创建结构化配置(不推荐)
功能介绍
该接口用于创建指定日志流下的结构化配置。
调用方法
请参见如何调用API。
URI
POST /v2/{project_id}/lts/struct/template
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
project_id |
是 |
String |
项目ID,获取方式请参见:获取项目ID,获取账号ID,日志组ID、日志流ID 缺省值:None 最小长度:32 最大长度:32 |
请求参数
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
X-Auth-Token |
是 |
String |
从IAM服务获取的用户Token,获取方式请参见:获取用户Token 缺省值:None 最小长度:1000 最大长度:2000 |
Content-Type |
是 |
String |
该字段填为:application/json;charset=UTF-8。 缺省值:None 最小长度:30 最大长度:30 |
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
log_group_id |
是 |
String |
日志组ID 缺省值:None 最小长度:36 最大长度:36 |
log_stream_id |
是 |
String |
日志流ID 缺省值:None 最小长度:36 最大长度:36 |
project_id |
是 |
String |
项目ID 缺省值:None 最小长度:32 最大长度:32 |
content |
是 |
String |
填写一条示例日志。 |
demo_fields |
是 |
Array of DemoFields objects |
示例字段列表。 说明:
demo_fields中的字段顺序,须和content中的字段顺序保持一致。 最大个数:200 |
parse_type |
是 |
String |
结构化类型参数(json、split、nginx、built_in、custom_regex)。 |
regex_rules |
否 |
String |
正则表达式(使用正则结构化规则时候需要)。 最大长度:5000 |
layers |
否 |
Integer |
最大解析层数(使用JSON方式结构化需要)。 最大值:3 |
tokenizer |
否 |
String |
分隔符(使用分隔符结构化时需要)。 |
log_format |
否 |
String |
Nginx配置规则(使用分隔符结构化时需要)。 |
tag_fields |
是 |
Array of TagField objects |
tag字段列表(使用tag字段解析时需要,其中系统模板不支持使用tag字段)。 最大个数:200 |
rule |
否 |
RuleSGQSGQSGQ object |
结构化方式 |
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
fieldName |
否 |
String |
字段名称 缺省值:None 最小长度:1 最大长度:50 |
userDefinedName |
否 |
String |
自定义别名(json,Nginx方式中按需添加) 缺省值:None 最小长度:1 最大长度:64 |
type |
是 |
String |
字段数据类型。 可选范围:string、long、float |
isAnalysis |
否 |
Boolean |
预留字段。 |
content |
否 |
String |
字段内容。 说明:
在系统模板中,此参数为demoLog。 |
index |
否 |
Integer |
序号 |
响应参数
状态码: 400
参数 |
参数类型 |
描述 |
---|---|---|
error_code |
String |
错误码。 枚举值:
|
error_msg |
String |
调用失败响应信息描述。 枚举值:
|
状态码: 401
参数 |
参数类型 |
描述 |
---|---|---|
error_code |
String |
错误码。 枚举值:
|
error_msg |
String |
调用失败响应信息描述。 枚举值:
|
状态码: 403
参数 |
参数类型 |
描述 |
---|---|---|
error_code |
String |
错误码。 枚举值:
|
error_msg |
String |
调用失败响应信息描述。 枚举值:
|
状态码: 500
参数 |
参数类型 |
描述 |
---|---|---|
error_code |
String |
错误码。 枚举值:
|
error_msg |
String |
调用失败响应信息描述。 枚举值:
|
请求示例
正则方式:
POST https://{endpoint}/v2/{project_id}/lts/struct/template { "content" : "2021-09-09/18:15:41 this log is Error NO 6323", "parse_type" : "custom_regex", "demo_fields" : [ { "fieldName" : "a01", "type" : "string", "isAnalysis" : true }, { "fieldName" : "a02", "type" : "string", "isAnalysis" : true }, { "fieldName" : "a03", "type" : "string", "isAnalysis" : true }, { "fieldName" : "a04", "type" : "string", "isAnalysis" : true }, { "fieldName" : "a05", "type" : "string", "isAnalysis" : true }, { "fieldName" : "a06", "type" : "string", "isAnalysis" : true }, { "fieldName" : "a07", "type" : "long", "isAnalysis" : true } ], "regex_rules" : "^(?<a01>[^ ]+)(?:[^ ]* ){1}(?<a02>\\w+)(?:[^ ]* ){1}(?<a03>\\w+)(?:[^ ]* ){1}(?<a04>\\w+)(?:[^ ]* ){1}(?<a05>\\w+)(?:[^ ]* ){1}(?<a06>\\w+)(?:[^ ]* ){1}(?<a07>\\d+)", "log_group_id" : "ada6ce6b-17ba-43f3-a27f-aa563b4ab14e", "log_stream_id" : "ff8bd110-dc44-4692-af74-d3b1f6197887", "project_id" : " ", "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true }, { "fieldName" : "hostName", "content" : "ecs-ictest", "type" : "string", "isAnalysis" : true } ] }
JSON方式:
{ "log_group_id" : "ada6ce6b-17ba-43f3-a27f-aa563b4ab14e", "log_stream_id" : "ff8bd110-dc44-4692-af74-d3b1f6197887", "project_id" : " ", "content" : "{'code':38,'tracker_name':'global','record_time':'1597042370464','user':{'name':'testdemo','id':'123456789'}}", "parse_type" : "json", "layers" : 3, "demo_fields" : [ { "fieldName" : "code", "type" : "long", "userDefinedName" : "jl", "isAnalysis" : true }, { "fieldName" : "record_time", "type" : "long", "isAnalysis" : true }, { "fieldName" : "tracker_name", "type" : "string", "isAnalysis" : true }, { "fieldName" : "user.id", "type" : "long", "isAnalysis" : true }, { "fieldName" : "user.name", "type" : "string", "isAnalysis" : true } ], "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true }, { "fieldName" : "hostName", "content" : "ecs-ictest", "type" : "string", "isAnalysis" : true } ] }
分隔符:
{ "content" : "2021-09-09/18:50:51 this log is Error NO 37", "demo_fields" : [ { "fieldName" : "b1", "type" : "string", "isAnalysis" : true }, { "fieldName" : "b2", "type" : "string", "isAnalysis" : true }, { "fieldName" : "b3", "type" : "string", "isAnalysis" : true }, { "fieldName" : "b4", "type" : "string", "isAnalysis" : true }, { "fieldName" : "b5", "type" : "string", "isAnalysis" : true }, { "fieldName" : "b6", "type" : "string", "isAnalysis" : true }, { "fieldName" : "b7", "type" : "long", "isAnalysis" : true } ], "parse_type" : "split", "tokenizer" : " ", "log_group_id" : "ada6ce6b-17ba-43f3-a27f-aa563b4ab14e", "log_stream_id" : "ff8bd110-dc44-4692-af74-d3b1f6197887", "project_id" : "", "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true }, { "fieldName" : "hostName", "content" : "ecs-ictest", "type" : "string", "isAnalysis" : true } ] }
Nginx:
{ "log_group_id" : "d1f4240d-5ee2-4e0b-9e2c-e25c7978c001", "log_stream_id" : "60906859-e91e-4d4a-9a21-ae319f544567", "project_id" : "2a473356cca5487f8373be891bffc1cf", "content" : "192.168.0.0 - sgq [12/Mar/2020:12:24:02 +0800] \"GET / 127/query\" 304 0 \"-\" \"Mozilla/5.0\" \"-\"", "parse_type" : "nginx", "log_format" : "log_format main '$remote_addr - $remote_user [$time_local] \"$request\" ' '$status $body_bytes_sent \"$http_referer\" ' '\"$http_user_agent\" \"$http_x_forwarded_for\"';", "demo_fields" : [ { "fieldName" : "body_bytes_sent", "content" : "0", "type" : "long", "isAnalysis" : false }, { "fieldName" : "http_referer", "content" : "-", "type" : "string", "isAnalysis" : false }, { "fieldName" : "http_user_agent", "content" : "Mozilla/5.0", "type" : "string", "isAnalysis" : false }, { "fieldName" : "http_x_forwarded_for", "content" : "-", "type" : "string", "isAnalysis" : false }, { "fieldName" : "remote_addr", "content" : "192.168.0.0", "type" : "string", "isAnalysis" : false }, { "fieldName" : "remote_user", "content" : "sgq", "type" : "string", "isAnalysis" : false }, { "fieldName" : "request_method", "content" : "GET", "type" : "string", "isAnalysis" : false }, { "fieldName" : "request_uri", "content" : "/", "type" : "string", "isAnalysis" : false }, { "fieldName" : "status", "content" : "304", "type" : "long", "isAnalysis" : false }, { "fieldName" : "time_local", "content" : "12/Mar/2020:12:24:02", "type" : "string", "isAnalysis" : false } ], "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true }, { "fieldName" : "hostName", "content" : "ecs-ictest", "type" : "string", "isAnalysis" : true } ] }
CTS:
{ "content" : "{\"code\":\"201\",\"source_ip\":\"10.10.1.10\",\"trace_type\":\"ApiCall\",\"event_type\":\"global\",\"project_id\":\"221123nsada3sda3231das3111ndsab\",\"trace_id\":\"1eesdd-dad6-11dsaea-edaxfeqdf\",\"trace_name\":\"demodemodemo\",\"resource_type\":\"token\",\"trace_rating\":\"normal\",\"service_type\":\"IAM\",\"resource_id\":\"98763hkjhdteoi03861732hjh7983bhd\",\"tracker_name\":\"global\",\"time\":\"1597042369296\",\"resource_name\":\"demodemodemo/demo\",\"record_time\":\"1597042370464\",\"user\":{\"domain\":{\"name\":\"testdemo\",\"id\":\"21185d8818e443e1ryjkh71622f09212b\"},\"name\":\"testdemo/demo\",\"id\":\"6hfakl86faqw87dsasasadf09ajbml\"}}", "demo_fields" : [ { "fieldName" : "code", "content" : "201", "type" : "long", "isAnalysis" : true }, { "fieldName" : "event_type", "content" : "global", "type" : "string", "isAnalysis" : true }, { "fieldName" : "project_id", "content" : "221123nsada3sda3231das3111ndsab", "type" : "string", "isAnalysis" : true }, { "fieldName" : "record_time", "content" : "1597042370464", "type" : "long", "isAnalysis" : true }, { "fieldName" : "resource_id", "content" : "98763hkjhdteoi03861732hjh7983bhd", "type" : "string", "isAnalysis" : true }, { "fieldName" : "resource_name", "content" : "demodemodemo/demo", "type" : "string", "isAnalysis" : true }, { "fieldName" : "resource_type", "content" : "token", "type" : "string", "isAnalysis" : true }, { "fieldName" : "service_type", "content" : "IAM", "type" : "string", "isAnalysis" : true }, { "fieldName" : "source_ip", "content" : "10.10.1.10", "type" : "string", "isAnalysis" : true }, { "fieldName" : "time", "content" : "1597042369296", "type" : "long", "isAnalysis" : true }, { "fieldName" : "trace_id", "content" : "1eesdd-dad6-11dsaea-edaxfeqdf", "type" : "string", "isAnalysis" : true }, { "fieldName" : "trace_name", "content" : "demodemodemo", "type" : "string", "isAnalysis" : true }, { "fieldName" : "trace_rating", "content" : "normal", "type" : "string", "isAnalysis" : true }, { "fieldName" : "trace_type", "content" : "ApiCall", "type" : "string", "isAnalysis" : true }, { "fieldName" : "tracker_name", "content" : "global", "type" : "string", "isAnalysis" : true }, { "fieldName" : "user.domain.id", "content" : "21185d8818e443e1ryjkh71622f09212b", "type" : "string", "isAnalysis" : true }, { "fieldName" : "user.domain.name", "content" : "testdemo", "type" : "string", "isAnalysis" : true }, { "fieldName" : "user.id", "content" : "6hfakl86faqw87dsasasadf09ajbml", "type" : "string", "isAnalysis" : true }, { "fieldName" : "user.name", "content" : "testdemo/demo", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "CTS" }, "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true }, { "fieldName" : "hostName", "content" : "ecs-ictest", "type" : "string", "isAnalysis" : true } ], "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
ELB:
