Help Center/ Cloud Firewall/ User Guide/ Log Audit/ Protection Log Overview
Updated on 2025-07-23 GMT+08:00

Protection Log Overview

This section describes the following content:

Log Storage Mode

Function

Storage Duration

Billing Mode

Access Mode

Log Field Description

Log query

7 days

Free

Automatic access

Querying Logs

Log management

1 to 365 days

Separate billing by traffic

You need to manually connect to LTS. For details, see Configuring Logs.

For details about how to use the LTS log function, see Log Management Description.

Log Field Description

Log Types

CFW provides the following logs:

  • Attack event logs: The events detected by attack defense functions, such as IPS, are recorded.
  • Access control logs: All traffic that matches the access control policy are recorded.
  • Traffic logs: All traffic passing through the firewall is recorded.

SecMaster supports one-click access to CFW log data. There is a delay in log reporting. If you let SecMaster access the logs of a CFW instance that was newly purchased, you can view the CFW logs on SecMaster the next day.

Handling Improper Blocking

  • If improper blocking is recorded in access control logs, your normal workloads may have been blocked by IPS. In this case, check the policy configuration. For details about how to modify protection rules, see Managing Protection Rules. For details about how to modify the blacklist and whitelist, see Editing the Blacklist or Whitelist.
  • If improper blocking is recorded in attack event logs, your normal workloads may be blocked by IPS.

Log Management Description

Function

Description

Configuration Method

Configuring logs

Interconnect logs with LTS and create a log group and a log stream.

Configuring Logs

Modifying log storage duration

(Optional) By default, logs are stored for seven days. You can set the storage duration in the range 1 to 365 days.

Changing the Log Storage Duration

Log search and analysis

(Optional) Use proper log collection functions, efficient search methods, and professional analysis tools to implement comprehensive monitoring and refined management of your system and applications.

For details, see Log Search and Analysis.

Configuring alarm rules

(Optional) Monitor keywords in logs. Collect statistics on the occurrences of keywords in logs within a specified period to monitor the service running status in real time.

For details, see Log Alarms.

Viewing log fields

Learn the meaning of fields in a log.

Log Field Description

References