Cloud firewall records the inbound and outbound traffic logs, including multiple log fields. You can perform query and analysis based on specific fields.

Field Name Description Example Comments
__time__ Time of the operation in Cloud Firewall 2018-02-27 11:58:15 -
__topic__ Log topic cloudfirewall_access_log Log topic is unique, which is cloudfirew for Cloud Firewall.
Log_type Log types Internet_log Internet_log refers to the Internet Traffic Log.
aliuid User's Alibaba Cloud UID 12333333333333 -
app_name Protocol of the access traffic HTTPS Possible values include HTTPS, NTP, SIP, SMB, NFS, and DNS. Unknown values are Unknown.
direction Traffic direction in
  • in: traffic goes to the ENI
  • out: traffic goes from the ENI
domain Domain name -
dst_ip Destination IP -
dst_port Destination port 443 -
end_time Session end time 1555399260 Unit: Seconds (Unix timestamp)
In_bps Bps of inbound traffic 11428 Unit: bps
In_packet_bytes Total number of bytes of inbound traffic 2857 -
In_packet_count Total number of packet of inbound traffic 18 -
In_pps Pps of inbound traffic 9 Unit: pps
Ip_protocol IP protocol type TCP Protocol name. TCP and UDP protocol are supported.
Out_bps Bps of outbound traffic 27488 Unit: bps
Out_packet_bytes Total number of bytes of outbound traffic 6872 -
Out_packet_count Total number of packet of outbound traffic 15 -
Out_pps Pps of outbound traffic 7 Unit: pps
region_id Region to which the access traffic belongs cn-beijing -
Rule_result Result of matching with the rules pass23 The result of matching with the rules. The values are:
  • Pass: The traffic is allowed to pass through Cloud Firewall.
  • Alert: Cloud Firewall detects threats in the traffic.
  • Discard: The traffic is not allowed to pass through Cloud Firewall.
src_ip Source IP -
src_port The port of the host from which traffic data is sent 47915 -
start_time Session start time 1555399258 Unit: Seconds (Unix timestamp)
Start_time_min Session start time, which is an integer in minutes 1555406460 Unit: Seconds (Unix timestamp)
Tcp_seq TCP serial number 3883676672 -
Total_bps Total bps of both inbound and outbound traffic 38916 Unit: bps
Total_packet_bytes Total number of bytes of both inbound and outbound traffic 9729 Unite: byte
Total_packet_count Total number of packets of both inbound and outbound traffic 33 -
Total_pps Total number of pps of both inbound and outbound traffic 16 Unit: pps
Src_private_ip Private IP of the source host
Vul_level Vulnerability Risk level High Vulnerability Risk level:
  • 1: Low
  • 2: Moderate
  • 3: High