更新时间:2024-10-31 GMT+08:00
分享

查询流日志

功能介绍

查询流日志

调用方法

请参见如何调用API

URI

GET /v1/{project_id}/cfw/logs/flow

表1 路径参数

参数

是否必选

参数类型

描述

project_id

String

项目ID, 可以从调API处获取,也可以从控制台获取。项目ID获取方式

表2 Query参数

参数

是否必选

参数类型

描述

fw_instance_id

String

防火墙id,可通过防火墙ID获取方式获取

direction

String

方向,包含in2out,out2in

log_type

String

日志类型包括:internet,vpc,nat

start_time

Long

开始时间,以毫秒为单位的时间戳,如1718936272648

end_time

Long

结束时间,以毫秒为单位的时间戳,如1718936272648

src_ip

String

源IP

src_port

Integer

源端口

dst_ip

String

目的IP

dst_port

Integer

目的端口

protocol

String

协议类型,包含TCP, UDP,ICMP,ICMPV6等。

app

String

规则应用类型包括:“HTTP”,"HTTPS","TLS1",“DNS”,“SSH”,“MYSQL”,“SMTP”,“RDP”,“RDPS”,“VNC”,“POP3”,“IMAP4”,“SMTPS”,“POP3S”,“FTPS”,“ANY”,“BGP”等。

log_id

String

文档ID,第一页为空,其他页不为空,其他页可取上一次查询最后一条数据的log_id

next_date

Long

下个日期,当是第一页时为空,不是第一页时不为空,其他页可取上一次查询最后一条数据的start_time

offset

Integer

偏移量:指定返回记录的开始位置,必须为数字,取值范围为大于0,首页时为空,非首页时不为空

limit

Integer

每页显示个数,范围为1-1024

enterprise_project_id

String

企业项目ID,用户根据组织规划企业项目,对应的ID为企业项目ID,可通过如何获取企业项目ID获取,用户未开启企业项目时为0

dst_host

String

目的主机

src_region_name

String

源region名称

dst_region_name

String

目的region名称

src_province_name

String

源省份名称

dst_province_name

String

目的省份名称

src_city_name

String

源城市名称

dst_city_name

String

目的城市名称

请求参数

表3 请求Header参数

参数

是否必选

参数类型

描述

X-Auth-Token

String

用户Token。可通过如何获取用户Token获取。

响应参数

状态码: 200

表4 响应Body参数

参数

参数类型

描述

data

data object

查询流日志返回值数据

表5 data

参数

参数类型

描述

total

Integer

查询流日志返回值记录总数

limit

Integer

每页显示个数,范围为1-1024

records

Array of records objects

记录

表6 records

参数

参数类型

描述

bytes

Double

字节

direction

String

方向,有内到外(in2out)和外到内(out2in)两种

packets

Integer

字节包数

start_time

Long

开始时间,以毫秒为单位的时间戳,如1718936272648

end_time

Long

结束时间,以毫秒为单位的时间戳,如1718936272648

log_id

String

文档ID

src_ip

String

源IP

src_port

Integer

源端口

dst_ip

String

目的IP

app

String

规则应用类型包括:“HTTP”,"HTTPS","TLS1",“DNS”,“SSH”,“MYSQL”,“SMTP”,“RDP”,“RDPS”,“VNC”,“POP3”,“IMAP4”,“SMTPS”,“POP3S”,“FTPS”,“ANY”,“BGP”等。

dst_port

Integer

目的端口

protocol

String

协议类型:TCP为6,UDP为17,ICMP为1,ICMPV6为58,ANY为-1,手动类型不为空,自动类型为空

dst_host

String

目标主机

dst_region_id

String

目的地域id

dst_region_name

String

目的地域名称

src_region_id

String

源地域id

src_region_name

String

源地域名称

dst_province_id

String

目的省份id

dst_province_name

String

目的省份名称

dst_city_id

String

目的城市id

dst_city_name

String

目的城市名称

src_province_id

String

源省份id

src_province_name

String

源省份名称

src_city_id

String

源城市id

src_city_name

String

源城市名称

状态码: 400

表7 响应Body参数

参数

参数类型

描述

error_code

String

错误码

error_msg

String

错误描述

请求示例

查询项目id为9d80d070b6d44942af73c9c3d38e0429防火墙id为2af58b7c-893c-4453-a984-bdd9b1bd6318,起点时间为1663555012000,终点时间为1664159798000的首页的流日志。

https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/cfw/logs/flow?fw_instance_id=2af58b7c-893c-4453-a984-bdd9b1bd6318&start_time=1663555012000&end_time=1664159798000&limit=10

响应示例

状态码: 200

查询流日志返回值

{
  "data" : {
    "limit" : 10,
    "records" : [ {
      "app" : "SSH",
      "bytes" : 34.5,
      "direction" : "out2in",
      "dst_ip" : "100.95.148.49",
      "dst_port" : 22,
      "end_time" : 1664155493000,
      "log_id" : "76354",
      "packets" : 25,
      "protocol" : "TCP",
      "src_ip" : "100.93.27.17",
      "src_port" : 49634,
      "start_time" : 1664155428000,
      "src_province_id" : "source province id",
      "src_province_name" : "source province name",
      "src_city_id" : "source city id",
      "src_city_name" : "source city name",
      "dst_province_id" : "dst province id",
      "dst_province_name" : "dst province name",
      "dst_city_id" : "dst city id",
      "dst_city_name" : "dst city name"
    } ],
    "total" : 1
  }
}

状态码: 400

Bad Request

{
  "error_code" : "CFW.00500002",
  "error_msg" : "时间间距错误"
}

SDK代码示例

SDK代码示例如下。

Java

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.cfw.v1.region.CfwRegion;
import com.huaweicloud.sdk.cfw.v1.*;
import com.huaweicloud.sdk.cfw.v1.model.*;


public class ListFlowLogsSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        CfwClient client = CfwClient.newBuilder()
                .withCredential(auth)
                .withRegion(CfwRegion.valueOf("<YOUR REGION>"))
                .build();
        ListFlowLogsRequest request = new ListFlowLogsRequest();
        try {
            ListFlowLogsResponse response = client.listFlowLogs(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

Python

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkcfw.v1.region.cfw_region import CfwRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkcfw.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = CfwClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(CfwRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListFlowLogsRequest()
        response = client.list_flow_logs(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

Go

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    cfw "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := cfw.NewCfwClient(
        cfw.CfwClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListFlowLogsRequest{}
	response, err := client.ListFlowLogs(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

更多

更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。

状态码

状态码

描述

200

查询流日志返回值

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

500

Internal Server Error

错误码

请参见错误码

相关文档