Tencent Cloud

Recent Pages

Log Audit

Last updated: 2024-01-24 16:17:26

This topic describes how to view Cloud Firewall logs.
Viewing access control logs
1. Log in to the Cloud Firewall console and select Log Auditing -> Access Control Logs in the left navigation pane.
2. On the Access control logs page, you can view the rule hit logs generated by Cloud Firewall based on the configured access control rules for edge firewalls, NAT firewalls, inter-VPC firewalls, and enterprise security groups.
On the Edge firewall and NAT firewall pages, you can view two hit lists for inbound rules and outbound rules.
﻿
3. Click View in the action column on the right side of the rule hit list.
﻿
4. On the Details of hit rule page, you can view the hit details of the rule.
﻿
Note
If the rule is deleted after generation of the log, the status is Deleted.
If the rule is modified after generation of the log, the status is Modified.
If the rule is not modified or deleted after generation of the log, the status is New.
5. To retrieve and filter access control logs more quickly, you can click 
﻿
 on the right of an access source or access destination to view all rule hits from or to an IP address.
﻿
6. Click 
﻿
 on the right side of the page to download the logs. You can also set filters, and download up to 60,000 records each time.
Viewing intrusion defense logs
1. Log in to the Cloud Firewall console and select Log Auditing -> Intrusion Defense Logs in the left navigation pane.
2. On the Intrusion defense logs page, you can view all the security events generated and recorded by Cloud Firewall in the Observe and Block modes. There are four lists for intrusions, compromised servers, lateral movements, and network honeypots, and you can view details of inbound and outbound security events.
 
﻿
Viewing traffic logs
1. Log in to the Cloud Firewall console and select Log Auditing -> Traffic Logs in the left navigation pane.
2. On the Traffic logs page, you can view the 10-tuple information of north-south traffic generated by edge firewalls and NAT firewalls based on outbound and inbound traffic, as well as east-west traffic between VPCs.
﻿
3. Query and filter logs by asset instance name. You can click All assets in the upper left corner, and select an asset instance name in the drop-down list to filter the logs and query all traffic logs of the asset.
﻿
4. To retrieve and filter logs more quickly, you can click 
﻿
 on the right of an access source or access destination to view all traffic from or to an IP address.
﻿
Authorizing private network traffic logs
1. Log in to the Cloud Access Management console, and select Roles in the left navigation pane.
2. On the Roles page, click Create Role, select your Tencent Cloud account, and enter the role creation page.
3. On the page, select Other root account, enter the traffic log public account 91000000202, and click Next.
4. Search for the keyword log service, authorize full read/write permissions for the log service QcloudCLSFullAccess, and click Next.
5. Enter the role name FlowLogClsRole, and click Complete to create the role.
Viewing operation logs
1. Log in to the Cloud Firewall console and select Log Auditing -> Operation Logs in the left navigation pane.
2. On the Operation logs page, you can view all actions performed on the Security Policies and Toggles pages of the account and their details.
﻿
Tabs:
Firewall toggles: Records firewall toggle operations.
Instance configuration: Records the configuration details of instances.
Access control: Records add, modify, and delete operations on access control rules.
Intrusion defense: Records the operation details of intrusion defense modules.
Security baseline: Records security baseline operations.
Address templates: Records the operation details of address templates.
Enterprise security groups: Records the operations on enterprise security groups.
Log shipping: Records the details of log shipping operations.
Logins: Records the login status of all accounts of the user.
More information
For questions about log auditing, please see Log.