Operations Recorded by CTS
Cloud Trace Service (CTS) records the operations on CFW. With CTS, you can query, audit, and backtrack these operations. For details about CTS and how to enable and configure it, see Getting Started with CTS.
Table 1 lists CFW operations recorded by CTS.
Operation |
Resource Type |
Trace Name |
---|---|---|
EIP protection |
eip_protection_operation |
eipOperateProtectService |
Enable EIP protection |
eip_protection_operation |
eipOperateProtectServiceEnable |
Disable EIP protection |
eip_protection_operation |
eipOperateProtectServiceDisable |
Create an ACL rule |
acl |
createACLRule |
Modify an ACL rule |
acl |
createACLRule |
Delete an ACL rule |
acl |
deleteACLRule |
Configure ACL rule priority |
acl |
modifyACLRule |
View ACL rule hits
NOTE:
The number of hits here is the number of hits in the policy list. The count continues to increase unless reset to 0. |
acl |
showRuleHitCount |
Configure ACL priority |
acl |
setACLRulePriority |
Create a blacklist |
black_white_list |
createBlackList |
Modify a blacklist |
black_white_list |
modifyBlackList |
Delete a blacklist |
black_white_list |
deleteBlackList |
Create a whitelist |
black_white_list |
createWhiteList |
Modify a whitelist |
black_white_list |
modifyWhiteList |
Delete a whitelist |
black_white_list |
deleteWhiteList |
Create an IP address group |
address_group |
createIPAddressGroup |
Update an IP address group |
address_group |
updateIPAddressGroup |
Delete an IP address group |
address_group |
deleteIPAddressGroup |
Delete address groups in batches |
address_group |
batchDeleteIPAddressGroup |
Add a member to an IP address group |
address_group_member |
addIPAddressGroupMember |
Update a member in an IP address group. |
address_group_member |
updateIPAddressGroupMember |
Delete a member from an IP address group |
address_group_member |
deleteIPAddressGroupMember |
Create a service group |
service_group |
addServiceGroup |
Update a service group |
service_group |
updateServiceGroup |
Delete a service group |
service_group |
deleteServiceGroup |
Delete service groups in batches |
service_group |
batchDeleteServiceGroup |
Add a member to a service group |
service_group_member |
addServiceGroupMember |
Update a member in a service group |
service_group_member |
updateServiceGroupMember |
Delete a member from a service group |
service_group_member |
deleteServiceGroupMember |
Create a domain name group |
domain_set |
addDomainSet |
Update a domain name group |
domain_set |
updateDomainSet |
Delete a domain name group |
domain_set |
deleteDomainSet |
Delete domain name groups in batches |
domain_set |
batchDeleteDomainSet |
Add domain names in batches |
domain_set |
batchAddDomain |
Delete a domain name |
domain |
deleteDomainName |
Create a schedule |
schedule |
createSchedule |
Update a schedule |
schedule |
updateSchedule |
Delete a schedule |
schedule |
deleteSchedule |
Delete schedules in batches |
schedule |
batchDeleteSchedule |
Create a packet capture task |
capture |
createCaptureTask |
Stop a packet capture task |
capture |
deleteCaptureTask |
Delete a packet capture task |
capture |
cancelCaptureTask |
Create an east-west CFW instance |
cfw |
createEWFirewallInstance |
Create a south-north CFW instance |
cfw |
createSNFirewallInstance |
Update a firewall |
cfw |
updateFirewallInstance |
Delete a firewall |
cfw |
deleteFirewallInstance |
Upgrade a firewall |
cfw |
upgradeFirewallInstance |
Add a tag |
cfw |
createTags |
Delete a tag |
cfw |
deleteTags |
Freeze a firewall
NOTE:
A firewall may be frozen due to the following reasons:
|
cfw |
freezeFirewallInstance |
Change a firewall name |
cfw |
changeFirewallName |
Update attack logs and deliver configurations |
alarm_config |
updateAlarmConfig |
Update a user's DNS server configurations |
dns_server |
updateDnsServer |
Create an east-west firewall |
cfw |
createEastWestFirewall |
Enable an east-west firewall |
cfw |
enableEwFirewallProtect |
Disable an east-west firewall |
cfw |
disableEwFirewallProtect |
Purchase a firewall |
cfw |
addFirewallOrder |
Delete a firewall |
cfw |
deleteFirewall |
Upgrade a firewall |
cfw |
changeFirewall |
Modify or create an IPS protection mode |
ips |
createOrUpdateIpsMode |
Enable a virtual patch |
ips |
enableVirtualPatches |
Disable a virtual patch |
ips |
disableVirtualPatches |
Change the sensitive directory scan status or the reverse shell rule status |
cfw |
changeAdvanceIpsRuleStatus |
Modify log management configurations |
log_config |
changeLogConfig |
Import an ACL |
import |
importCFW |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.