{ "content" : "1594727856.337 e7c37d97-e922-457c-bbf3-dsadeqac 2020-07-14T19:57:36+08:00 elb_01 192.0.0.0:88888 200 \"GET http://prod.sss.ads.sg2.aaa/loc/ation?version=3&ip=100.0.0.0&coordinate=27.7044784,85.3007481&device_id=dsadsadasdsadasd&beyla_id=wqeb123ndadsa233ddada HTTP/1.1\" 233 293 138 0.001 \"200\" \"0.000\" \"0.001\" \"0.001\" \"100.0.0.0:9999\" \"lua-resty-http/0.14 (Lua) ngx_lua/10000\" \"-\" \"-\" loadbalancer_edsaee-4c9c-b467-5b8126b2f7f7dsa listener_6077809b-913f-466d-a96c-376f08882d5d 08cc2b3f68aa4dddd1e6a90dddd1688348a4480 pool_b2f2966c-043d-4674-ad4b-c15f2adb2c6b \"-\" 2fb78dsadadq1213das1121dab146ad3cb0 -:80 \"101.0.0.0:10000\" - - - - 9739", "demo_fields" : [ { "fieldName" : "msec", "content" : "1594727856.337", "type" : "float", "isAnalysis" : true }, { "fieldName" : "access_log_topic_id", "content" : "e7c37d97-e922-457c-bbf3-dsadeqac", "type" : "string", "isAnalysis" : true }, { "fieldName" : "time_iso8601", "content" : "2020-07-14T19:57:36+08:00", "type" : "string", "isAnalysis" : true }, { "fieldName" : "log_ver", "content" : "elb_01", "type" : "string", "isAnalysis" : true }, { "fieldName" : "remote_addr", "content" : "192.0.0.0", "type" : "string", "isAnalysis" : true }, { "fieldName" : "remote_port", "content" : "88888", "type" : "long", "isAnalysis" : true }, { "fieldName" : "status", "content" : "200", "type" : "long", "isAnalysis" : true }, { "fieldName" : "request_method", "content" : "GET", "type" : "string", "isAnalysis" : true }, { "fieldName" : "scheme", "content" : "http", "type" : "string", "isAnalysis" : true }, { "fieldName" : "host", "content" : "prod.sss.ads.sg2.aaa", "type" : "string", "isAnalysis" : true }, { "fieldName" : "router_request_uri", "content" : "loc/ation?version=3&ip=100.0.0.0&coordinate=27.7044784,85.3007481&device_id=dsadsadasdsadasd&beyla_id=wqeb123ndadsa233ddada", "type" : "string", "isAnalysis" : true }, { "fieldName" : "server_protocol", "content" : "HTTP/1.1", "type" : "string", "isAnalysis" : true }, { "fieldName" : "request_length", "content" : "233", "type" : "long", "isAnalysis" : true }, { "fieldName" : "bytes_sent", "content" : "293", "type" : "long", "isAnalysis" : true }, { "fieldName" : "body_bytes_sent", "content" : "138", "type" : "long", "isAnalysis" : true }, { "fieldName" : "request_time", "content" : "0.001", "type" : "float", "isAnalysis" : true }, { "fieldName" : "upstream_status", "content" : "200", "type" : "long", "isAnalysis" : true }, { "fieldName" : "upstream_connect_time", "content" : "0.000", "type" : "float", "isAnalysis" : true }, { "fieldName" : "upstream_header_time", "content" : "0.001", "type" : "float", "isAnalysis" : true }, { "fieldName" : "upstream_response_time", "content" : "0.001", "type" : "float", "isAnalysis" : true }, { "fieldName" : "upstream_addr", "content" : "100.0.0.0:9999", "type" : "string", "isAnalysis" : true }, { "fieldName" : "http_user_agent", "content" : "lua-resty-http/0.14 (Lua) ngx_lua/10000", "type" : "string", "isAnalysis" : true }, { "fieldName" : "http_referer", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "http_x_forwarded_for", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "lb_name", "content" : "loadbalancer_edsaee-4c9c-b467-5b8126b2f7f7dsa", "type" : "string", "isAnalysis" : true }, { "fieldName" : "listener_name", "content" : "listener_6077809b-913f-466d-a96c-376f08882d5d", "type" : "string", "isAnalysis" : true }, { "fieldName" : "listener_id", "content" : "08cc2b3f68aa4dddd1e6a90dddd1688348a4480", "type" : "string", "isAnalysis" : true }, { "fieldName" : "pool_name", "content" : "pool_b2f2966c-043d-4674-ad4b-c15f2adb2c6b", "type" : "string", "isAnalysis" : true }, { "fieldName" : "member_name", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "tenant_id", "content" : "2fb78dsadadq1213das1121dab146ad3cb0", "type" : "string", "isAnalysis" : true }, { "fieldName" : "eip_address", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "eip_port", "content" : "80", "type" : "long", "isAnalysis" : true }, { "fieldName" : "upstream_addr_priv", "content" : "101.0.0.0:10000", "type" : "string", "isAnalysis" : true }, { "fieldName" : "certificate_id", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "ssl_protocol", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "ssl_cipher", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "sni_domain_name", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "tcpinfo_rtt", "content" : "9739", "type" : "long", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "ELB" }, "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true }, { "fieldName" : "hostName", "content" : "ecs-ictest", "type" : "string", "isAnalysis" : true } ], "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
VPC:
{ "content" : "1 5f67944957444bd6bb4fe3b367de8f3d 1d515d18-1b36-47dc-a983-bd6512aed4bd 192.168.0.154 192.168.3.25 38929 53 17 1 96 1548752136 1548752736 ACCEPT OK", "demo_fields" : [ { "fieldName" : "version", "content" : 1, "type" : "long", "isAnalysis" : true }, { "fieldName" : "project_id", "content" : "5f67944957444bd6bb4fe3b367de8f3d", "type" : "string", "isAnalysis" : true }, { "fieldName" : "interface_id", "content" : "1d515d18-1b36-47dc-a983-bd6512aed4bd", "type" : "string", "isAnalysis" : true }, { "fieldName" : "srcaddr", "content" : "192.168.0.154", "type" : "string", "isAnalysis" : true }, { "fieldName" : "dstaddr", "content" : "192.168.3.25", "type" : "string", "isAnalysis" : true }, { "fieldName" : "srcport", "content" : "38929", "type" : "long", "isAnalysis" : true }, { "fieldName" : "dstport", "content" : "53", "type" : "long", "isAnalysis" : true }, { "fieldName" : "protocol", "content" : "17", "type" : "long", "isAnalysis" : true }, { "fieldName" : "packets", "content" : "1", "type" : "long", "isAnalysis" : true }, { "fieldName" : "bytes", "content" : "96", "type" : "long", "isAnalysis" : true }, { "fieldName" : "start", "content" : "1548752136", "type" : "long", "isAnalysis" : true }, { "fieldName" : "end", "content" : "1548752736", "type" : "long", "isAnalysis" : true }, { "fieldName" : "action", "content" : "ACCEPT", "type" : "string", "isAnalysis" : true }, { "fieldName" : "log_status", "content" : "OK", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "VPC" }, "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true }, { "fieldName" : "hostName", "content" : "ecs-ictest", "type" : "string", "isAnalysis" : true } ], "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
APIG:
{ "content" : "100.125.7.59 f57f6523b675504a23887d0f5c1c8ef3 f5ea2360a2fa443cac236b76f4052ad6 - - [27/Jan/2022:15:56:44 +0800] 0.113 GET http://c965898968af48248ec7fac4ec0666f4.apic.cn-north-4.huaweicloudapis.com /api/echo HTTP/1.1 200 1443 408 \"APIGatewayDebugClient/1.0\" \"-\" \"100.125.2.39:443\" /v2/x/fgs/functions/urn:fss:cn-north-4:106506b9a92342df9a5025fc12351cfc:function:default:apigDemo_1640743997661:latest/invocations \"200\" \"0.010\" \"0.083\" \"0.083\" cn-north-4 0.083 0 - - - 0.03000020980835 - - \"-\" 486 HttpEchoDemo - - - \"-\" \"-\" \"-\" \"-\" \"-\" \"-\" \"-\" \"-\" \"-\" \"-\" remote", "demo_fields" : [ { "fieldName" : "my_remote_addr", "content" : "100.125.7.59", "type" : "string", "isAnalysis" : true }, { "fieldName" : "request_id", "content" : "f57f6523b675504a23887d0f5c1c8ef3", "type" : "string", "isAnalysis" : true }, { "fieldName" : "api_id", "content" : "f5ea2360a2fa443cac236b76f4052ad6", "type" : "string", "isAnalysis" : true }, { "fieldName" : "user_name", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "app_id", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "time_local", "content" : "27/Jan/2022:15:56:44", "type" : "string", "isAnalysis" : true }, { "fieldName" : "request_time", "content" : "0.113", "type" : "float", "isAnalysis" : true }, { "fieldName" : "request_method", "content" : "GET", "type" : "string", "isAnalysis" : true }, { "fieldName" : "scheme", "content" : "http", "type" : "string", "isAnalysis" : true }, { "fieldName" : "host", "content" : "c965898968af48248ec7fac4ec0666f4.apic.cn-north-4.huaweicloudapis.com", "type" : "string", "isAnalysis" : true }, { "fieldName" : "router_uri", "content" : "/api/echo", "type" : "string", "isAnalysis" : true }, { "fieldName" : "server_protocol", "content" : "HTTP/1.1", "type" : "string", "isAnalysis" : true }, { "fieldName" : "status", "content" : "200", "type" : "long", "isAnalysis" : true }, { "fieldName" : "bytes_sent", "content" : "1443", "type" : "long", "isAnalysis" : true }, { "fieldName" : "request_length", "content" : "408", "type" : "long", "isAnalysis" : true }, { "fieldName" : "http_user_agent", "content" : "APIGatewayDebugClient/1.0", "type" : "string", "isAnalysis" : true }, { "fieldName" : "http_x_forwarded_for", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "upstream_addr", "content" : "100.125.2.39:443", "type" : "string", "isAnalysis" : true }, { "fieldName" : "upstream_uri", "content" : "/v2/x/fgs/functions/urn:fss:cn-north-4:106506b9a92342df9a5025fc12351cfc:function:default:apigDemo_1640743997661:latest/invocations", "type" : "string", "isAnalysis" : true }, { "fieldName" : "upstream_status", "content" : "200", "type" : "long", "isAnalysis" : true }, { "fieldName" : "upstream_connect_time", "content" : "0.010", "type" : "float", "isAnalysis" : true }, { "fieldName" : "upstream_header_time", "content" : "0.083", "type" : "float", "isAnalysis" : true }, { "fieldName" : "upstream_response_time", "content" : "0.083", "type" : "float", "isAnalysis" : true }, { "fieldName" : "region_id", "content" : "cn-north-4", "type" : "string", "isAnalysis" : true }, { "fieldName" : "all_upstream_response_time", "content" : "0.083", "type" : "float", "isAnalysis" : true }, { "fieldName" : "errorType", "content" : "0", "type" : "long", "isAnalysis" : true }, { "fieldName" : "auth_type", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "access_model1", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "access_model2", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "inner_time", "content" : "0.03000020980835", "type" : "float", "isAnalysis" : true }, { "fieldName" : "proxy_protocol_vni", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "proxy_protocol_vpce_id", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "proxy_protocol_addr", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "body_bytes_sent", "content" : "486", "type" : "long", "isAnalysis" : true }, { "fieldName" : "api_name", "content" : "HttpEchoDemo", "type" : "string", "isAnalysis" : true }, { "fieldName" : "app_name", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "provider_app_id", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "provider_app_name", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "custom_data_log1", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "custom_data_log2", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "custom_data_log3", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "custom_data_log4", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "custom_data_log5", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "custom_data_log6", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "custom_data_log7", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "custom_data_log8", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "custom_data_log9", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "custom_data_log10", "content" : "-", "type" : "string", "isAnalysis" : true }, { "fieldName" : "response_source", "content" : "remote", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "APIG" }, "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true }, { "fieldName" : "hostName", "content" : "ecs-ictest", "type" : "string", "isAnalysis" : true } ], "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建DDS审计日志的结构化配置
