Updated on 2023-12-06 GMT+08:00

Querying Access Control Logs

Function

This API is used to query access control logs.

Debugging

You can debug this API through automatic authentication in or use the SDK sample code generated by API Explorer.

URI

GET /v1/{project_id}/cfw/logs/access-control

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

fw_instance_id

Yes

String

Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.

rule_id

No

String

Rule ID

start_time

Yes

Long

Start time

end_time

Yes

Long

End time

src_ip

No

String

Source IP address

src_port

No

Integer

Source port

dst_ip

No

String

Destination IP address

dst_port

No

Integer

Destination port

protocol

No

String

Protocol

app

No

String

Application protocol

log_id

No

String

Document ID. The value is null for the first page and not null for the rest of the pages.

next_date

No

Integer

Date. The value is null for the first page and not null for the rest of the pages.

offset

No

Integer

Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0.

limit

Yes

Integer

Number of records displayed on each page

log_type

No

String

Log type

Enumeration values:

  • internet

  • nat

  • vpc

enterprise_project_id

No

String

Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project.

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

data

data object

Data returned for querying access control logs

Table 5 data

Parameter

Type

Description

total

Integer

Returned quantity

limit

Integer

Number of records displayed on each page

records

Array of records objects

Record

Table 6 records

Parameter

Type

Description

action

String

Action. 0: allow; 1: deny

rule_name

String

Rule name

rule_id

String

Rule ID

hit_time

Integer

Hit time

log_id

String

Document ID

src_ip

String

Source IP address

src_port

String

Source port

dst_ip

String

Destination IP address

dst_port

String

Destination port

protocol

String

Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added.

app

String

Application protocol

Status code: 400

Table 7 Response body parameters

Parameter

Type

Description

error_code

String

Error code

Minimum: 8

Maximum: 36

error_msg

String

Description

Minimum: 2

Maximum: 512

Example Requests

Query the records whose initial position is 0 on the first page of the firewall with the ID 2af58b7c-893c-4453-a984-bdd9b1bd6318 in the project 9d80d070b6d44942af73c9c3d38e0429. The query time range is 1664159069544 to 1664162669544.

https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/cfw/logs/access-control?fw_instance_id=2af58b7c-893c-4453-a984-bdd9b1bd6318&start_time=1664159069544&end_time=1664162669544&limit=10

Example Responses

Status code: 200

OK

{
  "data" : {
    "limit" : 10,
    "records" : [ {
      "action" : "deny",
      "app" : "PING",
      "dst_ip" : "100.85.216.211",
      "dst_port" : 59,
      "hit_time" : 1664164255000,
      "log_id" : "46032",
      "protocol" : "ICMP: ECHO_REQUEST",
      "rule_id" : "c755be1c-4b92-4ae7-a15e-c2d02b152538",
      "rule_name" : "eip_ipv4_w_n_default_deny",
      "src_ip" : "100.95.148.49",
      "src_port" : 24954
    } ],
    "total" : 1
  }
}

Status code: 400

Bad Request

{
  "error_code" : "CFW.00500002",
  "error_msg" : "time range error"
}

Status Codes

Status Code

Description

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

500

Internal Server Error

Error Codes

See Error Codes.