Ensure that the Log Analysis feature is enabled for Cloud Firewall. Once the feature is enabled, the Cloud Firewall service integrates with Simple Log Service (SLS) to provide log analysis. It collects and stores inbound/outbound traffic logs in real-time, enabling querying, analysis, report generation, and alert configuration. Logs are also sent to downstream services for consumption, streamlining the process and allowing focus on analysis rather than manual tasks. Log Analysis is available only in Premium Edition, Enterprise Edition, and Ultimate Edition of Cloud Firewall that utilizes the subscription billing method.
Security The Log Analysis feature is well-suited for enterprises and organizations needing network security compliance, flexible configuration, and comprehensive real-time monitoring and analysis of network traffic. Log Analysis it's ideal for:
- 1. Compliance audit: stores access logs for over six months, aiding compliance with data protection regulations and facilitating log audits.
- 2. Security analysis: traces, analyzes, and responds to security incidents swiftly, enhancing threat identification and prevention.
- 3. Data center integration: centralizes log management for improved data security.
- 4. Performance monitoring: real-time network performance monitoring and issue diagnosis for enhanced operational efficiency.
Audit
To determine if security log analysis is enabled for Cloud Firewall, perform the following operations:
Getting the Log Analysis feature configuration and status via Alibaba Cloud CLI (aliyun) is not currently supported.Remediation / Resolution
To ensure that security log analysis is enabled for the Cloud Firewall service, perform the following operations:
Enabling the Log Analysis feature via Alibaba Cloud CLI (aliyun) is not currently supported.References
- Alibaba Cloud Documentation
- Overview
- Modify log storage configurations