Help Center> Cloud Firewall> Getting Started> (Optional) Step 4: View Protection Details> Viewing Protection Event Logs
Updated on 2024-05-10 GMT+08:00
View PDF

Viewing Protection Event Logs

For details about how to view attack traffic detected by the cloud firewall in attack logs, see Attack Event Logs.

You can also view all traffic allowed or blocked in access control logs to adjust access control policies. For details, see Access Control Logs.

Attack Event Logs

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click View in the Operation column to go to the details page.
  5. In the navigation pane, choose Log Audit > Log Query. The Attack Event Logs tab page is displayed. You can view details about attack events in the past week.

    Figure 1 Attack event logs
    Table 1 Attack event log parameters

    Parameter

    Description

    Time

    Time when an attack occurred.

    Attack Type

    Type of the attack event, including IMAP, DNS, FTP, HTTP, POP3, TCP, and UDP.

    Severity

    It can be Critical, High, Medium, or Low.

    Rule ID

    Rule ID

    Rule Name

    Matched rule in the library.

    Source IP Address

    Source IP address of an attack event.

    Source Country/Region

    Geographical location of the attack source IP address.

    Source Port

    Source port of an attack.

    Destination IP Address

    Attacked IP address.

    Destination Country/Region

    Geographical location of the attack target IP address.

    Destination Port

    Destination port of an attack.

    Protocol

    Protocol type of an attack.

    Application

    Application type of an attack.

    Direction

    It can be outbound or inbound.

    Action

    The value can be Allow, Block, Block IP, or Discard.

    Operation

    You can click View to view the basic information and attack payload of an event.

Access Control Logs

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click View in the Operation column to go to the details page.
  5. In the navigation pane, choose Log Audit > Log Query. Click the Access Control Logs tab and check the access control traffic details in the past week.

    Figure 2 Access control logs
    Table 2 Access control log parameters

    Parameter

    Description

    Hit Time

    Time of access.

    Source IP

    Source IP address of the access.

    Source Country/Region

    Geographical location of the source IP address.

    Source Port

    Source port for access control. It can be a single port or consecutive port groups (example: 80-443).

    Destination IP

    Destination IP address.

    Destination URL

    Destination domain name

    Destination Country/Region

    Geographical location of the destination IP address.

    Destination Port

    Destination port for access control. It can be a single port or consecutive port groups (example: 80-443).

    Protocol

    Protocol type for access control.

    Action

    Action taken on an event. It can be Observe, Block, or Allow.

    Rule

    Type of an access control rule. It can be a blacklist or whitelist.