypeThe type of logs that you want WAF to store. Valid values:
    • Full Log: All logs are stored, including the logs that are generated when WAF allows requests and the logs that are generated when WAF blocks requests.
    • Block Log: Only the logs that are generated when WAF blocks requests are stored.
    None.
  5. In the Tips message, click OK.
    After you save the settings, WAF logs are generated based on the new settings. On the Log Collection tab, you can enable or disable the log collection feature for a protected object. For more information, see Enable or disable the log collection feature.

Enable or disable the log collection feature

WAF can collect and store logs for protected objects only after you enable the log collection feature for the protected objects. You can query and analyze the collected logs. You can perform the following steps to enable or disable the log collection feature for protected objects.

  1. Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and the region to which the WAF instance that you want to manage belongs. You can select Chinese Mainland or Outside Chinese Mainland for the region.
  2. In the left-side navigation pane, choose Security Operations > Log Service.
  3. In the upper-right corner of the Log Service page, click Log Configuration.
  4. On the Log Collection tab, find the protected object and turn on or turn off the switch in the Log Collection column to enable or disable the log collection feature for the protected object.

Change the log storage period

By default, WAF logs are stored for 180 days. You can perform the following steps to change the log storage period.

  1. Log on to the Log Service console.
  2. In the Projects section, find the project for which you want to change the log storage period and click the project name.
  3. On the project details page, hover your pointer over logstore in the left-side navigation pane and choose icon > Modify.
  4. In the Logstore Attributes panel, click Modify in the upper-right corner.
  5. Change the value of the Data Retention Period parameter and click Save in the upper-right corner.