Queries log traffic information.
Try it now
Test
RAM authorization
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| SourceIp |
string |
No |
The source IP address of the access request. |
139.217.234.XXX |
| Lang |
string |
No |
The language of the response. Valid values:
Valid values:
|
zh |
| Lang |
string |
No |
The language of the response. Valid values:
Valid values:
|
zh |
| StartTime |
string |
Yes |
The start time. The value is a UNIX timestamp in seconds. |
1730946241 |
| EndTime |
string |
Yes |
The end time. The value is a UNIX timestamp in seconds. |
1742926322 |
| AppId |
string |
No |
The application ID. |
7 |
| CurrentPage |
string |
No |
The page number. |
1 |
| PageSize |
string |
No |
The page number. |
10 |
| RuleId |
string |
No |
The rule ID. |
8b115ae3-da64-4b80-81c1-1cd2dd42**** |
| SourceCode |
string |
Yes |
The source code for tracing. |
yundun |
| DstIP |
string |
No |
The destination IP address. |
182.92.206.XXX |
| SrcIP |
string |
No |
The source IP address. |
10.68.60.XXX |
| SrcPrivateIP |
string |
No |
The private source IP address. |
10.100.134.XX |
| Direction |
string |
No |
The traffic direction. Valid values:
|
out |
| AssetRegion |
string |
No |
The region ID of the asset. |
cn-hangzhou |
| RuleResult |
string |
No |
The action of the rule. Valid values:
|
0 |
| IpProtocol |
string |
No |
The protocol type. |
icmp |
| SrcPort |
string |
No |
The source port. |
8082 |
| DstPort |
string |
No |
The destination port. |
9876 |
| AttackType |
string |
No |
The attack type. Valid values:
|
1 |
| RuleSource |
string |
No |
The source of the rule. Valid values:
|
1 |
| VulLevel |
string |
No |
The vulnerability level. Valid values:
|
1 |
| Isp |
string |
No |
The Internet Service Provider (ISP). |
电信 |
| Location |
string |
No |
The region of the source or destination IP address. |
杭州 |
| DomainName |
string |
No |
The domain name. |
example.com |
| FlowType |
string |
No |
The flow log type. Valid values:
|
All |
| FirewallType |
string |
No |
The firewall type. Valid values:
|
VpcFirewall |
| VpcFirewallId |
string |
No |
The instance ID of the VPC firewall. |
vfw-a42bbb7b887148c9**** |
| SrcVpcId |
string |
No |
The source VPC ID. |
vpc-wz9309pkwe06lv****tk4 |
| DstVpcId |
string |
No |
The destination VPC ID. |
vpc-wz95m1aq9b0h****vk1yb |
| SrcVpcRegionNo |
string |
No |
The region of the source VPC asset. |
cn-beijing |
| DstVpcRegionNo |
string |
No |
The region of the destination VPC asset. |
cn-shenzhen |
| DomainUrl |
string |
No |
The URL in the flow log. |
example.com |
| IpVersion |
string |
No |
The IP version. Valid values:
|
4 |
| MemberUid |
integer |
No |
The UID of the member account. |
128599825273**** |
| NatFirewallId |
string |
No |
The ID of the NAT firewall. |
vfw-tr-7a9c8901ed394**** |
| NatGatewayId |
string |
No |
The ID of the NAT Gateway. |
ngw-2zew6yn017hhzbm**** |
| AclPreState |
string |
No |
The pre-matching status of the access control list (ACL). |
normal |
| AclPreRuleId |
string |
No |
The ID of the pre-matched ACL rule. |
00000000-0000-0000-0000-000000000000 |
| AppDpiState |
string |
No |
The status of deep packet inspection (DPI). |
success |
| TlsScopeId |
string |
No |
The ID of the Transport Layer Security (TLS) inspection scope. |
tis-98fd64c5**** |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
|||
| RequestId |
string |
The ID of the request. |
633D92D1-768A-547F-8ADC-2870CF0A99F6 |
| PageInfo |
object |
The pagination information. |
|
| CurrentPage |
integer |
The current page number. |
1 |
| PageSize |
integer |
The number of entries returned per page. |
10 |
| TotalCount |
integer |
The total number of entries. |
2 |
| DataList |
array<object> |
The data list. |
|
|
array<object> |
|||
| Direction |
string |
The traffic direction. Valid values:
|
in |
| AttackType |
integer |
The attack type of the intrusion prevention event. Valid values:
|
0 |
| MemberUid |
string |
The UID of the Cloud Firewall member account. |
14151892****7022 |
| CountryId |
string |
The country ID. |
US |
| DstPort |
integer |
The destination port. |
80 |
| SrcPrivateIP |
string |
The private source IP address. |
172.16.101.7 |
| IpProtocol |
string |
The protocol type. |
tcp |
| DomainName |
string |
The domain name. |
aliyun.com |
| RuleId |
string |
The ID of the rule that is hit. |
00000000-0000-0000-0000-000000000000 |
| AppName |
string |
The application name. |
HTTP |
| AttackApp |
string |
The name of the attacked application. |
WebLogic |
| PacketCount |
integer |
The number of packets. |
23 |
| AppId |
integer |
The application ID. |
6 |
| RuleResult |
integer |
The final action on the traffic. Valid values:
|
pass |
| Ext |
string |
Other extended data. |
无 |
| DstIP |
string |
The destination IP address. This destination IP address is included in the intrusion prevention event. |
2.2.2.2 |
| PacketBytes |
integer |
The number of bytes in the packet. |
355 |
| InBytes |
string |
The inbound traffic. |
125 |
| IspId |
string |
The ISP ID. |
50075069 |
| Isp |
string |
The ISP. |
FOP Dmytro Nedilskyi |
| RegionId |
string |
The region ID. |
cn-hangzhou |
| SrcPort |
integer |
The source port. |
20206 |
| RuleName |
string |
The rule name. |
test |
| EndTime |
integer |
The end time of the data. The value is a UNIX timestamp in seconds. |
1751423363 |
| VpcFirewallId |
string |
The instance ID of the VPC firewall. |
vfw-4045ca7*** |
| CityId |
string |
The city ID. |
FI |
| StartTime |
integer |
The start time of the data. The value is a UNIX timestamp in seconds. |
1751423362 |
| CloseReason |
string |
The reason why the session was closed. |
tcp_fin |
| OutBytes |
string |
The outbound traffic. |
230 |
| VulLevel |
integer |
The vulnerability level. |
0 |
| RuleSource |
string |
The source of the rule that is hit. Valid values:
|
0 |
| OutPackets |
string |
The number of outbound messages. |
11 |
| InPackets |
string |
The number of inbound messages. |
12 |
| SrcIP |
string |
The source IP address. |
1.1.1.1 |
| Location |
string |
The region of the source or destination IP address. |
杭州 |
| DomainUrl |
string |
The URL in the flow log. |
xxx.com |
| CloudInstanceId |
string |
The ID of the cloud service instance. |
ngw-* |
| AclPreState |
string |
The pre-matching status of the ACL. Valid values: app_unknown: The application is not identified. domain_unknown: The domain name is not identified. normal: Normal |
normal |
| AclPreRuleId |
string |
The ID of the pre-matched ACL policy. If you leave this parameter empty, all policies are matched. |
2 |
| AclPreRuleName |
string |
The name of the pre-matched ACL policy. |
test |
| AppDpiState |
string |
The status of DPI. Valid values: none: The initial state. policy_discard: The connection failed to be established because it was blocked by an ACL or threat intelligence. tcp_not_establish: The TCP connection failed to be established. no_payload: The connection is established, but DPI has analyzed zero payloads. analysing: Identifying. unknown_loose: In loose mode, the identification failed, and the system continues to identify. unknown_strict: In strict mode, the identification failed. success: The identification is successful. |
success |
| Rules |
array<object> |
The list of rules. |
|
|
object |
The list of rules. |
||
| RuleName |
string |
The rule name. |
sharepoint |
| RuleId |
string |
The rule ID. |
17 |
| SrcVpc |
object |
The information about the source VPC. |
|
| VpcId |
string |
The instance ID of the source VPC. |
vpc-8vba1c1em97h0ji71**** |
| VpcName |
string |
The instance name of the source VPC. |
yi-vpc |
| RegionNo |
string |
The region ID of the source VPC. |
cn-beijing |
| DstVpc |
object |
The information about the destination VPC. |
|
| VpcId |
string |
The VPC instance ID. |
vpc-8vba1c1em97h0ji71b**** |
| VpcName |
string |
The instance name of the VPC. |
yi-vpc |
