Log Audit Service allows you to quickly enable log collection for your cloud products. This topic describes how to enable log collection and perform related operations.
Prerequisites
You have an Alibaba Cloud account.
We recommend that you use a RAM user. The RAM user must have read permissions on RAM (for example, granted by the AliyunRAMReadOnlyAccess policy) and read/write permissions on Log Service (for example, granted by the AliyunLogFullAccess policy).
The cloud products that you want to collect logs from are activated. For more information, see Cloud product coverage and related resources.
Initial configuration
To enable log collection, you must use an Alibaba Cloud account or a RAM user that has the AliyunRAMFullAccess permission.
Log on to the Simple Log Service console.
Go to the Log Audit Service page.
NoteAs of January 21, 2025, the console entry point for Log Audit Service has been removed. However, it is still visible to existing users who activated the service before January 21, 2025. New users who need to use the old version can access the Log Audit Service (New Version) and use the Back to Old Version feature.
In the Log Application area, on the Audit & Security tab, click Log Audit Service (New Version).
In the upper-right corner of the New Log Audit page, click Back to Old Version to continue using the features of Log Audit (Old Version).
Follow the on-screen instructions to complete the authorization.
After authorization, Log Audit Service uses the AliyunServiceRoleForSLSAudit service-linked role to collect logs from cloud products. For more information, see Manage the AliyunServiceRoleForSLSAudit service-linked role.
Enable log collection
In the left-side navigation pane of the Log Audit Service console, choose Access to Cloud Services > Global Configurations.
In the Region of Central Project drop-down list, select the target region for centralized log storage.
-
China: China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Shenzhen), and China (Hong Kong)
-
Regions outside China: Singapore, Japan (Tokyo), Germany (Frankfurt), Indonesia (Jakarta), and Malaysia (Kuala Lumpur)
-
In the cloud product list, select the products for which you want to enable log collection, and configure the retention period.
For Layer 7 access logs of SLB, Layer 7 access logs of ALB, OSS access logs, PolarDB-X 1.0 audit logs, VPC flow logs, and internal DNS logs, you can also select Synchronization to Central Project. After you enable Synchronization to Central Project, the regional project acts as a transit project and does not need a long retention period. The console automatically adjusts the retention period to the recommended value.
Click Modify.
After completing the configuration, wait about 2 minutes and check the log collection status on the Access to Cloud Services > Access Status page. If an error occurs, adjust the settings based on the on-screen messages. For more information, see Enable and manage log collection.
Related operations
Enable encryption
Log Audit Service supports data encryption for dedicated Logstores by using the server-side encryption feature of Log Service.
Only central projects in the China (Hohhot) and China (Hong Kong) regions support encryption.
In the left-side navigation pane of the Log Audit Service console, choose Access to Cloud Services > Global Configurations.
On the Global Configurations page, click Modify in the upper-right corner.
Turn on the Enable Encryption switch, and select the corresponding encryption algorithm.
ImportantOnce selected, the encryption algorithm cannot be changed. Choose the algorithm with caution.
Click OK.
Stop log collection
To stop collecting logs from cloud products while keeping existing logs until their retention period expires, perform the following steps.
Stopping collection only prevents new logs from being collected. To change the log retention period, you must make the change while collection is enabled. Otherwise, the change does not take effect.
In the left-side navigation pane of the Log Audit Service console, choose Access to Cloud Services > Global Configurations.
On the Global Configurations page, click Modify in the upper-right corner.
Turn off the target log option and click OK.
Delete audit resources
Perform the following steps to clean up and delete all Log Service resources related to Log Audit Service. These resources include projects, Logstores, dashboards, and alerts.
In the left-side navigation pane of the Log Audit Service console, choose Access to Cloud Services > Global Configurations.
On the Global Configurations page, click Delete Audit Resource in the upper-right corner.
In the Delete All Resources of Log Audit Service dialog box, click Disable Log Collection for Cloud Services.
In the Confirm dialog box, click Confirm.
In the Delete All Resources of Log Audit Service dialog box, copy the command.
To delete all resources, copy all commands. To delete specific resources, copy only the required commands. The command format is as follows:
ImportantRun the delete commands in order. Delete the regional project first, and then delete the central project.
Before you delete a project, wait 1 to 2 minutes to ensure log collection for all cloud products has stopped.
Example command to delete a regional project
aliyunlog log delete_project --project_name=slsaudit-region-12****34-cn-huhehaote --region-endpoint=cn-huhehaote.log.aliyuncs.comExample command to delete a central project
aliyunlog log delete_project --project_name=slsaudit-center-12****34-cn-huhehaote --region-endpoint=cn-huhehaote.log.aliyuncs.com
In the commands,
12****34is the Alibaba Cloud account ID, andcn-huhehaoteis the region where the project resides.region-endpointis the endpoint of the Log Service project. For more information, see Endpoints.In the top navigation bar, click the
icon.In the Cloud Shell dialog box, run the commands that you copied.
The commands are run sequentially to delete the audit resources.