This topic describes the fields of traffic logs that are recorded for the Internet and virtual private cloud (VPC) firewalls in Cloud Firewall.
Fields of Internet firewall logs
Log field | Description |
---|---|
__topic__ | The topic of a log. The value is fixed as cloudfirewall_access_log. |
owner_id | The ID of an Alibaba Cloud account. |
log_type | The type of log. The value is fixed as internet_log. |
app_name | The type of application. Valid values include HTTPS, NTP, SIP, SMB, NFS, and DNS. If the type is unknown, the value Unknown is displayed. |
direction | The direction of traffic. Valid values:
|
domain | The domain name of a destination server. |
dst_ip | The IP address of a destination server. |
dst_port | The destination port. |
end_time | The time at which a session ends. The value is a UNIX timestamp. Unit: seconds. |
in_bps | The rate of inbound traffic. Unit: bit/s. |
in_packet_bytes | The total size of inbound packets. Unit: bytes. |
in_packet_count | The total number of inbound packets. |
in_pps | The rate of inbound packets. Unit: packets per second (pps). |
ip_protocol | The type of IP protocol. TCP and UDP are supported. |
out_bps | The rate of outbound traffic. Unit: bit/s. |
out_packet_bytes | The total size of outbound packets. Unit: bytes. |
out_packet_count | The total number of outbound packets. |
out_pps | The rate of outbound packets. Unit: pps. |
region_id | The ID of the region from which access traffic originates. |
rule_result | The result of how an access control policy processes access traffic. Valid values:
|
src_ip | The IP address of a source server. |
src_port | The source port. A host sends data from this port. |
start_time | The time at which a session starts. The value is a UNIX timestamp. Unit: seconds. |
start_time_min | The time at which a session starts. The value is a UNIX timestamp. The value is rounded up to the next minute. Unit: seconds. |
tcp_seq | The sequence number of a TCP segment. |
total_bps | The total rate of inbound and outbound traffic. Unit: bit/s. |
total_packet_bytes | The total size of inbound and outbound packets. Unit: bytes. |
total_packet_count | The total number of inbound and outbound packets. |
total_pps | The total rate of inbound and outbound packets. Unit: pps. |
src_private_ip | The private IP address of a source server. |
vul_level | The risk level of a vulnerability. Valid values:
|
url | The URL that is accessed. |
acl_rule_id | The ID of an access control list (ACL) policy that is matched. |
ips_rule_id | The ID of an intrusion prevention system (IPS) policy that is matched. |
ips_ai_rule_id | The ID of an intelligent policy that is matched. |
ips_rule_name | The Chinese name of an IPS policy that is matched. |
ips_rule_name_en | The English name of an IPS policy that is matched. |
attack_type_name | The Chinese name of an attack type. |
attack_type_name_en | The English name of an attack type. |
proxy_acl_rule_id | The ID of an ACL policy that is matched by forward proxies. |
Fields of VPC firewall logs
Log field | Description |
---|---|
__topic__ | The topic of a log. The value is fixed as cloudfirewall_vpc_log. |
log_type | The type of log. The value is fixed as vpc_firewall_log. |
aliuid | The ID of an Alibaba Cloud account. |
app_name | The type of application. Valid values include HTTPS, NTP, SIP, SMB, NFS, and DNS. If the type is unknown, the value Unknown is displayed. |
domain | The domain name of a destination server. |
dst_ip | The IP address of a destination server. |
dst_port | The destination port. |
dst_region | The ID of the region for which access traffic is destined. |
dst_network_instance_id | The ID of the instance for which access traffic is destined. The instance may be a VPC, virtual border router (VBR), or Cloud Connect Network (CCN). |
end_time | The time at which a session ends. The value is a UNIX timestamp. Unit: seconds. |
firewall_id | The ID of a VPC firewall.
|
in_bps | The rate of inbound traffic. Unit: bit/s. |
in_packet_bytes | The total size of inbound packets. Unit: bytes. |
in_packet_count | The total number of inbound packets. |
in_pps | The rate of inbound packets. Unit: pps. |
ip_protocol | The type of IP protocol. TCP and UDP are supported. |
out_bps | The rate of outbound traffic. Unit: bit/s. |
out_packet_bytes | The total size of outbound packets. Unit: bytes. |
out_packet_count | The total number of outbound packets. |
out_pps | The rate of outbound packets. Unit: pps. |
rule_result | The result of how an access control policy processes access traffic. Valid values:
|
src_ip | The IP address of a source server. |
src_port | The source port. |
src_region | The ID of the region from which access traffic originates. |
src_network_instance_id | The ID of the instance from which access traffic originates. The instance may be a VPC, VBR, or CCN. |
start_time | The time at which a session starts. The value is a UNIX timestamp. Unit: seconds. |
start_time_min | The time at which a session starts. The value is a UNIX timestamp. The value is rounded up to the next minute. Unit: seconds. |
tcp_seq | The sequence number of a TCP segment. |
total_bps | The total rate of inbound and outbound traffic. Unit: bit/s. |
total_packet_bytes | The total size of inbound and outbound packets. Unit: bytes. |
total_packet_count | The total number of inbound and outbound packets. |
total_pps | The total rate of inbound and outbound packets. Unit: pps. |
vul_level | The risk level of a vulnerability. Valid values:
|
ips_rule_name | The Chinese name of an IPS policy that is matched. |
ips_rule_name_en | The English name of an IPS policy that is matched. |
attack_type_name | The Chinese name of an attack type. |
attack_type_name_en | The English name of an attack type. |