Updated on 2024-12-05 GMT+08:00
Querying Logs
CFW allows you to query logs generated within the last seven days. The following types of logs are available:
- Attack event log: Events detected by attack defense functions, such as IPS, are recorded. You can modify the protection action if traffic is improperly blocked. For details, see Modifying the Protection Action of an Intrusion Prevention Rule. For details about how to modify the protection action of antivirus, see Modifying the Virus Defense Action for Better Protection Effect.
- Access control logs: All traffic that matches the access control policies are recorded. For details about how to modify a protection rule, see Managing Protection Rules. For details about how to modify the blacklist or whitelist, see Editing the Blacklist or Whitelist.
- Traffic logs: All traffic passing through the firewall is recorded.
Constraints
- Logs can be stored for up to seven days.
- For each type of logs, up to 1000 records can be viewed, and up to 100,000 records can be exported.
- Traffic logs are collected based on sessions. Data about a connection is not reported until connection is terminated.
Related Operations
Exporting logs: Click in the upper right corner to export the logs in the list.
Follow-up Operations
- If improper blocking is recorded in access control logs, check whether your protection rules, blacklist, and whitelist configurations are correct.
- If improper blocking is recorded in attack event logs, your normal workloads may be blocked by IPS.
- If the traffic from an IP address is improperly blocked, add it to the whitelist.
- If the traffic from multiple IP addresses is blocked, check logs to see whether it is blocked by a single rule or multiple rules.
- Blocked by a single rule: Modify the protection action of the rule. For details, see Modifying the Action of a Basic Protection Rule.
- Blocked by multiple rules: Modify the protection mode. For details, see Adjusting the IPS Protection Mode to Block Network Attacks.
Parent topic: Viewing CFW Protection Logs
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot