Real-time logs

Why use real-time logs

Traditional log analysis requires downloading, uploading, cleaning, and modeling data — a slow process. ESA real-time logs use stream processing to deliver raw logs to your servers within seconds.

ESA real-time logs offer:

Seconds-level global delivery: Delivers logs from over 3,200 global points of presence (POPs) with high availability.
Flexible storage: Deliver logs to Simple Log Service (SLS), AWS S3, S3-compatible storage, HTTP servers, or Kafka.
Log customization: Customize log formats, delivery sampling, and field filters to capture relevant data.
Monitoring and dashboards: Fills missing log data for integrity, and provides dashboards, reports, and alerts for operational visibility.

Categories of real-time logs

ESA real-time logs support the following scenarios:

Security monitoring: Identify attack sources and create security policies during DDoS attacks, crawler activity, or other threats.
Performance monitoring: Monitor ESA performance metrics such as request latency and error rates.
User behavior analysis: Analyze access patterns such as top content, access times, and session durations.
Business analysis and optimization: Analyze traffic, bandwidth, resource usage, geographic distribution, and cache hit ratios to optimize policies.
Audit and compliance: Collect audit evidence for data retention, privacy, and regulatory requirements.

Log type	Dimension	Recorded content	Scenarios
Edge Routine Log	Account	Records request data from ESA edge function invocations in the current account.	Business analysis and optimization
Edge Container Log	Account	Records business logs from edge containers in the current account.	Performance monitoring User behavior analysis Audit and compliance
Access and Origin Log	Website	Records request details when users access a website or service accelerated by ESA, and back-to-origin request details from ESA nodes.	User behavior analysis Business analysis and optimization Audit and compliance
Firewall Log		Records malicious requests detected and blocked by the ESA Web Application Firewall (WAF).	Security monitoring Business analysis and optimization Audit and compliance
TCP/UDP Proxy Log		Records content transmitted through ESA transport-layer acceleration.	Performance monitoring Business analysis and optimization
DNS Logs		Records DNS resolution requests accelerated by ESA.	Audit and compliance DNS resolution changes

Select multiple log types to cover different business needs.

Log processing workflow

When a client sends a request, an ESA node processes it and records a log. The ESA log system collects and processes the log. The ESA log system provides a push feature to deliver logs to your storage and processing platform. ESA supports delivery to Alibaba Cloud Simple Log Service (SLS), Alibaba Cloud Object Storage Service (OSS), AWS S3, other S3-compatible storage, HTTP servers, or Kafka.

Availability

Your subscription plan determines how many delivery tasks you can create per log type.

Note

Delivery task limits apply per log type. For example, on the Enterprise plan, creating five tasks for Access and Origin Log does not affect your quota for Firewall Log.

Feature	Free Edition	Basic Edition	Standard Edition	Premium Edition	Enterprise Edition
Supported real-time log delivery tasks	Not supported	1 task/log type	2 tasks/log type	3 tasks/log type	5 tasks/log type