This topic describes the extra fees charged by some cloud products after you enable log collection for them in Log Audit Service.
VPC
Billing details
Effective September 1, 2022, the Alibaba Cloud flow log feature is commercially available and no longer in public preview. This feature is now a paid service. For more information, see Announcement on the commercial release of the flow log feature.
Total flow log fee = Flow log generation fee + Simple Log Service fee. For more information, see Flow log billing.
Enable flow log collection
When you enable VPC flow log collection in Log Audit Service, the service automatically performs the following operations:
Automatically enables the flow log service for the central account and member accounts in a multi-account setup.
Automatically enables the flow log feature for VPC instances that meet the collection policy (all instances are selected by default) and collects the flow logs in a dedicated project in Log Audit Service.
NoteFlow logs collected through Log Audit Service are managed by the service. If you have already created a flow log instance for a specific scenario for a VPC instance, Log Audit Service cannot create another VPC flow log for that instance due to a configuration conflict in the collection path.
Disable flow log collection
For the standard procedure to disable log collection, see Stop log collection.
When you disable VPC flow log collection in Log Audit Service, the system automatically performs the following operations:
VPC stops generating flow log traffic for the corresponding VPC instances through the Log Audit Service channel.
Log Audit Service stops collecting VPC flow logs in the dedicated project.
If you delete the project directly instead of following the standard procedure to disable collection, Log Audit Service cannot guarantee that flow log traffic generation stops simultaneously. In this case, you must submit a ticket for assistance.
You can enable VPC flow log collection in either the Log Audit Service console or the VPC console. The two methods are independent. Enabling or disabling collection in one console does not affect the other. Flow logs enabled in Log Audit Service can be disabled only in Log Audit Service.
If you enable VPC flow log collection through both channels, you are charged twice for the flow log generation fee and the Simple Log Service fee. Enable or disable the feature based on your requirements.
RDS
When you enable audit log collection for ApsaraDB RDS, the SQL Explorer (SQL Audit) feature is automatically enabled for eligible RDS instances. Eligible instances include non-Basic Edition instances that run MySQL and High-availability Edition instances that run PostgreSQL. For more information about the billing of SQL Explorer (SQL Audit), see Billing items.
If you have enabled the trial version of SQL Explorer for an RDS instance, Log Audit Service automatically disables the trial version and enables the official version after you enable log collection.
The default storage duration for SQL Explorer is 30 days. To modify the duration, go to the ApsaraDB RDS console. For more information, see Modify the storage duration of SQL logs. This storage duration is independent of the storage duration for ApsaraDB RDS audit logs in Log Audit Service.
If you set the storage duration for SQL Explorer to less than 30 days in the ApsaraDB RDS console, the log shipping condition is not met. Log Audit Service automatically resets the duration to 30 days.
If you have stopped collecting ApsaraDB RDS audit logs and want to disable the SQL Explorer feature, manually disable it in the ApsaraDB RDS console. For more information, see Disable SQL Explorer.
PolarDB
When you enable audit log collection for a PolarDB for MySQL cluster, the SQL Explorer (SQL Audit) feature is automatically enabled. For more information about the billing of SQL Explorer (SQL Audit), see Billing overview.
If you have enabled the trial version of SQL Explorer for a PolarDB instance, Log Audit Service automatically disables the trial version and enables the official version after you enable log collection.
The default storage duration for SQL Explorer is 30 days. To modify the duration, go to the PolarDB console. For more information, see Modify the storage duration for SQL logs. This storage duration is independent of the storage duration for PolarDB audit logs in Log Audit Service.
If you set the storage duration for SQL Explorer to less than 30 days in the PolarDB console, the log shipping condition is not met. Log Audit Service automatically resets the duration to 30 days.
If you have stopped collecting PolarDB audit logs and want to disable the SQL Explorer feature, you can manually disable it in the PolarDB console. For more information, see Disable SQL Explorer and Audit.
DNS
Collect internal DNS logs
Prerequisites
Go to the new DNS console and activate Alibaba Cloud DNS PrivateZone.
Billing details
Effective December 21, 2023, when you enable internal DNS log collection in Log Audit Service, the network traffic analysis feature of Alibaba Cloud DNS PrivateZone is automatically enabled. This is a paid feature that incurs DNS network traffic analysis fees. For more information, see the upgrade announcement. If you do not agree to the billing for this feature, disable internal DNS log collection.
Total internal DNS log fee = Network traffic analysis fee + Simple Log Service fee. For more information, see Network traffic analysis.
Enable internal DNS log collection
When you enable internal DNS log collection in Log Audit Service, the service automatically performs the following operations:
Automatically enables the DNS network traffic analysis feature for VPC instances that meet the collection policy (all instances are selected by default) and collects the internal DNS logs in a dedicated project in Log Audit Service.
When internal DNS log collection is enabled, Log Audit Service automatically detects and enables network traffic analysis for internal DNS in the VPC instances. Even if you manually disable the network traffic analysis feature in the DNS console, Log Audit Service reactivates the feature to meet collection requirements.
Disable internal DNS log collection
For the standard procedure to disable log collection, see Stop log collection.
When you disable internal DNS log collection in Log Audit Service, the system automatically stops collecting internal DNS logs in the dedicated project.
To disable the DNS network traffic analysis feature, go to the DNS Network Traffic Analysis console and click Disable Traffic Analysis.
Collect public authoritative DNS logs
Enable public authoritative DNS log collection
Go to the new DNS console, activate the DNS network traffic analysis service, and enable the network traffic analysis feature for the relevant domain names.
Log storage for public authoritative DNS logs does not support Chinese domain names.
Billing details
Total public authoritative DNS log fee = Network traffic analysis fee + Simple Log Service fee. For more information, see DNS network traffic analysis. If you do not agree to the billing for this feature, disable public authoritative DNS log collection.
Disable public DNS resolution log collection
For the standard procedure to disable log collection, see Enable and manage log collection.
Global Traffic Manager logs
Enable Global Traffic Manager log collection
Go to the new DNS console, activate the Global Traffic Manager service, and purchase a Global Traffic Manager instance.
This feature does not support log storage for Chinese domain names.
This feature is available only to whitelisted users. To be added to the whitelist by the DNS team, submit a ticket.
Billing details
Total Global Traffic Manager log fee = Traffic management fee + Simple Log Service fee. For more information, see Global Traffic Manager pricing. If you do not agree to the billing for this feature, disable Global Traffic Manager log collection.
Disable Global Traffic Manager log collection
For the standard procedure to disable log collection, see Enable and manage log collection.