Enable Log Analysis for Anti-DDoS Instances

Risk Level: Medium (should be achieved)

Ensure that the Log Analysis feature is enabled for Anti-DDoS instances in order to deliver mitigation logs to Simple Log Service (SLS). Once the feature is enabled, you gain the ability to investigate and dissect mitigation logs documenting the activities of an Anti-DDoS instance. These logs include various events such as traffic scrubbing, blackhole filtering, and traffic rerouting. This functionality facilitates the detection of anomalies in website access and enables in-depth analysis of website functionality.

Security

Enabling Log Analysis for Anti-DDoS instances in Alibaba Cloud offers insights into attacks by collecting and storing logs for analysis. This helps you understand attack patterns, identify weaknesses, and improve future mitigation strategies.

Audit

To determine if the Log Analysis feature is enabled for Alibaba Cloud Anti-DDoS instances, perform the following operations:

Getting the Log Analysis feature configuration and status via Alibaba Cloud CLI (aliyun) is not currently supported.

Using Alibaba Cloud Console

01 Sign in to your Alibaba Cloud account.

02 Navigate to Traffic Security console available at https://yundun.console.aliyun.com/.

03 In the left navigation panel, under Network Security, choose Anti-DDoS Origin, and select Mitigation Logs.

04 In the top navigation bar, select the resource group and the cloud region where your Anti-DDoS instances reside.

05 If the Service-linked role for Anti-DDoS Origin prompt box is displayed on the Mitigation Logs page, the required RAM-based authorization was not completed, therefore, the Log Analysis feature is not enabled.

06 Select the Anti-DDoS instance that you want to examine from the Select Instance dropdown list and check the Status setting to determine if Log Analysis is enabled for the selected instance. If the Status setting is disabled, the Log Analysis feature is not enabled for the selected Anti-DDoS instance. If the feature is enabled, check the Storage Usage indicator to determine the remaining log storage. If the Storage Usage indicator is at 100%, the log storage is exhausted, therefore, the Log Analysis feature is not operational.

07 Repeat step no. 6 for each Anti-DDoS instance available within the selected cloud region.

08 Change the cloud region from the top navigation bar and perform the Audit process for other regions.

Remediation / Resolution

To ensure that the Log Analysis feature is enabled for your Alibaba Cloud Anti-DDoS instances, perform the following operations:

Enabling the Log Analysis feature via Alibaba Cloud CLI (aliyun) is not currently supported.

Using Alibaba Cloud Console

01 Sign in to your Alibaba Cloud account.

02 Navigate to Traffic Security console available at https://yundun.console.aliyun.com/.

03 In the left navigation panel, under Network Security, choose Anti-DDoS Origin, and select Mitigation Logs.

04 In the top navigation bar, select the resource group and the cloud region where your Anti-DDoS instances reside.

05 If you enable Log Analysis for the first time, you must complete RAM authorization as prompted. Choose OK in the Service-linked role for Anti-DDoS Origin prompt box to complete the RAM-based authorization.

06 Choose Start to initiate the Log Analysis setup process.

07 Select the Anti-DDoS instance that you want to configure from the Select Instance dropdown list and choose Enable Now to enable Log Analysis for the selected instance. Once the feature is enabled, the Anti-DDoS instance automatically delivers mitigation logs to Simple Log Service (SLS).

08 Repeat step no. 7 for each Anti-DDoS instance available in the selected cloud region.

09 Change the cloud region from the top navigation bar and perform the Remediation process for other regions.

References

Publication date Apr 26, 2024

Audit

Using Alibaba Cloud Console

Remediation / Resolution

Using Alibaba Cloud Console

References

Related AlibabaCloud-SLS rules