检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Audit and Logging Monitoring is key to ensuring the reliability, availability, and performance of CFW. You can summarize operation logs of Huawei Cloud services for analysis, audit, resource monitoring, and fault locating. CFW interworks with Cloud Trace Service (CTS).
Log Audit Protection Log Overview Querying Logs Log Management
CTS Auditing Operations Recorded by CTS Viewing Audit Logs
Viewing Audit Logs After you enable CTS, the system starts recording operations on CFW. You can view the operation records of the last seven days on the CTS console. For details about how to view audit logs, see Querying Real-Time Traces (for New Console).
Choose Log Audit > Log Query. On the Access Control Logs tab, view the protection records of the rule. Parent topic: Network Traffic
√ √ √ Log Audit Log Audit records the details of attack events, hit details of access control policies, and all traffic passing through the firewall.
Log Management Configuring Logs Changing the Log Storage Duration Log Field Description Parent Topic: Log Audit
Alarm Notification Creating a Packet Capture Task Log Audit You can check the events, access control, traffic bytes, and number of packets in the past week.
Security Shared Responsibilities Identity Authentication and Access Control Data Protection Technologies Audit and Logging Service Resilience Risk Monitoring Certificates
With CTS, you can query, audit, and backtrack these operations. For details about CTS and how to enable and configure it, see Getting Started with CTS. Table 1 describes the CFW operations recorded by CTS.
Parent Topic: Log Audit
Export Guide Choose Log Audit > Log Query and export logs. For details, see Downloading Packet Capture Results.
Traffic Analysis and log audit: CFW controls, analyzes, and visualizes VPC traffic, audits logs, and traces traffic sources.
In the navigation pane on the left, choose Log Audit > Log Management. On the displayed page, click Modify Log Storage Duration. Logs can be stored for 1 to 365 days. Logs that exceed the specified storage duration are automatically deleted.
Traffic Analysis and log audit: CFW controls, analyzes, and visualizes VPC traffic, audits logs, and traces traffic sources.
In the navigation pane, choose Log Audit > Log Query. Click Attack Event Logs tab. In the Operation column of the target event, click View. Figure 1 Viewing Attack Event Log Details In the Details page, click the Attack Payload tab, and obtain the value of X-Forwarded-For field.
In the navigation pane, choose Log Audit > Log Query. Click the Access Control Logs tab. In the rows where Destination IP is xx.xx.xx.1, the corresponding Action is Block.
Choose Log Audit > Log Query and click the Traffic Logs tab. The total traffic from the start to the end of a session is displayed. Data about a session is not reported until the session is terminated. View data on any page under the Traffic Analysis menu item.
Parent Topic: Log Audit
In the navigation pane, choose Log Audit > Log Query. Click the Attack Event Logs query and record the Rule ID of the rule that blocks traffic. Figure 1 Rule ID Click View Effective Rules under Basic Protection. The Basic Protection tab is displayed.