{ "content" : "{\"time\": 1640966500017, \"instance_id\": \"199a1e5a-8a37-40b9-899e-0ab6805c69eb\", \"server_addr\": \"192.168.0.1\", \"role\": \"proxy\", \"client_addr\": \"10.0.0.1\", \"client_type\": \"0\", \"user\": \"default\", \"db\": 1, \"command_name\": \"DEL\", \"command_type\": \"string\", \"command_keys\": [\"key1\", \"key2\", \"key3\"], \"command_param\": \"DEL key1 key2 key3\", \"use_time\": 500, \"extend\": \"\"}", "demo_fields" : [ { "fieldName" : "time", "content" : "1640966500017", "type" : "long" }, { "fieldName" : "instance_id", "content" : "199a1e5a-8a37-40b9-899e-0ab6805c69eb", "type" : "string" }, { "fieldName" : "server_addr", "content" : "192.168.0.1", "type" : "string" }, { "fieldName" : "role", "content" : "proxy", "type" : "string" }, { "fieldName" : "client_addr", "content" : "10.0.0.1", "type" : "string" }, { "fieldName" : "client_type", "content" : "0", "type" : "string" }, { "fieldName" : "user", "content" : "default", "type" : "string" }, { "fieldName" : "db", "content" : "1", "type" : "long" }, { "fieldName" : "command_name", "content" : "DEL", "type" : "string" }, { "fieldName" : "command_type", "content" : "string", "type" : "string" }, { "fieldName" : "command_keys", "content" : "[\"key1\",\"key2\",\"key3\"]", "type" : "string" }, { "fieldName" : "command_param", "content" : "DEL key1 key2 key3", "type" : "string" }, { "fieldName" : "use_time", "content" : "500", "type" : "long" }, { "fieldName" : "extend", "content" : "", "type" : "string" } ], "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "DCS_AUDIT" }, "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建NGINX方式的结构化配置
{ "content" : "192.168.1.101 - [27/Aug/2018:14:20:29 +0800] \"GET http://www.example.com / HTTP/1.0\" 200 8796 6775 \"-\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36\" \"-\" \"0.185\" \"0.010\" 12.129.120.121:8090 200 794", "demo_fields" : [ { "fieldName" : "remote_addr", "content" : "192.168.1.101", "type" : "string" }, { "fieldName" : "remote_user", "content" : "-", "type" : "string" }, { "fieldName" : "time_local", "content" : "27/Aug/2018:14:20:29", "type" : "string" }, { "fieldName" : "request_method", "content" : "GET", "type" : "string" }, { "fieldName" : "scheme", "content" : "http", "type" : "string" }, { "fieldName" : "host", "content" : "www.example.com", "type" : "string" }, { "fieldName" : "request_uri", "content" : "/", "type" : "string" }, { "fieldName" : "server_protocol", "content" : "HTTP/1.0", "type" : "string" }, { "fieldName" : "status", "content" : "200", "type" : "long" }, { "fieldName" : "bytes_sent", "content" : "8796", "type" : "long" }, { "fieldName" : "body_bytes_sent", "content" : "6775", "type" : "long" }, { "fieldName" : "http_referer", "content" : "-", "type" : "string" }, { "fieldName" : "http_user_agent", "content" : "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36", "type" : "string" }, { "fieldName" : "http_x_forwarded_for", "content" : "-", "type" : "string" }, { "fieldName" : "request_time", "content" : "0.185", "type" : "float" }, { "fieldName" : "upstream_response_time", "content" : "0.010", "type" : "float" }, { "fieldName" : "upstream_addr", "content" : "12.129.120.121:8090", "type" : "string" }, { "fieldName" : "upstream_status", "content" : "200", "type" : "long" }, { "fieldName" : "request_length", "content" : "794", "type" : "long" } ], "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "NGINX" }, "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建GAUSSDB_OPENGAUSS_AUDIT方式的结构化配置
{ "content" : "{\"username\":\"rdsAdmin\",\"client_conninfo\":\"cm_agent@10.254.95.70\",\"instanceId\":\"96e86f462bbc4f2286d7c8274815d0fein14\",\"detail_info\":\"xid=30818, SET statement_timeout = 10000000;n\",\"thread_id\":\"140463114942208@713872403507507\",\"result\":\"ok\",\"database\":\"postgres\",\"local_port\":\"8001\",\"userid\":\"10\",\"nodeId\":\"06c267fad8054a0abcb17cfa3b8f260cno14\",\"node_name\":\"dn_6001_6002_6003\",\"object_name\":\"statement_timeout\",\"time\":\"2022-08-15 17:53:23+08\",\"type\":\"set_parameter\",\"remote_port\":\"50952\"}", "demo_fields" : [ { "fieldName" : "username", "content" : "rdsAdmin", "type" : "string" }, { "fieldName" : "client_conninfo", "content" : "cm_agent@10.254.95.70", "type" : "string" }, { "fieldName" : "instanceId", "content" : "96e86f462bbc4f2286d7c8274815d0fein14", "type" : "string" }, { "fieldName" : "detail_info", "content" : "xid=30818, SET statement_timeout = 10000000;n", "type" : "string" }, { "fieldName" : "thread_id", "content" : "140463114942208@713872403507507", "type" : "string" }, { "fieldName" : "result", "content" : "ok", "type" : "string" }, { "fieldName" : "database", "content" : "postgres", "type" : "string" }, { "fieldName" : "local_port", "content" : "8001", "type" : "string" }, { "fieldName" : "userid", "content" : "10", "type" : "string" }, { "fieldName" : "nodeId", "content" : "06c267fad8054a0abcb17cfa3b8f260cno14", "type" : "string" }, { "fieldName" : "node_name", "content" : "dn_6001_6002_6003", "type" : "string" }, { "fieldName" : "object_name", "content" : "statement_timeout", "type" : "string" }, { "fieldName" : "time", "content" : "2022-08-15 17:53:23+08", "type" : "string" }, { "fieldName" : "type", "content" : "set_parameter", "type" : "string" }, { "fieldName" : "remote_port", "content" : "50952", "type" : "string" } ], "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "GAUSSDB_OPENGAUSS_AUDIT" }, "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建TOMCAT方式的结构化配置
{ "content" : "192.168.12.2 - - [07/Mar/2018:09:49:55 +0800] \"GET /logHello/test HTTP/1.1\" 200 1943", "demo_fields" : [ { "fieldName" : "remote_ip_address", "content" : "192.168.12.2", "type" : "string" }, { "fieldName" : "remote_logical_username", "content" : "-", "type" : "string" }, { "fieldName" : "remote_user_authenticated", "content" : "-", "type" : "string" }, { "fieldName" : "time_local", "content" : "07/Mar/2018:09:49:55", "type" : "string" }, { "fieldName" : "scheme", "content" : "GET", "type" : "string" }, { "fieldName" : "router_uri", "content" : "/logHello/test", "type" : "string" }, { "fieldName" : "server_protocol", "content" : "HTTP/1.1", "type" : "string" }, { "fieldName" : "status", "content" : "200", "type" : "long" }, { "fieldName" : "bytes_sent", "content" : "1943", "type" : "long" } ], "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true }, { "fieldName" : "hostName", "content" : "ecs-ictest", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "TOMCAT" }, "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建DCS审计日志的结构化配置
{ "content" : "{\"topic\":\"auditLog\",\"instanceid\":\"9fbf813bc27e4a3ab54bddf783a4f774in01\",\"nodeid\":\"bf4cb0413d0b4221be94b08471708586no01\",\"db\":\"test\",\"coll\":\"testCollection\",\"optype\":\"update\",\"time\":\"2022-08-05T08:24:15.536+0000\",\"user_ip\":\"10.4.23.205\",\"user_port\":\"47668\",\"user\":\"rw_testuser\",\"param\":{\"command\":\"update\",\"ns\":\"test.testCollection\",\"op\":[{\"q\":{\"vin\":\"LDP31B965NG036174\"},\"u\":{\"$set\":{\"timestamp\":{\"$numberLong\":\"1659687855535\"},\"deviceTime\":{\"$numberLong\":\"1659687855340\"},\"longitude\":\"119.35516805555555\",\"latitude\":\"26.057936388888891\",\"location\":\"119.35516805555555,26.057936388888891\",\"height\":\"10.097286797128618\",\"direction\":\"12\",\"speed\":14,\"accuracy\":\"0\",\"h3Address7\":\"8741b5300ffffff\"}},\"upsert\":true}],\"args\":{\"update\":\"testCollection\",\"ordered\":true,\"$db\":\"test\",\"$clusterTime\":{\"clusterTime\":{\"$timestamp\":{\"t\":1659687855,\"i\":1685}},\"signature\":{\"hash\":{\"$binary\":\"CP5bfEf+gBJZdAxCKtF9HiSeqQY=\",\"$type\":\"00\"},\"keyId\":{\"$numberLong\":\"7102408879899674942\"}}},\"lsid\":{\"id\":{\"$binary\":\"PXVVrbuvRuGkypCbu/oXXQ==\",\"$type\":\"04\"}}}}}", "demo_fields" : [ { "fieldName" : "topic", "content" : "auditLog", "type" : "string" }, { "fieldName" : "instanceid", "content" : "9fbf813bc27e4a3ab54bddf783a4f774in01", "type" : "string" }, { "fieldName" : "nodeid", "content" : "bf4cb0413d0b4221be94b08471708586no01", "type" : "string" }, { "fieldName" : "db", "content" : "test", "type" : "string" }, { "fieldName" : "coll", "content" : "testCollection", "type" : "string" }, { "fieldName" : "optype", "content" : "update", "type" : "string" }, { "fieldName" : "time", "content" : "2022-08-05T08:24:15.536+0000", "type" : "string" }, { "fieldName" : "user_ip", "content" : "10.4.23.205", "type" : "string" }, { "fieldName" : "user_port", "content" : "47668", "type" : "string" }, { "fieldName" : "user", "content" : "rw_testuser", "type" : "string" }, { "fieldName" : "param", "content" : "{\"command\":\"update\",\"ns\":\"test.testCollection\",\"op\":[{\"q\":{\"vin\":\"LDP31B965NG036174\"},\"u\":{\"$set\":{\"timestamp\":{\"$numberLong\":\"1659687855535\"},\"deviceTime\":{\"$numberLong\":\"1659687855340\"},\"longitude\":\"119.35516805555555\",\"latitude\":\"26.057936388888891\",\"location\":\"119.35516805555555,26.057936388888891\",\"height\":\"10.097286797128618\",\"direction\":\"12\",\"speed\":14,\"accuracy\":\"0\",\"h3Address7\":\"8741b5300ffffff\"}},\"upsert\":true}],\"args\":{\"update\":\"testCollection\",\"ordered\":true,\"$db\":\"test\",\"$clusterTime\":{\"clusterTime\":{\"$timestamp\":{\"t\":1659687855,\"i\":1685}},\"signature\":{\"hash\":{\"$binary\":\"CP5bfEf+gBJZdAxCKtF9HiSeqQY=\",\"$type\":\"00\"},\"keyId\":{\"$numberLong\":\"7102408879899674942\"}}},\"lsid\":{\"id\":{\"$binary\":\"PXVVrbuvRuGkypCbu/oXXQ==\",\"$type\":\"04\"}}}}", "type" : "string" } ], "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "DDS_AUDIT" }, "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建DDS错误日志的结构化配置
{ "content" : "{\"log_type\":\"error_log\",\"severity\":\"Error\",\"log_time\":\"2022-08-22T09:33:15.142+0000\",\"raw_message\":\"E QUERY [ClusterDisasterBackupChangeJob] Get global setting disasterBackup failed.\",\"instance_id\": \"5b67dc63ba824145aae1f12ff51e58b8in02\",\"node_id\": \"686a791e690e4db3af591ec4b6f72916no02\"}", "demo_fields" : [ { "fieldName" : "log_type", "content" : "error_log", "type" : "string", "isAnalysis" : true }, { "fieldName" : "severity", "content" : "Error", "type" : "string", "isAnalysis" : true }, { "fieldName" : "log_time", "content" : "2022-08-22T09:33:15.142+0000", "type" : "string", "isAnalysis" : true }, { "fieldName" : "raw_message", "content" : "E QUERY [ClusterDisasterBackupChangeJob] Get global setting disasterBackup failed.", "type" : "string", "isAnalysis" : true }, { "fieldName" : "instance_id", "content" : "5b67dc63ba824145aae1f12ff51e58b8in02", "type" : "string", "isAnalysis" : true }, { "fieldName" : "node_id", "content" : "686a791e690e4db3af591ec4b6f72916no02", "type" : "string", "isAnalysis" : true } ], "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "MONGODB_ERROR" }, "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建DDS慢日志的结构化配置
{ "content" : "{\"log_type\":\"slow_log\",\"log_time\":\"2022-08-20T10:04:03.204000Z\",\"namespace\":\"data0820.table\",\"database\":\"data0820\",\"collection\":\"table\",\"operate_type\":\"insert\",\"docs_scanned\":0,\"docs_returned\":0,\"n_deleted\":0,\"n_matched\":0,\"n_modified\":0,\"n_inserted\":10,\"cost_time\":555,\"lock_time\":0,\"whole_message\":\"{\"op\": \"insert\", \"ns\": \"data0820.usrtable\", \"command\": \"{N}\", \"ninserted\": 1, \"keysInserted\": 1, \"numYield\": 0, \"locks\": {\"Global\": {\"acquireCount\": {\"r\": 5, \"w\": 5}}, \"Database\": {\"acquireCount\": {\"w\": 4, \"W\": 1}}, \"Collection\": {\"acquireCount\": {\"w\": 2}}, \"oplog\": {\"acquireCount\": {\"w\": 2}}}, \"responseLength\": 230, \"protocol\": \"op_msg\", \"millis\": 555, \"ts\": {\"$date\": 1660989843204}, \"client\": \"192.168.0.64\", \"appName\": \"MongoDBShell\", \"allUsers\": [{\"user\": \"rwuser\", \"db\": \"admin\"}], \"user\": \"rwuser@admin\"}\",\"instance_id\": \"5b67dc63ba824145aae1f12ff51e58b8in02\",\"node_id\":\"686a791e690e4db3af591ec4b6f72916no02\"}", "demo_fields" : [ { "fieldName" : "log_type", "content" : "slow_log", "type" : "string", "isAnalysis" : true }, { "fieldName" : "log_time", "content" : "2022-08-20T10:04:03.204000Z", "type" : "string", "isAnalysis" : true }, { "fieldName" : "namespace", "content" : "data0820.table", "type" : "string", "isAnalysis" : true }, { "fieldName" : "database", "content" : "data0820", "type" : "string", "isAnalysis" : true }, { "fieldName" : "collection", "content" : "table", "type" : "string", "isAnalysis" : true }, { "fieldName" : "operate_type", "content" : "insert", "type" : "string", "isAnalysis" : true }, { "fieldName" : "docs_scanned", "content" : "0", "type" : "long", "isAnalysis" : true }, { "fieldName" : "docs_returned", "content" : "0", "type" : "long", "isAnalysis" : true }, { "fieldName" : "n_deleted", "content" : "0", "type" : "long", "isAnalysis" : true }, { "fieldName" : "n_matched", "content" : "0", "type" : "long", "isAnalysis" : true }, { "fieldName" : "n_modified", "content" : "0", "type" : "long", "isAnalysis" : true }, { "fieldName" : "n_inserted", "content" : "10", "type" : "long", "isAnalysis" : true }, { "fieldName" : "cost_time", "content" : "555", "type" : "long", "isAnalysis" : true }, { "fieldName" : "lock_time", "content" : "0", "type" : "long", "isAnalysis" : true }, { "fieldName" : "whole_message", "content" : "{\"op\": \"insert\", \"ns\": \"data0820.usrtable\", \"command\": \"{N}\", \"ninserted\": 1, \"keysInserted\": 1, \"numYield\": 0, \"locks\": {\"Global\": {\"acquireCount\": {\"r\": 5, \"w\": 5}}, \"Database\": {\"acquireCount\": {\"w\": 4, \"W\": 1}}, \"Collection\": {\"acquireCount\": {\"w\": 2}}, \"oplog\": {\"acquireCount\": {\"w\": 2}}}, \"responseLength\": 230, \"protocol\": \"op_msg\", \"millis\": 555, \"ts\": {\"$date\": 1660989843204}, \"client\": \"192.168.0.64\", \"appName\": \"MongoDB Shell\", \"allUsers\": [{\"user\": \"rwuser\", \"db\": \"admin\"}], \"user\": \"rwuser@admin\"}", "type" : "string", "isAnalysis" : true }, { "fieldName" : "instance_id", "content" : "5b67dc63ba824145aae1f12ff51e58b8in02", "type" : "string", "isAnalysis" : true }, { "fieldName" : "node_id", "content" : "686a791e690e4db3af591ec4b6f72916no02", "type" : "string", "isAnalysis" : true } ], "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "MONGODB_SLOW" }, "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建CFW访问控制日志的结构化配置
{ "content" : "{\"app\":\"PING\",\"direction\":\"in2out\",\"source-zone\":\"3002\",\"rule_id\":\"56827792-173e-435a-b22b-229f21d78244\",\"protocol\":\"ICMP: ECHO_REQUEST\",\"dst_ip\":\"100.85.222.23\",\"src_ip\":\"100.85.112.49\",\"log_type\":\"eip\",\"hit_time\":1655882537006,\"log-id\":\"44243649\",\"dst_port\":\"45243\",\"destination-zone\":\"3001\",\"index_day\":\"2022.06.22\",\"log_id\":6781,\"src_port\":\"17589\",\"fw_instance_id\":\"58ead9e7-418d-4166-8df8-f24941d4205c\",\"action\":\"permit\",\"vsys\":\"1\"}", "demo_fields" : [ { "fieldName" : "app", "content" : "PING", "type" : "string", "isAnalysis" : true }, { "fieldName" : "direction", "content" : "in2out", "type" : "string", "isAnalysis" : true }, { "fieldName" : "source-zone", "content" : "3002", "type" : "string", "isAnalysis" : true }, { "fieldName" : "rule_id", "content" : "56827792-173e-435a-b22b-229f21d78244", "type" : "string", "isAnalysis" : true }, { "fieldName" : "protocol", "content" : "ICMP: ECHO_REQUEST", "type" : "string", "isAnalysis" : true }, { "fieldName" : "dst_ip", "content" : "100.85.222.23", "type" : "string", "isAnalysis" : true }, { "fieldName" : "src_ip", "content" : "100.85.112.49", "type" : "string", "isAnalysis" : true }, { "fieldName" : "log_type", "content" : "eip", "type" : "string", "isAnalysis" : true }, { "fieldName" : "hit_time", "content" : "1655882537006", "type" : "long", "isAnalysis" : true }, { "fieldName" : "log-id", "content" : "44243649", "type" : "string", "isAnalysis" : true }, { "fieldName" : "dst_port", "content" : "45243", "type" : "string", "isAnalysis" : true }, { "fieldName" : "destination-zone", "content" : "3001", "type" : "string", "isAnalysis" : true }, { "fieldName" : "index_day", "content" : "2022.06.22", "type" : "string", "isAnalysis" : true }, { "fieldName" : "log_id", "content" : "6781", "type" : "long", "isAnalysis" : true }, { "fieldName" : "src_port", "content" : "17589", "type" : "string", "isAnalysis" : true }, { "fieldName" : "fw_instance_id", "content" : "58ead9e7-418d-4166-8df8-f24941d4205c", "type" : "string", "isAnalysis" : true }, { "fieldName" : "action", "content" : "permit", "type" : "string", "isAnalysis" : true }, { "fieldName" : "vsys", "content" : "1", "type" : "string", "isAnalysis" : true } ], "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "CFW_ACCESS" }, "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建CFW攻击日志的结构化配置
{ "content" : "{\"source\":\"0\",\"app\":\"HTTP\",\"direction\":\"out2in\",\"dst_ip\":\"100.85.222.23\",\"src_ip\":\"10.108.170.229\",\"event_time\":1655974411462,\"log_type\":\"eip\",\"dst_port\":\"80\",\"attack_rule_id\":\"330409\",\"index_day\":\"2022.06.23\",\"log_id\":462688,\"src_port\":\"51002\",\"protocol\":\"TCP\",\"packet\":\"+hZUZMhT+hY/AaHMCABFAADnicBAAHgGgJIKbKrlZFXeF8c6AFAYCIpDV562+VAYBAILMwAAR0VUIC9qb2JtYW5hZ2VyL2xvZ3MvLi4lMjUyZi4uJTI1MmYuLiUyNTJmLi4lMjUyZi4uJTI1MmYuLiUyNTJmLi4lMjUyZi4uJTI1MmYuLiUyNTJmLi4lMjUyZi4uJTI1MmYuLiUyNTJmZXRjJTI1MmZwYXNzd2QgSFRUUC8xLjENCkhvc3Q6IDEwMC44NS4yMjIuMjMNClVzZXItQWdlbnQ6IGN1cmwvNy42NS4wDQpBY2NlcHQ6ICovKg0KDQo=\",\"level\":\"HIGH\",\"attack_type\":\"Vulnerability Exploit Attack\",\"fw_instance_id\":\"58ead9e7-418d-4166-8df8-f24941d4205c\",\"action\":\"permit\",\"vsys\":\"1\",\"attack_rule\":\"VMware Spring Cloud Directory Traversal Vulnerability (CVE-2020-5410)\"}", "demo_fields" : [ { "fieldName" : "source", "content" : "0", "type" : "string", "isAnalysis" : true }, { "fieldName" : "app", "content" : "HTTP", "type" : "string", "isAnalysis" : true }, { "fieldName" : "direction", "content" : "out2in", "type" : "string", "isAnalysis" : true }, { "fieldName" : "dst_ip", "content" : "100.85.222.23", "type" : "string", "isAnalysis" : true }, { "fieldName" : "src_ip", "content" : "10.108.170.229", "type" : "string", "isAnalysis" : true }, { "fieldName" : "event_time", "content" : "1655974411462", "type" : "long", "isAnalysis" : true }, { "fieldName" : "log_type", "content" : "eip", "type" : "string", "isAnalysis" : true }, { "fieldName" : "dst_port", "content" : "80", "type" : "string", "isAnalysis" : true }, { "fieldName" : "attack_rule_id", "content" : "330409", "type" : "string", "isAnalysis" : true }, { "fieldName" : "index_day", "content" : "2022.06.23", "type" : "string", "isAnalysis" : true }, { "fieldName" : "log_id", "content" : "462688", "type" : "long", "isAnalysis" : true }, { "fieldName" : "src_port", "content" : "51002", "type" : "string", "isAnalysis" : true }, { "fieldName" : "protocol", "content" : "TCP", "type" : "string", "isAnalysis" : true }, { "fieldName" : "packet", "content" : "\"+hZUZMhT+hY/AaHMCABFAADnicBAAHgGgJIKbKrlZFXeF8c6AFAYCIpDV562+VAYBAILMwAAR0VUIC9qb2JtYW5hZ2VyL2xvZ3MvLi4lMjUyZi4uJTI1MmYuLiUyNTJmLi4lMjUyZi4uJTI1MmYuLiUyNTJmLi4lMjUyZi4uJTI1MmYuLiUyNTJmLi4lMjUyZi4uJTI1MmYuLiUyNTJmZXRjJTI1MmZwYXNzd2QgSFRUUC8xLjENCkhvc3Q6IDEwMC44NS4yMjIuMjMNClVzZXItQWdlbnQ6IGN1cmwvNy42NS4wDQpBY2NlcHQ6ICovKg0KDQo=\"", "type" : "string", "isAnalysis" : true }, { "fieldName" : "level", "content" : "HIGH", "type" : "string", "isAnalysis" : true }, { "fieldName" : "attack_type", "content" : "Vulnerability Exploit Attack", "type" : "string", "isAnalysis" : true }, { "fieldName" : "fw_instance_id", "content" : "58ead9e7-418d-4166-8df8-f24941d4205c", "type" : "string", "isAnalysis" : true }, { "fieldName" : "action", "content" : "permit", "type" : "string", "isAnalysis" : true }, { "fieldName" : "vsys", "content" : "1", "type" : "string", "isAnalysis" : true }, { "fieldName" : "attack_rule", "content" : "VMware Spring Cloud Directory Traversal Vulnerability (CVE-2020-5410)", "type" : "string", "isAnalysis" : true } ], "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "CFW_ATTACK" }, "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建CFW流量日志的结构化配置
{ "content" : "{\"dst_port\":\"80\",\"app\":\"HTTP\",\"to_c_pkts\":0.1,\"dst_ip\":\"100.85.222.23\",\"to_c_bytes\":0.1,\"end_time\":1655436321000,\"src_ip\":\"10.108.170.229\",\"index_day\":\"2022.06.17\",\"bytes\":1232.1,\"log-id\":\"4424364f\",\"vsys\":\"1\",\"suffix\":\"67\",\"packets\":10.1,\"direction\":\"out2in\",\"protocol\":\"TCP\",\"to_s_bytes\":1232.1,\"to_s_pkts\":10.1,\"src_port\":\"63934\",\"start_time\":1655436299000,\"fw_instance_id\":\"efbeb90c-1108-42ce-b099-f7e035a10b67\"}", "demo_fields" : [ { "fieldName" : "dst_port", "content" : "80", "type" : "string", "isAnalysis" : true }, { "fieldName" : "app", "content" : "HTTP", "type" : "string", "isAnalysis" : true }, { "fieldName" : "to_c_pkts", "content" : "0.1", "type" : "float", "isAnalysis" : true }, { "fieldName" : "dst_ip", "content" : "100.85.222.23", "type" : "string", "isAnalysis" : true }, { "fieldName" : "to_c_bytes", "content" : "0.1", "type" : "float", "isAnalysis" : true }, { "fieldName" : "end_time", "content" : "1655436321000", "type" : "long", "isAnalysis" : true }, { "fieldName" : "src_ip", "content" : "10.108.170.229", "type" : "string", "isAnalysis" : true }, { "fieldName" : "index_day", "content" : "2022.06.17", "type" : "string", "isAnalysis" : true }, { "fieldName" : "bytes", "content" : "1232.1", "type" : "float", "isAnalysis" : true }, { "fieldName" : "log-id", "content" : "4424364f", "type" : "string", "isAnalysis" : true }, { "fieldName" : "vsys", "content" : "1", "type" : "string", "isAnalysis" : true }, { "fieldName" : "suffix", "content" : "67", "type" : "string", "isAnalysis" : true }, { "fieldName" : "packets", "content" : "10.1", "type" : "float", "isAnalysis" : true }, { "fieldName" : "direction", "content" : "out2in", "type" : "string", "isAnalysis" : true }, { "fieldName" : "protocol", "content" : "TCP", "type" : "string", "isAnalysis" : true }, { "fieldName" : "to_s_bytes", "content" : "1232.1", "type" : "float", "isAnalysis" : true }, { "fieldName" : "to_s_pkts", "content" : "10.1", "type" : "float", "isAnalysis" : true }, { "fieldName" : "src_port", "content" : "63934", "type" : "string", "isAnalysis" : true }, { "fieldName" : "start_time", "content" : "1655436299000", "type" : "long", "isAnalysis" : true }, { "fieldName" : "fw_instance_id", "content" : "efbeb90c-1108-42ce-b099-f7e035a10b67", "type" : "string", "isAnalysis" : true } ], "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "CFW_FLOW" }, "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建MYSQL错误日志的结构化配置
{ "content" : "{\"log_type\":\"error_log\",\"severity\":\"WARNING\",\"log_time\":\"2022-08-22T06:52:08Z\",\"raw_message\":\"Occur error when reading bytes from a network handler. Client actively closes the connection.\",\"node_id\":\"5d6c61bbd49b4ad3a1572461811e3dacno01\",\"instance_id\":\"207032924c644f429b74f6fc5d8c97f9in01\"}", "demo_fields" : [ { "fieldName" : "log_type", "content" : "error_log", "type" : "string", "isAnalysis" : true }, { "fieldName" : "severity", "content" : "WARNING", "type" : "string", "isAnalysis" : true }, { "fieldName" : "log_time", "content" : "2022-08-22T06:52:08Z", "type" : "string", "isAnalysis" : true }, { "fieldName" : "raw_message", "content" : "Occur error when reading bytes from a network handler. Client actively closes the connection.", "type" : "string", "isAnalysis" : true }, { "fieldName" : "node_id", "content" : "5d6c61bbd49b4ad3a1572461811e3dacno01", "type" : "string", "isAnalysis" : true }, { "fieldName" : "instance_id", "content" : "207032924c644f429b74f6fc5d8c97f9in01", "type" : "string", "isAnalysis" : true } ], "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "MYSQL_ERROR" }, "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建MYSQL慢日志的结构化配置
{ "content" : "{\"start_time\":\"2022-07-27T02:49:19.000\",\"user\":\"commerce\",\"host\":\"100.*.*.222\",\"query_time\":\"1.461583\",\"lock_time\":\"0.000050\",\"rows_sent\":\"500\",\"rows_examined\":\"581000\",\"command_text\":\"SELECT DN_N.record_id `a.id`,DN_N.name `a.name`,DN_N.valueN `a.ExternalCode`,DN_N.valueN `a.DeviceName`,DN_N.valueN `a.DeviceDef`,DN_N.created_date `a.createdDate`,DN_N.last_modified_date `a.lastModifiedDate`,DN_N.valueN `a.DeviceProduct`,DN_N.valueN `a.Channel`,DN_N.valueN `a.Status`,CN_N.valueN `a.Remark`,DN_N.valueN `a.NodeId`,DN_N.valueN `a.ConnectStatus`,CAST(DN_N.valueN AS CHAR(N)) `a.GatewayId`,CAST(DN_N.valueN AS CHAR(N)) `a.HMI`,DN_N.valueN `a.SerialNo`,CAST(DN_N.valueN AS DECIMAL(N,N)) `a.TelemetryPeriod`,DN_N.valueN `a.ConnectStatusChgTime`,DN_N.valueN `a.DeviceNumber`,CAST(DN_N.valueN AS CHAR(N)) `a.ControllerType`,CAST(DN_N.valueN AS CHAR(N)) `a.ProjectId`,DN_N.valueN `a.RegisterStatus`,DN_N.created_date ORD_FN FROM dataN DN_N,clobs CN_N WHERE (DN_N.tenant_id= N AND DN_N.obj_id= N AND DN_N.tenant_id= CN_N.tenant_id AND DN_N.obj_id= CN_N.obj_id AND DN_N.record_id= CN_N.record_id) AND ((DN_N.valueN = N)) ORDER BY DN_N.created_date DESC limit N,N;\",\"database\":\"saas_perf\",\"log_type\":\"slow_log\",\"log_time\":\"1658890159\",\"operate_type\":\"SELECT\",\"node_id\":\"5d6c61bbd49b4ad3a1572461811e3dacno01\",\"instance_id\":\"207032924c644f429b74f6fc5d8c97f9in01\"}", "demo_fields" : [ { "fieldName" : "start_time", "content" : "2022-07-27T02:49:19.000", "type" : "string", "isAnalysis" : true }, { "fieldName" : "user", "content" : "commerce", "type" : "string", "isAnalysis" : true }, { "fieldName" : "host", "content" : "100.*.*.222", "type" : "string", "isAnalysis" : true }, { "fieldName" : "query_time", "content" : "1.461583", "type" : "string", "isAnalysis" : true }, { "fieldName" : "lock_time", "content" : "0.000050", "type" : "string", "isAnalysis" : true }, { "fieldName" : "rows_sent", "content" : "500", "type" : "string", "isAnalysis" : true }, { "fieldName" : "rows_examined", "content" : "581000", "type" : "string", "isAnalysis" : true }, { "fieldName" : "command_text", "content" : "SELECT DN_N.record_id `a.id`,DN_N.name `a.name`,DN_N.valueN `a.ExternalCode`,DN_N.valueN `a.DeviceName`,DN_N.valueN `a.DeviceDef`,DN_N.created_date `a.createdDate`,DN_N.last_modified_date `a.lastModifiedDate`,DN_N.valueN `a.DeviceProduct`,DN_N.valueN `a.Channel`,DN_N.valueN `a.Status`,CN_N.valueN `a.Remark`,DN_N.valueN `a.NodeId`,DN_N.valueN `a.ConnectStatus`,CAST(DN_N.valueN AS CHAR(N)) `a.GatewayId`,CAST(DN_N.valueN AS CHAR(N)) `a.HMI`,DN_N.valueN `a.SerialNo`,CAST(DN_N.valueN AS DECIMAL(N,N)) `a.TelemetryPeriod`,DN_N.valueN `a.ConnectStatusChgTime`,DN_N.valueN `a.DeviceNumber`,CAST(DN_N.valueN AS CHAR(N)) `a.ControllerType`,CAST(DN_N.valueN AS CHAR(N)) `a.ProjectId`,DN_N.valueN `a.RegisterStatus`,DN_N.created_date ORD_FN FROM dataN DN_N,clobs CN_N WHERE (DN_N.tenant_id= N AND DN_N.obj_id= N AND DN_N.tenant_id= CN_N.tenant_id AND DN_N.obj_id= CN_N.obj_id AND DN_N.record_id= CN_N.record_id) AND ((DN_N.valueN = N)) ORDER BY DN_N.created_date DESC limit N,N;", "type" : "string", "isAnalysis" : true }, { "fieldName" : "database", "content" : "saas_perf", "type" : "string", "isAnalysis" : true }, { "fieldName" : "log_type", "content" : "slow_log", "type" : "string", "isAnalysis" : true }, { "fieldName" : "log_time", "content" : "1658890159", "type" : "string", "isAnalysis" : true }, { "fieldName" : "operate_type", "content" : "SELECT", "type" : "string", "isAnalysis" : true }, { "fieldName" : "node_id", "content" : "5d6c61bbd49b4ad3a1572461811e3dacno01", "type" : "string", "isAnalysis" : true }, { "fieldName" : "instance_id", "content" : "207032924c644f429b74f6fc5d8c97f9in01", "type" : "string", "isAnalysis" : true } ], "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "MYSQL_SLOW" }, "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建POSTGRESQL慢日志的结构化配置
{ "content" : "{\"log_type\":\"slow_log\",\"execute_time\":328.662,\"user\":\"authoring\",\"log_time\":\"2022-07-24T10:06:41.000\",\"database\":\"authoring-test\",\"statement\":\"SELECT * FROM ( SELECT n.user_id,n.id AS resource_id,e.create_at AS begin_time,e.create_at AS end_time ,N AS resource_spec_code,COALESCE(cast(e.flavor as varchar), cast(s.volume_size as varchar)) AS billing_unit,c.az_id,-N AS accumulate_factor_value,CONCAT(N, s.id, N) AS bss_params,n.project_id, n.domain_id, e.status , N AS resource_type , w.workspace_id,w.enterprise_project_id FROM t_resource_status_event e INNER JOIN t_notebook_evs_storage s on s.id=e.resource_id LEFT JOIN t_notebook_instance n on s.id=n.storage_id LEFT JOIN t_logic_cluster l on n.resource_cluster_id=l.id LEFT JOIN t_cce_cluster c on c.id=l.cce_id LEFT JOIN t_workspace w on w.workspace_id=n.workspace_id WHERE e.category = N AND s.resource_ownership=N AND e.create_at BETWEEN $N AND $N UNION ALL SELECT n.user_id,n.id AS resource_id,$N AS begin_time,$N AS end_time ,N AS resource_spec_code,COALESCE(cast(e.flavor as varchar), cast(s.volume_size as varchar)) AS billing_unit,c.az_id,-N AS accumulate_factor_value,CONCAT(N, s.id, N) AS bss_params,n.project_id, n.domain_id, e.status , N AS resource_type , w.workspace_id,w.enterprise_project_id FROM t_resource_status_event e INNER JOIN t_notebook_evs_storage s on s.id=e.resource_id LEFT JOIN t_notebook_instance n on s.id=n.storage_id LEFT JOIN t_logic_cluster l on n.resource_cluster_id=l.id LEFT JOIN t_cce_cluster c on c.id=l.cce_id LEFT JOIN t_workspace w on w.workspace_id=n.workspace_id INNER JOIN (SELECT resource_id,max(create_at) as create_at FROM t_resource_status_event WHERE create_at < $N AND category = N GROUP BY resource_id) x ON e.resource_id=x.resource_id AND e.create_at=x.create_at WHERE e.create_at < $N AND e.category = N AND e.status = N AND s.resource_ownership=N) m ORDER BY resource_id,begin_time ASC\",\"host\":\"10.*.*.206\",\"log_timestamp\":\"1658657201\",\"operate_type\":\"SELECT\",\"node_id\":\"d285609201534696bdcd648519fe2b8dno02\",\"instance_id\":\"5b67dc63ba824145aae1f12ff51e58b8in02\"}", "demo_fields" : [ { "fieldName" : "log_type", "content" : "slow_log", "type" : "string", "isAnalysis" : true }, { "fieldName" : "execute_time", "content" : "328.662", "type" : "float", "isAnalysis" : true }, { "fieldName" : "user", "content" : "authoring", "type" : "string", "isAnalysis" : true }, { "fieldName" : "log_time", "content" : "2022-07-24T10:06:41.000", "type" : "string", "isAnalysis" : true }, { "fieldName" : "database", "content" : "authoring-test", "type" : "string", "isAnalysis" : true }, { "fieldName" : "statement", "content" : "SELECT * FROM ( SELECT n.user_id,n.id AS resource_id,e.create_at AS begin_time,e.create_at AS end_time ,N AS resource_spec_code,COALESCE(cast(e.flavor as varchar), cast(s.volume_size as varchar)) AS billing_unit,c.az_id,-N AS accumulate_factor_value,CONCAT(N, s.id, N) AS bss_params,n.project_id, n.domain_id, e.status , N AS resource_type , w.workspace_id,w.enterprise_project_id FROM t_resource_status_event e INNER JOIN t_notebook_evs_storage s on s.id=e.resource_id LEFT JOIN t_notebook_instance n on s.id=n.storage_id LEFT JOIN t_logic_cluster l on n.resource_cluster_id=l.id LEFT JOIN t_cce_cluster c on c.id=l.cce_id LEFT JOIN t_workspace w on w.workspace_id=n.workspace_id WHERE e.category = N AND s.resource_ownership=N AND e.create_at BETWEEN $N AND $N UNION ALL SELECT n.user_id,n.id AS resource_id,$N AS begin_time,$N AS end_time ,N AS resource_spec_code,COALESCE(cast(e.flavor as varchar), cast(s.volume_size as varchar)) AS billing_unit,c.az_id,-N AS accumulate_factor_value,CONCAT(N, s.id, N) AS bss_params,n.project_id, n.domain_id, e.status , N AS resource_type , w.workspace_id,w.enterprise_project_id FROM t_resource_status_event e INNER JOIN t_notebook_evs_storage s on s.id=e.resource_id LEFT JOIN t_notebook_instance n on s.id=n.storage_id LEFT JOIN t_logic_cluster l on n.resource_cluster_id=l.id LEFT JOIN t_cce_cluster c on c.id=l.cce_id LEFT JOIN t_workspace w on w.workspace_id=n.workspace_id INNER JOIN (SELECT resource_id,max(create_at) as create_at FROM t_resource_status_event WHERE create_at < $N AND category = N GROUP BY resource_id) x ON e.resource_id=x.resource_id AND e.create_at=x.create_at WHERE e.create_at < $N AND e.category = N AND e.status = N AND s.resource_ownership=N) m ORDER BY resource_id,begin_time ASC", "type" : "string", "isAnalysis" : true }, { "fieldName" : "host", "content" : "10.*.*.206", "type" : "string", "isAnalysis" : true }, { "fieldName" : "log_timestamp", "content" : "1658657201", "type" : "string", "isAnalysis" : true }, { "fieldName" : "operate_type", "content" : "SELECT", "type" : "string", "isAnalysis" : true }, { "fieldName" : "node_id", "content" : "d285609201534696bdcd648519fe2b8dno02", "type" : "string", "isAnalysis" : true }, { "fieldName" : "instance_id", "content" : "5b67dc63ba824145aae1f12ff51e58b8in02", "type" : "string", "isAnalysis" : true } ], "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "POSTGRESQL_SLOW" }, "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建POSTGRESQL错误日志的结构化配置
{ "content" : "{\"log_type\":\"error_log\",\"severity\":\"WARNING\",\"log_time\":\"2022-08-22T06:52:08Z\",\"raw_message\":\"Occur error when reading bytes from a network handler. Client actively closes the connection.\",\"node_id\":\"d285609201534696bdcd648519fe2b8dno02\",\"instance_id\":\"5b67dc63ba824145aae1f12ff51e58b8in02\"}", "demo_fields" : [ { "fieldName" : "log_type", "content" : "error_log", "type" : "string", "isAnalysis" : true }, { "fieldName" : "severity", "content" : "WARNING", "type" : "string", "isAnalysis" : true }, { "fieldName" : "log_time", "content" : "2022-08-22T06:52:08Z", "type" : "string", "isAnalysis" : true }, { "fieldName" : "raw_message", "content" : "Occur error when reading bytes from a network handler. Client actively closes the connection.", "type" : "string", "isAnalysis" : true }, { "fieldName" : "node_id", "content" : "d285609201534696bdcd648519fe2b8dno02", "type" : "string", "isAnalysis" : true }, { "fieldName" : "instance_id", "content" : "5b67dc63ba824145aae1f12ff51e58b8in02", "type" : "string", "isAnalysis" : true } ], "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "POSTGRESQL_ERROR" }, "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建SQLSERVER错误日志的结构化配置
{ "content" : "{\"log_type\":\"error_log\",\"severity\":\"WARNING\",\"log_time\":\"2022-08-22T06:52:08Z\",\"raw_message\":\"Occur error when reading bytes from a network handler. Client actively closes the connection.\",\"node_id\":\"7346b0db609b463e976054928af50e85no01\",\"instance_id\":\"9c589b9d7a4d45dbaf7deb9f8520611cin01\"}", "demo_fields" : [ { "fieldName" : "log_type", "content" : "error_log", "type" : "string", "isAnalysis" : true }, { "fieldName" : "severity", "content" : "WARNING", "type" : "string", "isAnalysis" : true }, { "fieldName" : "log_time", "content" : "2022-08-22T06:52:08Z", "type" : "string", "isAnalysis" : true }, { "fieldName" : "raw_message", "content" : "Occur error when reading bytes from a network handler. Client actively closes the connection.", "type" : "string", "isAnalysis" : true }, { "fieldName" : "node_id", "content" : "7346b0db609b463e976054928af50e85no01", "type" : "string", "isAnalysis" : true }, { "fieldName" : "instance_id", "content" : "9c589b9d7a4d45dbaf7deb9f8520611cin01", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "SQLSERVER_ERROR" }, "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建GAUSSDB_REDIS慢日志的结构化配置
{ "content" : "{\"instance_id\":\"32eaaf6c5a0142e3a6d80740cd5b3803in12\",\"node_id\":\"597a15b9f2ef4436811c5edcc67c013cno12\",\"database\":\"0\",\"log_type\":\"slow_log\",\"operate_type\":\"sismember\",\"log_time\":\"2022-10-12T07:42:21.253484Z\",\"cost_time\":1277.47,\"whole_message\":\"{\"command_param\":\"dc:set:new:follow:uids:monthly:259008728:202210\",\"database\":0}\"}", "demo_fields" : [ { "fieldName" : "instance_id", "content" : "32eaaf6c5a0142e3a6d80740cd5b3803in12", "type" : "string", "isAnalysis" : true }, { "fieldName" : "node_id", "content" : "597a15b9f2ef4436811c5edcc67c013cno12", "type" : "string", "isAnalysis" : true }, { "fieldName" : "database", "content" : "0", "type" : "string", "isAnalysis" : true }, { "fieldName" : "log_type", "content" : "slow_log", "type" : "string", "isAnalysis" : true }, { "fieldName" : "operate_type", "content" : "sismember", "type" : "string", "isAnalysis" : true }, { "fieldName" : "log_time", "content" : "2022-10-12T07:42:21.253484Z", "type" : "string", "isAnalysis" : true }, { "fieldName" : "cost_time", "content" : "1277.47", "type" : "float", "isAnalysis" : true }, { "fieldName" : "whole_message", "type" : "string", "content" : "{\"command_param\":\"dc:set:new:follow:uids:monthly:259008728:202210\",\"database\":\"0\"}", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "GAUSSDB_REDIS_SLOW" }, "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建GAUSSDB_MYSQL慢日志的结构化配置
{ "content" : "{\"start_time\":\"2022-07-27T02:49:19.000\",\"user\":\"commerce\",\"host\":\"100.*.*.222\",\"query_time\":\"1.461583\",\"lock_time\":\"0.000050\",\"rows_sent\":\"500\",\"rows_examined\":\"581000\",\"command_text\":\"SELECT DN_N.record_id `a.id`,DN_N.name `a.name`,DN_N.valueN `a.ExternalCode`,DN_N.valueN `a.DeviceName`,DN_N.valueN `a.DeviceDef`,DN_N.created_date `a.createdDate`,DN_N.last_modified_date `a.lastModifiedDate`,DN_N.valueN `a.DeviceProduct`,DN_N.valueN `a.Channel`,DN_N.valueN `a.Status`,CN_N.valueN `a.Remark`,DN_N.valueN `a.NodeId`,DN_N.valueN `a.ConnectStatus`,CAST(DN_N.valueN AS CHAR(N)) `a.GatewayId`,CAST(DN_N.valueN AS CHAR(N)) `a.HMI`,DN_N.valueN `a.SerialNo`,CAST(DN_N.valueN AS DECIMAL(N,N)) `a.TelemetryPeriod`,DN_N.valueN `a.ConnectStatusChgTime`,DN_N.valueN `a.DeviceNumber`,CAST(DN_N.valueN AS CHAR(N)) `a.ControllerType`,CAST(DN_N.valueN AS CHAR(N)) `a.ProjectId`,DN_N.valueN `a.RegisterStatus`,DN_N.created_date ORD_FN FROM dataN DN_N,clobs CN_N WHERE (DN_N.tenant_id= N AND DN_N.obj_id= N AND DN_N.tenant_id= CN_N.tenant_id AND DN_N.obj_id= CN_N.obj_id AND DN_N.record_id= CN_N.record_id) AND ((DN_N.valueN = N)) ORDER BY DN_N.created_date DESC limit N,N;\",\"database\":\"saas_perf\",\"log_type\":\"slow_log\",\"log_time\":\"1658890159\",\"operate_type\":\"SELECT\"}", "demo_fields" : [ { "fieldName" : "start_time", "content" : "2022-07-27T02:49:19.000", "type" : "string", "isAnalysis" : false }, { "fieldName" : "user", "content" : "commerce", "type" : "string", "isAnalysis" : false }, { "fieldName" : "host", "content" : "100.*.*.222", "type" : "string", "isAnalysis" : true }, { "fieldName" : "query_time", "content" : "1.461583", "type" : "string", "isAnalysis" : false }, { "fieldName" : "lock_time", "content" : "0.000050", "type" : "string", "isAnalysis" : false }, { "fieldName" : "rows_sent", "content" : "500", "type" : "string", "isAnalysis" : true }, { "fieldName" : "rows_examined", "content" : "581000", "type" : "string", "isAnalysis" : false }, { "fieldName" : "command_text", "content" : "SELECT DN_N.record_id `a.id`,DN_N.name `a.name`,DN_N.valueN `a.ExternalCode`,DN_N.valueN `a.DeviceName`,DN_N.valueN `a.DeviceDef`,DN_N.created_date `a.createdDate`,DN_N.last_modified_date `a.lastModifiedDate`,DN_N.valueN `a.DeviceProduct`,DN_N.valueN `a.Channel`,DN_N.valueN `a.Status`,CN_N.valueN `a.Remark`,DN_N.valueN `a.NodeId`,DN_N.valueN `a.ConnectStatus`,CAST(DN_N.valueN AS CHAR(N)) `a.GatewayId`,CAST(DN_N.valueN AS CHAR(N)) `a.HMI`,DN_N.valueN `a.SerialNo`,CAST(DN_N.valueN AS DECIMAL(N,N)) `a.TelemetryPeriod`,DN_N.valueN `a.ConnectStatusChgTime`,DN_N.valueN `a.DeviceNumber`,CAST(DN_N.valueN AS CHAR(N)) `a.ControllerType`,CAST(DN_N.valueN AS CHAR(N)) `a.ProjectId`,DN_N.valueN `a.RegisterStatus`,DN_N.created_date ORD_FN FROM dataN DN_N,clobs CN_N WHERE (DN_N.tenant_id= N AND DN_N.obj_id= N AND DN_N.tenant_id= CN_N.tenant_id AND DN_N.obj_id= CN_N.obj_id AND DN_N.record_id= CN_N.record_id) AND ((DN_N.valueN = N)) ORDER BY DN_N.created_date DESC limit N,N;", "type" : "string", "isAnalysis" : false }, { "fieldName" : "database", "content" : "saas_perf", "type" : "string", "isAnalysis" : true }, { "fieldName" : "log_type", "content" : "slow_log", "type" : "string", "isAnalysis" : false }, { "fieldName" : "log_time", "content" : "1658890159", "type" : "string", "isAnalysis" : false }, { "fieldName" : "operate_type", "content" : "SELECT", "type" : "string", "isAnalysis" : false } ], "rule" : { "type" : "built_in", "param" : "GAUSSDB_MYSQL_SLOW" }, "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true }, { "fieldName" : "hostName", "content" : "ecs-ictest", "type" : "string", "isAnalysis" : true } ], "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建GAUSSDB_MYSQL错误日志的结构化配置
