Control: 2.8 Ensure Cloud Firewall access and security log analysis is enabled


Log Service collects log entries of internet traffic that are protected by Cloud Firewall, and supports real-time log query and analysis. The query results are centrally displayed in dashboards.


Perform the following ensure the Cloud Firewall access and security log is enabled:

From Console

  1. Logon to Cloud Firewall Console.
  2. In the left-side navigation pane, select Advanced Features > Log Analysis.
  3. Click Active Now on the Log Analysis page.
  4. Select your log storage capacity, and then click Pay to complete the payment.
  5. Go back to Log Analysis page on Cloud Firewall console.
  6. Click the Status on the right side to enable the Log Analysis service.


Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_2_8

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_2_8 --share


This control uses a named query: