Help Center> Cloud Firewall> API Reference> API> Log Management> Querying Access Control Logs

Updated on 2024-04-07 GMT+08:00

Online Debugging

CLI Examples

View PDF

Querying Access Control Logs

Function

This API is used to query access control logs.

Calling Method

For details, see Calling APIs.

URI

GET /v1/{project_id}/cfw/logs/access-control

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
fw_instance_id	Yes	String	Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.
rule_id	No	String	Rule ID
start_time	Yes	Long	Start time
end_time	Yes	Long	End time
src_ip	No	String	Source IP address
src_port	No	Integer	Source port
dst_ip	No	String	Destination IP address
dst_port	No	Integer	Destination port
protocol	No	String	Protocol
app	No	String	Application protocol
log_id	No	String	Document ID. The value is null for the first page and not null for the rest of the pages.
next_date	No	Integer	Date. The value is null for the first page and not null for the rest of the pages.
offset	No	Integer	Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0.
limit	Yes	Integer	Number of records displayed on each page, in the range 1-1024
log_type	No	String	Log type Enumeration values: internet nat vpc
enterprise_project_id	No	String	Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project.
dst_host	No	String	destination host
rule_name	No	String	rule name
action	No	String	Action. 0: allow; 1: deny
src_region_name	No	String	source region name
dst_region_name	No	String	destination region name

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
data	data object	Data returned for querying access control logs

**Table 5** data
Parameter	Type	Description
total	Integer	Returned quantity
limit	Integer	Number of records displayed on each page, in the range 1-1024
records	Array of records objects	Record

**Table 6** records
Parameter	Type	Description
action	String	Action. 0: allow; 1: deny
rule_name	String	Rule name
rule_id	String	Rule ID
hit_time	Long	Hit time
src_region_id	String	source region id
src_region_name	String	source region name
dst_region_id	String	destination region id
dst_region_name	String	destination region name
log_id	String	Document ID
src_ip	String	Source IP address
src_port	Integer	Source port
dst_ip	String	Destination IP address
dst_port	Integer	Destination port
protocol	String	Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added.
app	String	Application protocol
dst_host	String	destination host

Status code: 400

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Error code Minimum: 8 Maximum: 36
error_msg	String	Description Minimum: 2 Maximum: 512

Example Requests

Query the records whose initial position is 0 on the first page of the firewall with the ID 2af58b7c-893c-4453-a984-bdd9b1bd6318 in the project 9d80d070b6d44942af73c9c3d38e0429. The query time range is 1664159069544 to 1664162669544.

https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/cfw/logs/access-control?fw_instance_id=2af58b7c-893c-4453-a984-bdd9b1bd6318&start_time=1664159069544&end_time=1664162669544&limit=10

Example Responses

Status code: 200

{
  "data" : {
    "limit" : 10,
    "records" : [ {
      "action" : "deny",
      "app" : "PING",
      "dst_ip" : "100.85.216.211",
      "dst_port" : 59,
      "hit_time" : 1664164255000,
      "log_id" : "46032",
      "protocol" : "ICMP: ECHO_REQUEST",
      "rule_id" : "c755be1c-4b92-4ae7-a15e-c2d02b152538",
      "rule_name" : "eip_ipv4_w_n_default_deny",
      "src_ip" : "100.95.148.49",
      "src_port" : 24954
    } ],
    "total" : 1
  }
}

Status code: 400

Bad Request

{
  "error_code" : "CFW.00500002",
  "error_msg" : "time range error"
}

SDK Sample Code

The SDK sample code is as follows.

Java

    
     
       
       
         package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.cfw.v1.region.CfwRegion;
import com.huaweicloud.sdk.cfw.v1.*;
import com.huaweicloud.sdk.cfw.v1.model.*;


public class ListAccessControlLogsSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");

        ICredential auth = new BasicCredentials()
                .withAk(ak)
                .withSk(sk);

        CfwClient client = CfwClient.newBuilder()
                .withCredential(auth)
                .withRegion(CfwRegion.valueOf("<YOUR REGION>"))
                .build();
        ListAccessControlLogsRequest request = new ListAccessControlLogsRequest();
        request.withFwInstanceId("<fw_instance_id>");
        request.withRuleId("<rule_id>");
        request.withStartTime(<start_time>L);
        request.withEndTime(<end_time>L);
        request.withSrcIp("<src_ip>");
        request.withSrcPort(<src_port>);
        request.withDstIp("<dst_ip>");
        request.withDstPort(<dst_port>);
        request.withProtocol("<protocol>");
        request.withApp("<app>");
        request.withLogId("<log_id>");
        request.withNextDate(<next_date>);
        request.withOffset(<offset>);
        request.withLimit(<limit>);
        request.withLogType(ListAccessControlLogsRequest.LogTypeEnum.fromValue("<log_type>"));
        request.withEnterpriseProjectId("<enterprise_project_id>");
        request.withDstHost("<dst_host>");
        request.withRuleName("<rule_name>");
        request.withAction("<action>");
        try {
            ListAccessControlLogsResponse response = client.listAccessControlLogs(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

        

      

    
   

Python

    
     
       
       
         # coding: utf-8

from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkcfw.v1.region.cfw_region import CfwRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkcfw.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = __import__('os').getenv("CLOUD_SDK_AK")
    sk = __import__('os').getenv("CLOUD_SDK_SK")

    credentials = BasicCredentials(ak, sk) \

    client = CfwClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(CfwRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListAccessControlLogsRequest()
        request.fw_instance_id = "<fw_instance_id>"
        request.rule_id = "<rule_id>"
        request.start_time = <start_time>
        request.end_time = <end_time>
        request.src_ip = "<src_ip>"
        request.src_port = <src_port>
        request.dst_ip = "<dst_ip>"
        request.dst_port = <dst_port>
        request.protocol = "<protocol>"
        request.app = "<app>"
        request.log_id = "<log_id>"
        request.next_date = <next_date>
        request.offset = <offset>
        request.limit = <limit>
        request.log_type = "<log_type>"
        request.enterprise_project_id = "<enterprise_project_id>"
        request.dst_host = "<dst_host>"
        request.rule_name = "<rule_name>"
        request.action = "<action>"
        response = client.list_access_control_logs(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

        

      

    
   

Go

    
     
       
       
         package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    cfw "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        Build()

    client := cfw.NewCfwClient(
        cfw.CfwClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListAccessControlLogsRequest{}
	request.FwInstanceId = "<fw_instance_id>"
	ruleIdRequest:= "<rule_id>"
	request.RuleId = &ruleIdRequest
	request.StartTime = int64(<start_time>)
	request.EndTime = int64(<end_time>)
	srcIpRequest:= "<src_ip>"
	request.SrcIp = &srcIpRequest
	srcPortRequest:= int32(<src_port>)
	request.SrcPort = &srcPortRequest
	dstIpRequest:= "<dst_ip>"
	request.DstIp = &dstIpRequest
	dstPortRequest:= int32(<dst_port>)
	request.DstPort = &dstPortRequest
	protocolRequest:= "<protocol>"
	request.Protocol = &protocolRequest
	appRequest:= "<app>"
	request.App = &appRequest
	logIdRequest:= "<log_id>"
	request.LogId = &logIdRequest
	nextDateRequest:= int32(<next_date>)
	request.NextDate = &nextDateRequest
	offsetRequest:= int32(<offset>)
	request.Offset = &offsetRequest
	request.Limit = int32(<limit>)
	logTypeRequest:= model.GetListAccessControlLogsRequestLogTypeEnum().<LOG_TYPE>
	request.LogType = &logTypeRequest
	enterpriseProjectIdRequest:= "<enterprise_project_id>"
	request.EnterpriseProjectId = &enterpriseProjectIdRequest
	dstHostRequest:= "<dst_host>"
	request.DstHost = &dstHostRequest
	ruleNameRequest:= "<rule_name>"
	request.RuleName = &ruleNameRequest
	actionRequest:= "<action>"
	request.Action = &actionRequest
	response, err := client.ListAccessControlLogs(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

        

      

    
   

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code	Description
200	OK
400	Bad Request
401	Unauthorized
403	Forbidden
404	Not Found
500	Internal Server Error

Error Codes

See Error Codes.

Parent topic: Log Management

Previous topic: Querying Flow Logs

Next topic: Querying Attack Logs

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot