Querying Access Control Logs

Function

This API is used to query access control logs.

Debugging

You can debug this API through automatic authentication in or use the SDK sample code generated by API Explorer.

URI

GET /v1/{project_id}/cfw/logs/access-control

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
fw_instance_id	Yes	String	Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.
rule_id	No	String	Rule ID
start_time	Yes	Long	Start time
end_time	Yes	Long	End time
src_ip	No	String	Source IP address
src_port	No	Integer	Source port
dst_ip	No	String	Destination IP address
dst_port	No	Integer	Destination port
protocol	No	String	Protocol
app	No	String	Application protocol
log_id	No	String	Document ID. The value is null for the first page and not null for the rest of the pages.
next_date	No	Integer	Date. The value is null for the first page and not null for the rest of the pages.
offset	No	Integer	Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0.
limit	Yes	Integer	Number of records displayed on each page
log_type	No	String	Log type Enumeration values: internet nat vpc
enterprise_project_id	No	String	Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project.

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
data	data object	Data returned for querying access control logs

**Table 5** data
Parameter	Type	Description
total	Integer	Returned quantity
limit	Integer	Number of records displayed on each page
records	Array of records objects	Record

**Table 6** records
Parameter	Type	Description
action	String	Action. 0: allow; 1: deny
rule_name	String	Rule name
rule_id	String	Rule ID
hit_time	Integer	Hit time
log_id	String	Document ID
src_ip	String	Source IP address
src_port	String	Source port
dst_ip	String	Destination IP address
dst_port	String	Destination port
protocol	String	Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added.
app	String	Application protocol

Status code: 400

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Error code Minimum: 8 Maximum: 36
error_msg	String	Description Minimum: 2 Maximum: 512

Example Requests

Query the records whose initial position is 0 on the first page of the firewall with the ID 2af58b7c-893c-4453-a984-bdd9b1bd6318 in the project 9d80d070b6d44942af73c9c3d38e0429. The query time range is 1664159069544 to 1664162669544.

https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/cfw/logs/access-control?fw_instance_id=2af58b7c-893c-4453-a984-bdd9b1bd6318&start_time=1664159069544&end_time=1664162669544&limit=10

Example Responses

Status code: 200

{
  "data" : {
    "limit" : 10,
    "records" : [ {
      "action" : "deny",
      "app" : "PING",
      "dst_ip" : "100.85.216.211",
      "dst_port" : 59,
      "hit_time" : 1664164255000,
      "log_id" : "46032",
      "protocol" : "ICMP: ECHO_REQUEST",
      "rule_id" : "c755be1c-4b92-4ae7-a15e-c2d02b152538",
      "rule_name" : "eip_ipv4_w_n_default_deny",
      "src_ip" : "100.95.148.49",
      "src_port" : 24954
    } ],
    "total" : 1
  }
}

Status code: 400

Bad Request

{
  "error_code" : "CFW.00500002",
  "error_msg" : "time range error"
}

Status Codes

Status Code	Description
200	OK
400	Bad Request
401	Unauthorized
403	Forbidden
404	Not Found
500	Internal Server Error

Error Codes

See Error Codes.

Parent topic: Log Query Management

Previous topic: Querying Flow Logs

Next topic: Querying Attack Logs

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel