WAF stores logs collected by Simple Log Service (SLS) for 180 days by default. Change the retention period to match your compliance requirements, storage budget, or audit schedule. Expired logs are automatically deleted when the period ends.
Prerequisites
Before you begin, ensure that you have:
A WAF 3.0 instance with Simple Log Service for WAF enabled
Change the log retention period
Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and region of your WAF instance. Regions available: Chinese Mainland and Outside Chinese Mainland.
In the left-side navigation pane, choose Detection and Response > Log Service.
In the upper-right corner of the Log Service page, click Storage Duration to open the Simple Log Service console.
On the Logstore Attributes page, click Modify in the upper-right corner.
Set Data Retention Period to one of the following options, then click Save.
Option Range When to use Specified Days 1–3,650 days Standard compliance requirements — for example, 90 or 180 days for regulatory audits Permanent Storage No limit Logs that must be retained indefinitely
Expired logs are automatically deleted once the retention period ends.
When to adjust the retention period
Match the retention period to your specific situation:
Reduce storage costs — As log volume grows, a shorter retention period lowers storage usage and cost.
Improve query performance — A smaller log dataset speeds up queries and analysis.
Meet compliance requirements — Regulations vary by industry and region. Set the period to satisfy your specific compliance mandate.
Support auditing and monitoring — Set the period to cover the full time range required for your audit and security event review cycles.
Limit data exposure — A shorter retention period reduces the risk of sensitive data being exposed over time.
Adapt to changing requirements — Adjust the period whenever business needs or resource constraints change.