当您使用RAM用户登录阿里云控制台时,会产生登录事件(ConsoleSignin)。本文为您介绍RAM用户登录事件示例及含义。
示例一:未进行MFA认证登录事件
以下示例表示RAM用户Alice未启用MFA认证,在北京时间2021年01月01日08:00:00登录了控制台。
{
"requestId": "1.167_1627549154939_339a",
"eventType": "ConsoleSignin",
"userIdentity": {
"accountId": "159498693826****",
"principalId": "23890260100229****",
"type": "ram-user",
"userName": "Alice"
},
"acsRegion": "cn-hangzhou",
"eventName": "ConsoleSignin",
"eventSource": "signin.aliyun.com",
"serviceName": "AasSub",
"eventTime": "2021-01-01T00:00:00Z",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36",
"eventId": "1.167_1627549154939_****",
"additionalEventData": {
"callbackUrl": "https://actiontrail.console.aliyun.com/cn-hangzhou/event-list?accounttraceid=******",
"mfaChecked": "false"
},
"errorCode": "",
"errorMessage": "",
"eventVersion": "1",
"sourceIpAddress": "192.168.XX.XX"
}示例中关键字段含义如下:
eventType:事件的类型。取值为ConsoleSignin,表示控制台登录事件。userIdentity.type:请求者的身份类型。取值为ram-user,表示RAM用户。userIdentity.userName:请求者的RAM用户名称。eventTime:事件的发生时间(UTC格式)。取值为2021-01-01T00:00:00Z,表示北京时间2021年01月01日08:00:00。additionalEventData.mfaChecked:是否启用MFA认证。取值为false,表示未启用MFA认证。
示例二:进行MFA认证登录事件
以下示例表示RAM用户Alice已启用MFA认证,在北京时间2021年01月01日08:00:00登录了控制台。
{
"requestId": "1.167_1627549154939_339a",
"eventType": "ConsoleSignin",
"userIdentity": {
"accountId": "159498693826****",
"principalId": "23890260100229****",
"type": "ram-user",
"userName": "Alice"
},
"acsRegion": "cn-hangzhou",
"eventName": "ConsoleSignin",
"eventSource": "signin.aliyun.com",
"serviceName": "AasSub",
"eventTime": "2021-01-01T00:00:00Z",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36",
"eventId": "1.167_1627549154939_****",
"additionalEventData":{
"callbackUrl": "https://actiontrail.console.aliyun.com/cn-hangzhou/event-list?accounttraceid=******",
"mfaChecked": "true"
},
"errorCode": "",
"errorMessage": "",
"eventVersion": "1",
"sourceIpAddress": "192.168.XX.XX"
}示例中关键字段含义如下:
eventType:事件的类型。取值为ConsoleSignin,表示控制台登录事件。userIdentity.type:请求者的身份类型。取值为ram-user,表示RAM用户。userIdentity.userName:请求者的RAM用户名称。eventTime:事件的发生时间(UTC格式)。取值为2021-01-01T00:00:00Z,表示北京时间2021年01月01日08:00:00。additionalEventData.mfaChecked:是否启用MFA认证。取值为true,表示已启用MFA认证。
示例三:登录失败事件
以下示例表示RAM用户Alice在北京时间2021年01月01日08:00:00登录控制台失败。
{
"eventId": "1.167_1627549154939_****",
"eventVersion": 1,
"errorMessage": "Password is error",
"eventSource": "signin.aliyun.com",
"errorCode": "Authentication.Failed",
"sourceIpAddress":"192.168.XX.XX",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36",
"eventType": "ConsoleSignin",
"userIdentity": {
"accountId": "159498693826****",
"principalId": "23890260100229****",
"type": "ram-user",
"userName": "Alice"
},
"serviceName": "AasSub",
"additionalEventData": {
"callbackUrl": "https://actiontrail.console.aliyun.com/cn-hangzhou/event-list?accounttraceid=****",
"mfaChecked": "false"
},
"extend": "USER_LOGIN",
"requestId": "1.167_1627549154939_339a",
"eventTime": "2021-01-01T00:00:00Z",
"isGlobal": true,
"acsRegion": "cn-hangzhou",
"eventName": "ConsoleSignin"
}示例中关键字段含义如下:
errorCode:错误码。取值为Authentication.Failed,表示登录失败。errorMessage:错误信息。取值为Password is error,表示密码错误。eventType:事件的类型。取值为ConsoleSignin,表示控制台登录事件。userIdentity.type:请求者的身份类型。取值为ram-user,表示RAM用户。userIdentity.userName:请求者的RAM用户名称。eventTime:事件的发生时间(UTC格式)。取值为2021-01-01T00:00:00Z,表示北京时间2021年01月01日08:00:00。