Protection Log Overview
- The two log storage modes provided by CFW. For details, see Log Storage Mode.
- Supported log types. For details, see Log Types.
- How to handle improper blocking recorded in logs. For details, see Handling Improper Blocking.
Log Storage Mode
Function |
Storage Duration |
Billing Mode |
Access Mode |
Log Field Description |
---|---|---|---|---|
Log query |
7 days |
Free |
Automatic access |
|
Log management |
1 – 360 days |
Separate billing by traffic |
You need to manually connect to LTS. For details, see Configuring Logs. For details about how to use the LTS log function, see Log Management Description. |
Log Types
The following types of logs are provided:
- Attack event log: Events detected by attack defense functions, such as IPS, are recorded. You can modify the protection action if traffic is improperly blocked. For details, see Modifying the Protection Action of an Intrusion Prevention Rule. For details about how to modify the protection action of antivirus, see Modifying the Virus Defense Action for Better Protection Effect.
- Access control logs: All traffic that matches the access control policies are recorded. For details about how to modify a protection rule, see Managing Protection Rules. For details about how to modify the blacklist or whitelist, see Editing the Blacklist or Whitelist.
- Traffic logs: All traffic passing through the firewall is recorded.
Handling Improper Blocking
- If improper blocking is recorded in access control logs, check whether your protection rules, blacklist, and whitelist configurations are correct.
- If improper blocking is recorded in attack event logs, your normal workloads may be blocked by IPS.
- If the traffic from an IP address is improperly blocked, add it to the whitelist.
- If the traffic from multiple IP addresses is blocked, check logs to see whether it is blocked by a single rule or multiple rules.
- Blocked by a single rule: Modify the protection action of the rule. For details, see Modifying the Action of a Basic Protection Rule.
- Blocked by multiple rules: Modify the protection mode. For details, see Adjusting the IPS Protection Mode to Block Network Attacks.
Log Management Description
Function |
Description |
Configuration Method |
---|---|---|
Configuring logs |
Interconnect logs with LTS and create a log group and a log stream. |
|
Modifying log storage duration |
(Optional) By default, logs are stored for seven days. You can set the storage duration in the range 1 to 360 days. |
|
Log search and analysis |
(Optional) Use proper log collection functions, efficient search methods, and professional analysis tools to implement comprehensive monitoring and refined management of your system and applications. |
For details, see Log Search and Analysis. |
Configuring alarm rules |
(Optional) Monitor keywords in logs. Collect statistics on the occurrences of keywords in logs within a specified period to monitor the service running status in real time. |
For details, see Log Alarms. |
Viewing log fields |
Learn the meaning of fields in a log. |
References
- For details about the protection overview of access control policies, see Viewing Protection Information Using the Policy Assistant.
- For details about the traffic defense overview and trend, see Viewing Traffic Statistics.
- For details about the overall network attack defense, see Viewing Attack Defense Information on the Dashboard.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.