Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive

Enabling Logging

Updated on 2024-12-24 GMT+08:00

After you authorize Anti-DDoS to access Log Tank Service (LTS), you can use the Anti-DDoS logs recorded by LTS for quick and efficient real-time analysis, device O&M management, and analysis of service trends.

Prerequisites

You have created an LTS log group and a log stream. For details, see Managing Log Groups and Managing Log Streams.

Enabling LTS

  1. Log in to the management console.
  2. Select a region in the upper part of the page, click in the upper left corner of the page, and choose Security & Compliance > Anti-DDoS Service. The Anti-DDoS page is displayed.
  3. Click the Configure Logs tab, enable LTS (), and select a log group and log stream. Table 1 describes the parameters.

    Figure 1 Configuring logs
    Table 1 Log configuration

    Parameter

    Description

    Log Group

    Select a log group or click View Log Group to go to the LTS console and create a log group.

    Attack Log

    Select a log stream or click View Log Stream to go to the LTS console and create a log stream.

    Attack logs record alarm information about each attack, including the attack type and protected IP address.

  4. Click OK.

    You can view Anti-DDoS protection event logs on the LTS console.

Log Fields in LTS

The following table describes the log fields.

Table 2 Log field description

Field

Description

logType

Log type. The default value is ip_attack_sum, indicating attack logs.

deviceType

Type of the device that reports logs. The default value is CLEAN, indicating the scrubbing device.

inKbps

Inbound traffic, in kbit/s.

maxPps

Peak incoming traffic, in pps.

dropPps

Average number of discarded packets, in pps.

maxAttackInBps

Indicates the incoming traffic at the peak time of attack traffic, in bit/s.

currentConn

Current connections

zoneIP

Protected IP address.

logTime

Time when a log is generated.

attackType

Attack type. For details about the corresponding attack types, see Table 3.

inPps

Inbound traffic, in pps.

maxKbps

Peak inbound traffic, in kbit/s.

dropKbps

Average discarded traffic, in kbit/s.

startTime

Time when the attack starts.

endTime

End time of the attack. If this parameter is left blank, the attack has not ended yet.

maxAttackInConn

Number of connections at the peak time of attack traffic.

newConn

New connections.

Table 3 Attack type description

Value

Attack Type

0-9

User-defined attack type

10

SYN flood attack

11

Ack flood attack

12

SynAck flood attack

13

Fin/Rst flood attack

14

Concurrent connections exceed the threshold.

15

New connections exceed the threshold.

16

TCP fragment attack

17

TCP fragment bandwidth limit attack

18

TCP bandwidth limit attack

19

UDP flood attack

20

UDP fragment attack

21

UDP fragment bandwidth limit attack

22

UDP bandwidth limit attack

23

ICMP bandwidth limit attack

24

Other bandwidth limit attack

25

Traffic limiting attack

26

HTTPS flood attack

27

HTTP flood attack

28

Reserved

29

DNS query flood attack

30

DNS reply flood attack

31

SIP flood attack

32

Blacklist dropping

33

Abnormal HTTP URL behavior

34

TCP fragment abnormal dropping traffic attack

35

TCP abnormal dropping traffic attack

36

UDP fragment abnormal dropping traffic attack

37

UDP abnormal dropping traffic attack

38

ICMP abnormal attack

39

Other abnormal attacks

40

Connection flood attack

41

Domain name hijacking attack

42

DNS poisoning packet attack

43

DNS reflection attack

44

Oversize DNS packet attack

45

Abnormal rate of DNS source requests

46

Abnormal rate of DNS source replies

47

Abnormal rate of DNS domain name requests

48

Abnormal rate of DNS domain name replies

49

DNS request packet TTL anomaly

50

DNS packet format anomaly

51

DNS cache matching and dropping attack

52

Port scan attacks

53

Abnormal TCP packet flag bit

54

BGP attack

55

UDP association defense anomaly

56

DNS NO such Name

57

Other fingerprint attacks

58

Zone traffic limit attack

59

HTTP slow attacks

60

Malware prevention

61

Domain name blocking

62

Filtering

63

Web attack packet capture

64

SIP source rate limiting

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback