Parameter | Description |
Destination | Select CKafka (public domain). |
Kafka instance | CSC automatically obtains the CKafka instances under your account. Select the instance you need. |
Public domain | Select the public domain name. |
Username | Enter the username used to access the Kafka instance. |
Password | Enter the password used to access the Kafka instance. |
Log source | Options include CWPP, CFW and WAF. |
Log type | Options of log types vary by the log source. |
Topic ID/name | Select the log topic as needed. |
Operation | Add: Click Add log shipping configuration to add multiple log sources. Delete: Locate the configuration to delete and click Delete under Operation. Edit: Click Modify configuration on the log shipping page to modify the relevant log shipping configuration. |
Parameter | Description |
Destination | Select CKafka (supporting environment). |
Kafka instance ID | CSC automatically obtains the CKafka instances under your account. Select the instance you need. |
Supporting environment | Select the support environment as needed. |
Log source | Options include CWPP, CFW and WAF. |
Log type | Options of log types vary by the log source. |
Topic ID/name | Select the log topic as needed. |
Operation | Add: Click Add log shipping configuration to add multiple log sources. Delete: Locate the configuration to delete and click Delete under Operation. Edit: Click Modify configuration on the log shipping page to modify the relevant log shipping configuration. |
Parameter | Description |
Destination | Select External Kafka (public network). |
Public network | Enter the public network address of the external Kafka. |
Username | Enter the username used to access the Kafka instance. |
Password | Enter the password used to access the Kafka instance. |
Log source | Options include CWPP, CFW and WAF. |
Log type | Options of log types vary by the log source. |
Topic name | Enter the log topic name as needed. |
Operation | Add: Click Add log shipping configuration to add multiple log sources. Delete: Locate the configuration to delete and click Delete under Operation. Edit: Click Modify configuration on the log shipping page to modify the relevant log shipping configuration. |
Scenario | How-to | Outcome |
The administrator/delegated administrator needs to ship logs of multiple products under all accounts to the same Kafka destination. | Select all accounts from the Multi-account drop-down list. Select CKafka (public domain) or CKafka (supporting environment) for Destination. CKafka instances under the administrator account are automatically obtained and listed. Select the destination CKafka instance as needed. | Display the information of CKafka instances under the administrator account. Details of log shipping configurations are synched automatically. |
The administrator/delegated administrator needs to manage logs of specified accounts. | Select target accounts from the Multi-account drop-down list. Select CKafka (public domain) or CKafka (supporting environment) for Destination. CKafka instances under the target accounts are automatically obtained and listed. Select the destination CKafka instance as needed. | Display the information of CKafka instances under the target accounts. Details of log shipping configurations are synched automatically. |
The administrator/delegated administrator needs to manage the logs of the current account (administrator/delegated administrator). | Select the current administrator/delegated administrator account from the Multi-account download list. Select CKafka (public domain) or CKafka (supporting environment) for Destination. CKafka instances under the current administrator/delegated administrator account are automatically obtained and listed. Select the destination CKafka instance as needed. | Display the information of CKafka instances under the current administrator/delegated administrator account. Details of log shipping configurations are synched automatically. |
106.55.200.0/24106.55.201.0/24106.55.202.0/2481.71.5.0/24134.175.239.0/24193.112.130.0/24193.112.164.0/24193.112.221.0/24111.230.173.0/24111.230.181.0/24129.204.232.0/24193.112.129.0/24193.112.153.0/24106.52.11.0/24106.55.52.0/24118.89.20.0/24193.112.32.0/24193.112.60.0/24106.52.106.0/24106.52.67.0/24106.55.254.0/2442.194.128.0/2442.194.133.0/24106.52.69.0/24118.89.64.0/24129.204.249.0/24182.254.171.0/24193.112.170.0/24106.55.207.0/24119.28.101.0/24150.109.12.0/24
Product | Log type | Description |
Cloud Firewall (CFW) | Access control logs | Logs of hits on access control rules for edge firewalls, NAT firewalls, inter-VPC firewalls, and enterprise security groups. |
| | |
| Intrusion prevention logs | Logs of security events detected by the Observe and Block policies. Event types include intrusions, compromised servers, lateral movements, and network honeypots. |
| Traffic logs | Logs of north-south traffic generated by edge firewalls and NAT firewalls based on outbound and inbound traffic, as well as east-west traffic between VPCs. |
| Operation logs | Logs of all operations performed on the security policies and toggles |
Web Application Firewall (WAF) | Attack logs | Logs of attacks, including the attack time, attacker IP, attack type and other attack details. |
| Access logs | Logs of access to domain names. |
Cloud Workload Protection Platform (CWPP) | Intrusion detection logs | Logs of Trojans, high-risk commands, local privilege escalation and all abnormal login events. |
| Vulnerability management logs | Security log of vulnerability security events |
| Advanced defense logs | Logs of advanced features, including Java Webshell and attack detection. |
| Agent logs | Abnormal CWPP agent events, including the agent being offline for over 24 hours and the agent being uninstalled (only for Linux servers). |
Was this page helpful?