Protection Log Overview
- The two log storage modes provided by CFW. For details, see Log Storage Mode.
- Supported log types. For details, see Log Types.
- How to handle improper blocking recorded in logs. For details, see Handling Improper Blocking.
- For details about how to dump logs to LTS, see Log Management Description.
Log Storage Mode
|
Function |
Storage Duration |
Billing Mode |
Access Mode |
Log Field Description |
|---|---|---|---|---|
|
Log query |
7 days |
Free |
Automatic access |
|
|
Log management |
1 to 365 days |
Separate billing by traffic |
You need to manually connect to LTS. For details, see Configuring Logs. For details about how to use the LTS log function, see Log Management Description. |
Log Types
CFW provides the following logs:
- Attack event logs: The events detected by attack defense functions, such as IPS, are recorded.
- Access control logs: All traffic that matches the access control policy are recorded.
- Traffic logs: All traffic passing through the firewall is recorded.
SecMaster supports one-click access to CFW log data. There is a delay in log reporting. If you let SecMaster access the logs of a CFW instance that was newly purchased, you can view the CFW logs on SecMaster the next day.
Handling Improper Blocking
- If improper blocking is recorded in access control logs, your normal workloads may have been blocked by IPS. In this case, check the policy configuration. For details about how to modify protection rules, see Managing Protection Rules. For details about how to modify the blacklist and whitelist, see Editing the Blacklist or Whitelist.
- If improper blocking is recorded in attack event logs, your normal workloads may be blocked by IPS.
- If the traffic from an IP address is improperly blocked, add it to the whitelist.
- If the traffic from multiple IP addresses is blocked, check logs to see whether it is blocked by a single rule or multiple rules.
- Blocked by a single rule: Modify the protection action of the rule. For details, see Modifying the Action of a Basic Protection Rule.
- Blocked by multiple rules: Modify the protection mode. For details, see Adjusting the IPS Protection Mode to Block Network Attacks.
Log Management Description
|
Function |
Description |
Configuration Method |
|---|---|---|
|
Configuring logs |
Interconnect logs with LTS and create a log group and a log stream. |
|
|
Modifying log storage duration |
(Optional) By default, logs are stored for seven days. You can set the storage duration in the range 1 to 365 days. |
|
|
Log search and analysis |
(Optional) Use proper log collection functions, efficient search methods, and professional analysis tools to implement comprehensive monitoring and refined management of your system and applications. |
For details, see Log Search and Analysis. |
|
Configuring alarm rules |
(Optional) Monitor keywords in logs. Collect statistics on the occurrences of keywords in logs within a specified period to monitor the service running status in real time. |
For details, see Log Alarms. |
|
Viewing log fields |
Learn the meaning of fields in a log. |
References
- For details about the protection overview of access control policies, see Viewing Protection Information Using the Policy Assistant.
- For details about the traffic defense overview and trend, see Traffic Analysis.
- For details about the overall network attack defense, see Viewing Attack Defense Information on the Dashboard.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