| RegionNo |
string |
The region ID. |
cn-hangzhou |
| PrivateIp |
string |
The private IP address. |
172.21.234.XXX |
| PrivatePort |
integer |
The private port. |
80 |
| TlsRuleId |
string |
The ID of the rule that is hit by the TLS inspection. |
tir-xxx |
| TlsRuleName |
string |
The name of the rule that is hit by the TLS inspection. |
test |
| TlsScopeId |
string |
The ID of the TLS inspection scope. |
tls-xxx |
Examples
Success response
JSON format
{
"RequestId": "633D92D1-768A-547F-8ADC-2870CF0A99F6",
"PageInfo": {
"CurrentPage": 1,
"PageSize": 10,
"TotalCount": 2
},
"DataList": [
{
"Direction": "in",
"AttackType": 0,
"MemberUid": "14151892****7022",
"CountryId": "US",
"DstPort": 80,
"SrcPrivateIP": "172.16.101.7",
"IpProtocol": "tcp",
"DomainName": "aliyun.com",
"RuleId": "00000000-0000-0000-0000-000000000000",
"AppName": "HTTP",
"AttackApp": "WebLogic",
"PacketCount": 23,
"AppId": 6,
"RuleResult": 0,
"Ext": "无",
"DstIP": "2.2.2.2",
"PacketBytes": 355,
"InBytes": "125",
"IspId": "50075069",
"Isp": "FOP Dmytro Nedilskyi",
"RegionId": "cn-hangzhou",
"SrcPort": 20206,
"RuleName": "test",
"EndTime": 1751423363,
"VpcFirewallId": "vfw-4045ca7***",
"CityId": "FI",
"StartTime": 1751423362,
"CloseReason": "tcp_fin",
"OutBytes": "230",
"VulLevel": 0,
"RuleSource": "0",
"OutPackets": "11",
"InPackets": "12",
"SrcIP": "1.1.1.1",
"Location": "杭州",
"DomainUrl": "xxx.com",
"CloudInstanceId": "ngw-*",
"AclPreState": "normal",
"AclPreRuleId": "2",
"AclPreRuleName": "test",
"AppDpiState": "success",
"Rules": [
{
"RuleName": "sharepoint",
"RuleId": "17"
}
],
"SrcVpc": {
"VpcId": "vpc-8vba1c1em97h0ji71****",
"VpcName": "yi-vpc",
"RegionNo": "cn-beijing"
},
"DstVpc": {
"VpcId": "vpc-8vba1c1em97h0ji71b****",
"VpcName": "yi-vpc",
"RegionNo": "cn-hangzhou"
},
"PrivateIp": "172.21.234.XXX",
"PrivatePort": 80,
"TlsRuleId": "tir-xxx",
"TlsRuleName": "test",
"TlsScopeId": "tls-xxx"
}
]
}Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | ErrorAliUid | Aliuid invalid. | The aliuid is invalid. |
| 400 | ErrorAliUidBlackList | The specified aliUid is invalid. | The specified aliUid is invalid. |
| 400 | ErrorSourceCodeError | The source code is invalid. | The source code is invalid. |
| 400 | ErrorTrafficSlsFirewallType | The firewall type of traffic log is invalid. | The firewall type of traffic log is invalid. |
| 400 | ErrorIpFormat | The IP address is invalid. | The IP address is invalid. |
| 400 | ErrorPortError | The port is invalid. | The port is invalid. |
| 400 | ErrorIpProtocolError | The protocol is invalid. | The protocol is invalid. |
| 400 | ErrorDirectionError | The direction is invalid. | The direction is invalid. |
| 400 | ErrorAttackTypeError | The attack type is invalid. | The attack type is invalid. |
| 400 | ErrorVulLevelFailed | VulLevel has failed. | VulLevel has failed. |
| 400 | ErrorRuleResultError | The rule result is invalid. | The rule result is invalid. |
| 400 | ErrorAppIdError | An app ID error occurred. | An app ID error occurred. |
| 400 | ErrorFlowType | The flow type is invalid. | The flow type is invalid. |
| 400 | ErrorIspError | The ISP name is invalid. | The ISP name is invalid. |
| 400 | ErrorLocationError | The location name is invalid. | The location name is invalid. |
| 400 | ErrorDomainName | The domain name is invalid. | The domain name is invalid. |
| 400 | ErrorTimeError | The time is invalid. | The time is invalid. |
| 400 | ErrorPageNo | Either page number or page size is invalid. | Either page number or page size is invalid. |
| 400 | ErrorParameters | A parameter error occurred. | A parameter error occurred. |
| 400 | ErrorSLSLogStore | Failed to get SLS logstore. | Failed to obtain the Log Service logstore. |
| 400 | ErrorDBSelectError | A database select error occurred. | The error message returned because an internal error has occurred in querying the database. |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.