{ "content" : "{\"log_type\":\"error_log\",\"severity\":\"WARNING\",\"log_time\":\"2022-08-22T06:52:08Z\",\"raw_message\":\"Occur error when reading bytes from a network handler. Client actively closes the connection.\"}", "demo_fields" : [ { "fieldName" : "log_type", "content" : "error_log", "type" : "string", "isAnalysis" : false }, { "fieldName" : "severity", "content" : "WARNING", "type" : "string", "isAnalysis" : false }, { "fieldName" : "log_time", "content" : "2022-08-22T06:52:08Z", "type" : "string", "isAnalysis" : false }, { "fieldName" : "raw_message", "content" : "Occur error when reading bytes from a network handler. Client actively closes the connection.", "type" : "string", "isAnalysis" : false } ], "rule" : { "type" : "built_in", "param" : "GAUSSDB_MYSQL_ERROR" }, "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建CDN结构化配置
{ "content" : "{\"request_time\":\"1666604392000\",\"domain\":\"findercdn.video.qq.com\",\"method\":\"GET\",\"scheme\":\"http\",\"uri\":\"/BcimRg.txt\",\"uri_param\":\"cdnkey=******&cdntoken=******&tokenidx=1\",\"client_ip\":\"192.168.233.142\",\"client_port\":\"51517\",\"refer_protocol\":\"-\",\"refer_domain\":\"-\",\"refer_uri\":\"-\",\"refer_param\":\"-\",\"request_size\":\"301\",\"response_time\":\"14\",\"response_size\":\"588\",\"http_code\":\"403\",\"response_range\":\"-\",\"request_range\":\"-\",\"request_body_bytes\":\"150\",\"content_type\":\"text/html\",\"hit_info\":\"HIT\",\"user_agent\":\"python-requests/2.21.0\",\"uuid\":\"ce6327e015c1e16f581818b838a6cb0c\",\"via_info\":\"edge-cache01[14]\",\"xforwordfor\":\"-\"}", "demo_fields" : [ { "fieldName" : "request_time", "content" : "1666604392000", "type" : "string", "isAnalysis" : false }, { "fieldName" : "domain", "content" : "findercdn.video.qq.com", "type" : "string", "isAnalysis" : false }, { "fieldName" : "method", "content" : "GET", "type" : "string", "isAnalysis" : false }, { "fieldName" : "scheme", "content" : "http", "type" : "string", "isAnalysis" : false }, { "fieldName" : "uri", "content" : "/BcimRg.txt", "type" : "string", "isAnalysis" : false }, { "fieldName" : "uri_param", "content" : "cdnkey=*****&cdntoken=*****&tokenidx=1", "type" : "string", "isAnalysis" : false }, { "fieldName" : "client_ip", "content" : "192.168.233.142", "type" : "string", "isAnalysis" : false }, { "fieldName" : "client_port", "content" : "51517", "type" : "string", "isAnalysis" : false }, { "fieldName" : "refer_protocol", "content" : "-", "type" : "string", "isAnalysis" : false }, { "fieldName" : "refer_domain", "content" : "-", "type" : "string", "isAnalysis" : false }, { "fieldName" : "refer_uri", "content" : "-", "type" : "string", "isAnalysis" : false }, { "fieldName" : "refer_param", "content" : "-", "type" : "string", "isAnalysis" : false }, { "fieldName" : "request_size", "content" : "301", "type" : "string", "isAnalysis" : false }, { "fieldName" : "response_time", "content" : "14", "type" : "string", "isAnalysis" : false }, { "fieldName" : "response_size", "content" : "588", "type" : "string", "isAnalysis" : false }, { "fieldName" : "http_code", "content" : "403", "type" : "string", "isAnalysis" : false }, { "fieldName" : "response_range", "content" : "-", "type" : "string", "isAnalysis" : false }, { "fieldName" : "request_range", "content" : "-", "type" : "string", "isAnalysis" : false }, { "fieldName" : "request_body_bytes", "content" : "150", "type" : "string", "isAnalysis" : false }, { "fieldName" : "content_type", "content" : "text/html", "type" : "string", "isAnalysis" : false }, { "fieldName" : "hit_info", "content" : "HIT", "type" : "string", "isAnalysis" : false }, { "fieldName" : "user_agent", "content" : "python-requests/2.21.0", "type" : "string", "isAnalysis" : false }, { "fieldName" : "uuid", "content" : "ce6327e015c1e16f581818b838a6cb0c", "type" : "string", "isAnalysis" : false }, { "fieldName" : "via_info", "content" : "edge-cache01[14]", "type" : "string", "isAnalysis" : false }, { "fieldName" : "xforwordfor", "content" : "-", "type" : "string", "isAnalysis" : false } ], "rule" : { "type" : "built_in", "param" : "CDN" }, "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建SMN结构化配置
{ "content" : "{\"message_id\":\"1ae49922602a42fc83acb9689a2eb5f4\",\"project_id\":\"5a9f32e4f1ec4bbe9695ff9da51c2925\",\"topic_urn\":\"urn:smn:cn-north-1:5a9f32e4f1ec4bbe9695ff9da51c2925:demo\",\"subscriber_urn\":\"urn:smn:cn-north-1:5a9f32e4f1ec4bbe9695ff9da51c2925:demo:b55c3c6fa7cd471b9f24818d530a8740\",\"protocol_name\":\"https\",\"endpoint\":\"https://127.0.0.1:443/https\",\"status\":\"DELIVERED\",\"http_code\":200,\"create_time\":\"2022-11-01T00:00:00Z\",\"send_time\":\"2022-11-01T00:00:10Z\"}", "demo_fields" : [ { "fieldName" : "message_id", "content" : "1ae49922602a42fc83acb9689a2eb5f4", "type" : "string", "isAnalysis" : false }, { "fieldName" : "project_id", "content" : "5a9f32e4f1ec4bbe9695ff9da51c2925", "type" : "string", "isAnalysis" : false }, { "fieldName" : "topic_urn", "content" : "urn:smn:cn-north-1:5a9f32e4f1ec4bbe9695ff9da51c2925:demo", "type" : "string", "isAnalysis" : false }, { "fieldName" : "subscriber_urn", "content" : "urn:smn:cn-north-1:5a9f32e4f1ec4bbe9695ff9da51c2925:demo:b55c3c6fa7cd471b9f24818d530a8740", "type" : "string", "isAnalysis" : false }, { "fieldName" : "protocol_name", "content" : "https", "type" : "string", "isAnalysis" : false }, { "fieldName" : "endpoint", "content" : "https://127.0.0.1:443/https", "type" : "string", "isAnalysis" : false }, { "fieldName" : "status", "content" : "DELIVERED", "type" : "string", "isAnalysis" : false }, { "fieldName" : "http_code", "content" : "200", "type" : "long", "isAnalysis" : false }, { "fieldName" : "create_time", "content" : "2022-11-01T00:00:00Z", "type" : "string", "isAnalysis" : false }, { "fieldName" : "send_time", "content" : "2022-11-01T00:00:10Z", "type" : "string", "isAnalysis" : false } ], "rule" : { "type" : "built_in", "param" : "SMN" }, "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建WAF访问日志的结构化配置
{ "content" : "{\"response_code\":\"504\",\"scheme\":\"http\",\"upstream_addr\":\"100.93.2.229:80\",\"body_bytes_sent\":\"163\",\"upstream_header_time\":\"-\",\"connection_requests\":\"1\",\"ssl_cipher\":\"\",\"hostid\":\"1736cc7331b74b198e2ef07555a970ce\",\"pid\":\"2152\",\"tls_version\":\"\",\"http_host\":\"www.testh.com\",\"process_time\":\"0\",\"access_stream_id\":\"88003425-d7bc-46ce-8ae7-77a8aa18a814\",\"time_iso8601\":\"2022-07-29T19:39:10+08:00\",\"intel_crawler\":\"\",\"upstream_status\":\"504\",\"remote_ip\":\"10.63.46.110\",\"request_time\":\"30.008\",\"tenantid\":\"1d26cc8c86a840e28a4f8d0d07852f1d\",\"sip\":\"10.63.46.110\",\"bytes_send\":\"420\",\"projectid\":\"2a473356cca5487f8373be891bffc1cf\",\"user_agent\":\"curl/7.29.0\",\"web_tag\":\"\",\"method\":\"GET\",\"bind_ip\":\"10.63.36.208\",\"region_id\":\"\",\"remote_port\":\"20582\",\"ssl_ciphers_md5\":\"\",\"x_real_ip\":\"\",\"url\":\"/\",\"x_forwarded_for\":\"\",\"sni\":\"\",\"args\":\"public/../style/general.css=true\",\"cdn_src_ip\":\"\",\"enterprise_project_id\":\"0\",\"upstream_connect_time\":\"-\",\"engine_id\":\"\",\"request_length\":\"110\",\"group_id\":\"5d574e6a-87da-42bc-bfd4-ff61a1b336a4\",\"requestid\":\"36f0a9212b14528ffc090f1811cd87d8\",\"ssl_curves\":\"\",\"ssl_session_reused\":\"\",\"waf-time\":\"2022-07-29T11:39:10.000Z\",\"upstream_response_time\":\"30.008\",\"time\":\"29/Jul/2022:19:39:10 +0800\",\"category\":\"access\",\"eng_ip\":\"10.63.36.208\"}", "demo_fields" : [ { "fieldName" : "response_code", "content" : "504", "type" : "string", "isAnalysis" : false }, { "fieldName" : "scheme", "content" : "http", "type" : "string", "isAnalysis" : false }, { "fieldName" : "upstream_addr", "content" : "100.93.2.229:80", "type" : "string", "isAnalysis" : false }, { "fieldName" : "body_bytes_sent", "content" : "163", "type" : "string", "isAnalysis" : false }, { "fieldName" : "upstream_header_time", "content" : "-", "type" : "string", "isAnalysis" : false }, { "fieldName" : "connection_requests", "content" : "1", "type" : "string", "isAnalysis" : false }, { "fieldName" : "ssl_cipher", "content" : "", "type" : "string", "isAnalysis" : false }, { "fieldName" : "hostid", "content" : "1736cc7331b74b198e2ef07555a970ce", "type" : "string", "isAnalysis" : false }, { "fieldName" : "pid", "content" : "2152", "type" : "string", "isAnalysis" : false }, { "fieldName" : "tls_version", "content" : "", "type" : "string", "isAnalysis" : false }, { "fieldName" : "http_host", "content" : "www.testh.com", "type" : "string", "isAnalysis" : false }, { "fieldName" : "process_time", "content" : "0", "type" : "string", "isAnalysis" : false }, { "fieldName" : "access_stream_id", "content" : "88003425-d7bc-46ce-8ae7-77a8aa18a814", "type" : "string", "isAnalysis" : false }, { "fieldName" : "time_iso8601", "content" : "2022-07-29T19:39:10+08:00", "type" : "string", "isAnalysis" : false }, { "fieldName" : "intel_crawler", "content" : "", "type" : "string", "isAnalysis" : false }, { "fieldName" : "upstream_status", "content" : "504", "type" : "string", "isAnalysis" : false }, { "fieldName" : "remote_ip", "content" : "10.63.46.110", "type" : "string", "isAnalysis" : false }, { "fieldName" : "request_time", "content" : "30.008", "type" : "string", "isAnalysis" : false }, { "fieldName" : "tenantid", "content" : "1d26cc8c86a840e28a4f8d0d07852f1d", "type" : "string", "isAnalysis" : false }, { "fieldName" : "sip", "content" : "10.63.46.110", "type" : "string", "isAnalysis" : false }, { "fieldName" : "bytes_send", "content" : "420", "type" : "string", "isAnalysis" : false }, { "fieldName" : "projectid", "content" : "2a473356cca5487f8373be891bffc1cf", "type" : "string", "isAnalysis" : false }, { "fieldName" : "user_agent", "content" : "curl/7.29.0", "type" : "string", "isAnalysis" : false }, { "fieldName" : "web_tag", "content" : "", "type" : "string", "isAnalysis" : false }, { "fieldName" : "method", "content" : "GET", "type" : "string", "isAnalysis" : false }, { "fieldName" : "bind_ip", "content" : "10.63.36.208", "type" : "string", "isAnalysis" : false }, { "fieldName" : "region_id", "content" : "", "type" : "string", "isAnalysis" : false }, { "fieldName" : "remote_port", "content" : "20582", "type" : "string", "isAnalysis" : false }, { "fieldName" : "ssl_ciphers_md5", "content" : "", "type" : "string", "isAnalysis" : false }, { "fieldName" : "x_real_ip", "content" : "", "type" : "string", "isAnalysis" : false }, { "fieldName" : "url", "content" : "/", "type" : "string", "isAnalysis" : false }, { "fieldName" : "x_forwarded_for", "content" : "", "type" : "string", "isAnalysis" : false }, { "fieldName" : "sni", "content" : "", "type" : "string", "isAnalysis" : false }, { "fieldName" : "args", "content" : "public/../style/general.css=true", "type" : "string", "isAnalysis" : false }, { "fieldName" : "cdn_src_ip", "content" : "", "type" : "string", "isAnalysis" : false }, { "fieldName" : "enterprise_project_id", "content" : "0", "type" : "string", "isAnalysis" : false }, { "fieldName" : "upstream_connect_time", "content" : "-", "type" : "string", "isAnalysis" : false }, { "fieldName" : "engine_id", "content" : "", "type" : "string", "isAnalysis" : false }, { "fieldName" : "request_length", "content" : "110", "type" : "string", "isAnalysis" : false }, { "fieldName" : "group_id", "content" : "5d574e6a-87da-42bc-bfd4-ff61a1b336a4", "type" : "string", "isAnalysis" : false }, { "fieldName" : "requestid", "content" : "36f0a9212b14528ffc090f1811cd87d8", "type" : "string", "isAnalysis" : false }, { "fieldName" : "ssl_curves", "content" : "", "type" : "string", "isAnalysis" : false }, { "fieldName" : "ssl_session_reused", "content" : "", "type" : "string", "isAnalysis" : false }, { "fieldName" : "waf-time", "content" : "2022-07-29T11:39:10.000Z", "type" : "string", "isAnalysis" : false }, { "fieldName" : "upstream_response_time", "content" : "30.009", "type" : "string", "isAnalysis" : false }, { "fieldName" : "time", "content" : "29/Jul/2022:19:39:10 +0800", "type" : "string", "isAnalysis" : false }, { "fieldName" : "waf_category", "content" : "access", "type" : "string", "isAnalysis" : false }, { "fieldName" : "eng_ip", "content" : "10.63.36.208", "type" : "string", "isAnalysis" : false } ], "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "WAF_ACCESS" }, "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建WAF攻击日志的结构化配置
{ "content" : "{\"policy_id\":\"cd081ba3d6674000acc37d7e2a4b9140\",\"hport\":\"80\",\"body_bytes_sent\":\"163\",\"hostid\":\"1736cc7331b74b198e2ef07555a970ce\",\"rule\":\"040002\",\"engine_ip\":\"10.63.36.208\",\"pid\":\"2152\",\"http_host\":\"www.testh.com\",\"process_time\":\"1\",\"reqid\":\"0000-0000-0000-20820220729193940-f34cf25e\",\"time_iso8601\":\"2022-07-29T19:39:40+08:00\",\"upstream_status\":\"504\",\"hit_data\":\"public/../style/general.css\",\"attack_stream_id\":\"98de5d5a-9f54-4d01-9882-eca7bec99d09\",\"remote_ip\":\"10.63.46.110\",\"attack\":\"lfi\",\"tenantid\":\"1d26cc8c86a840e28a4f8d0d07852f1d\",\"host\":\"www.testh.com\",\"action\":\"log\",\"backend\":{\"protocol\":\"HTTP\",\"alive\":true,\"port\":80,\"host\":\"100.93.2.229\",\"weight\":1,\"type\":\"ip\"},\"id\":\"04-0000-0000-0000-20820220729193940-f34cf25e\",\"sip\":\"10.63.46.110\",\"projectid\":\"2a473356cca5487f8373be891bffc1cf\",\"web_tag\":\"\",\"attack-time\":\"2022-07-29T11:39:40.000Z\",\"method\":\"GET\",\"cookie\":\"{\\\"HWWAFSESTIME\\\":\\\"1659094780939\\\",\\\"HWWAFSESID\\\":\\\"e2cd0733b4712e4cc4\\\"}\",\"level\":2,\"params\":\"{\\\"public\\\\/..\\\\/style\\\\/general.css\\\":\\\"true\\\"}\",\"x_real_ip\":\"\",\"uri\":\"/\",\"x_forwarded_for\":\"\",\"cdn_src_ip\":\"\",\"enterprise_project_id\":\"0\",\"req_body\":\"\",\"engine_id\":\"\",\"group_id\":\"5d574e6a-87da-42bc-bfd4-ff61a1b336a4\",\"requestid\":\"f34cf25eb33ed82cd7261a8276a60c39\",\"multipart\":\"null\",\"header\":\"{\\\"host\\\":\\\"www.testh.com\\\",\\\"user-agent\\\":\\\"curl\\\\/7.29.0\\\",\\\"accept\\\":\\\"*\\\\/*\\\"}\",\"location\":\"params\",\"upstream_response_time\":\"30.000\",\"time\":\"2022-07-29 19:39:40\",\"category\":\"attack\",\"sport\":28408,\"status\":\"504\"}", "demo_fields" : [ { "fieldName" : "policy_id", "content" : "cd081ba3d6674000acc37d7e2a4b9140", "type" : "string", "isAnalysis" : false }, { "fieldName" : "hport", "content" : "80", "type" : "string", "isAnalysis" : false }, { "fieldName" : "body_bytes_sent", "content" : "163", "type" : "string", "isAnalysis" : false }, { "fieldName" : "hostid", "content" : "1736cc7331b74b198e2ef07555a970ce", "type" : "string", "isAnalysis" : false }, { "fieldName" : "rule", "content" : "040002", "type" : "string", "isAnalysis" : false }, { "fieldName" : "engine_ip", "content" : "10.63.36.208", "type" : "string", "isAnalysis" : false }, { "fieldName" : "pid", "content" : "2152", "type" : "string", "isAnalysis" : false }, { "fieldName" : "http_host", "content" : "www.testh.com", "type" : "string", "isAnalysis" : false }, { "fieldName" : "process_time", "content" : "1", "type" : "string", "isAnalysis" : false }, { "fieldName" : "reqid", "content" : "0000-0000-0000-20820220729193940-f34cf25e", "type" : "string", "isAnalysis" : false }, { "fieldName" : "time_iso8601", "content" : "2022-07-29T19:39:40+08:00", "type" : "string", "isAnalysis" : false }, { "fieldName" : "upstream_status", "content" : "504", "type" : "string", "isAnalysis" : false }, { "fieldName" : "hit_data", "content" : "public/../style/general.css", "type" : "string", "isAnalysis" : false }, { "fieldName" : "attack_stream_id", "content" : "98de5d5a-9f54-4d01-9882-eca7bec99d09", "type" : "string", "isAnalysis" : false }, { "fieldName" : "remote_ip", "content" : "10.63.46.110", "type" : "string", "isAnalysis" : false }, { "fieldName" : "attack", "content" : "lfi", "type" : "string", "isAnalysis" : false }, { "fieldName" : "tenantid", "content" : "1d26cc8c86a840e28a4f8d0d07852f1d", "type" : "string", "isAnalysis" : false }, { "fieldName" : "host", "content" : "www.testh.com", "type" : "string", "isAnalysis" : false }, { "fieldName" : "action", "content" : "log", "type" : "string", "isAnalysis" : false }, { "fieldName" : "backend.protocol", "content" : "HTTP", "type" : "string", "isAnalysis" : false }, { "fieldName" : "backend.alive", "content" : "true", "type" : "string", "isAnalysis" : false }, { "fieldName" : "backend.port", "content" : "80", "type" : "long", "isAnalysis" : false }, { "fieldName" : "backend.host", "content" : "100.93.2.229", "type" : "string", "isAnalysis" : false }, { "fieldName" : "backend.weight", "content" : "1", "type" : "long", "isAnalysis" : false }, { "fieldName" : "backend.type", "content" : "ip", "type" : "string", "isAnalysis" : false }, { "fieldName" : "id", "content" : "04-0000-0000-0000-20820220729193940-f34cf25e", "type" : "string", "isAnalysis" : false }, { "fieldName" : "sip", "content" : "10.63.46.110", "type" : "string", "isAnalysis" : false }, { "fieldName" : "projectid", "content" : "2a473356cca5487f8373be891bffc1cf", "type" : "string", "isAnalysis" : false }, { "fieldName" : "web_tag", "content" : "", "type" : "string", "isAnalysis" : false }, { "fieldName" : "attack-time", "content" : "2022-07-29T11:39:40.000Z", "type" : "string", "isAnalysis" : false }, { "fieldName" : "method", "content" : "GET", "type" : "string", "isAnalysis" : false }, { "fieldName" : "cookie", "content" : "{\"HWWAFSESTIME\":\"1659094780939\",\"HWWAFSESID\":\"e2cd0733b4712e4cc4\"}", "type" : "string", "isAnalysis" : false }, { "fieldName" : "level", "content" : "2", "type" : "long", "isAnalysis" : false }, { "fieldName" : "params", "content" : "{\\\"public\\\\/..\\\\/style\\\\/general.css\\\":\\\"true\\\"}", "type" : "string", "isAnalysis" : false }, { "fieldName" : "x_real_ip", "content" : "", "type" : "string", "isAnalysis" : false }, { "fieldName" : "url", "content" : "/", "type" : "string", "isAnalysis" : false }, { "fieldName" : "x_forwarded_for", "content" : "", "type" : "string", "isAnalysis" : false }, { "fieldName" : "cdn_src_ip", "content" : "", "type" : "string", "isAnalysis" : false }, { "fieldName" : "enterprise_project_id", "content" : "0", "type" : "string", "isAnalysis" : false }, { "fieldName" : "req_body", "content" : "", "type" : "string", "isAnalysis" : false }, { "fieldName" : "engine_id", "content" : "", "type" : "string", "isAnalysis" : false }, { "fieldName" : "group_id", "content" : "5d574e6a-87da-42bc-bfd4-ff61a1b336a4", "type" : "string", "isAnalysis" : false }, { "fieldName" : "requestid", "content" : "f34cf25eb33ed82cd7261a8276a60c39", "type" : "string", "isAnalysis" : false }, { "fieldName" : "multipart", "content" : "null", "type" : "string", "isAnalysis" : false }, { "fieldName" : "header", "content" : "{\\\"host\\\":\\\"www.testh.com\\\",\\\"user-agent\\\":\\\"curl\\\\/7.29.0\\\",\\\"accept\\\":\\\"*\\\\/*\\\"}", "type" : "string", "isAnalysis" : false }, { "fieldName" : "location", "content" : "params", "type" : "string", "isAnalysis" : false }, { "fieldName" : "upstream_response_time", "content" : "30.000", "type" : "string", "isAnalysis" : false }, { "fieldName" : "time", "content" : "2022-07-29 19:39:40", "type" : "string", "isAnalysis" : false }, { "fieldName" : "waf_category", "content" : "attack", "type" : "string", "isAnalysis" : false }, { "fieldName" : "sport", "content" : "28408", "type" : "long", "isAnalysis" : false }, { "fieldName" : "status", "content" : "504", "type" : "string", "isAnalysis" : false } ], "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "WAF_ATTACK" }, "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
创建DMS重平衡日志的结构化配置
{ "content" : "{\"level\":\"INFO\",\"timestamp\":\"2023-03-23 17:23:22,906\",\"message\":{\"leaderId\":\"consumer-1-177817b6-1f29-4717-8a83-dda8eaab1635\",\"generationId\":\"1\",\"reason\":\"Assignment received from leader for group KMOffsetCache-dms-vm-fa3cf9d6-manager-shared-server-0 for generation 1\",\"groupId\":\"KMOffsetCache-dms-vm-fa3cf9d6-manager-shared-server-0\",\"coordinatorId\":\"0\",\"type\":\"END_REBALANCE\",\"group\":\"GroupMetadata(groupId=KMOffsetCache-dms-vm-fa3cf9d6-manager-shared-server-0, generation=1, protocolType=Some(consumer), currentState=CompletingRebalance, members=Map(consumer-1-177817b6-1f29-4717-8a83-dda8eaab1635 -> MemberMetadata(memberId=consumer-1-177817b6-1f29-4717-8a83-dda8eaab1635, clientId=consumer-1, clientHost=/172.31.2.168, sessionTimeoutMs=10000, rebalanceTimeoutMs=300000, supportedProtocols=List(range), )))\"}}", "demo_fields" : [ { "fieldName" : "level", "content" : "INFO", "type" : "string", "isAnalysis" : false }, { "fieldName" : "timestamp", "content" : "2023-03-23 17:23:22,906", "type" : "string", "isAnalysis" : false }, { "fieldName" : "message.leaderId", "content" : "consumer-1-177817b6-1f29-4717-8a83-dda8eaab1635", "type" : "string", "isAnalysis" : false }, { "fieldName" : "message.generationId", "content" : "1", "type" : "string", "isAnalysis" : false }, { "fieldName" : "message.reason", "content" : "Assignment received from leader for group KMOffsetCache-dms-vm-fa3cf9d6-manager-shared-server-0 for generation 1", "type" : "string", "isAnalysis" : false }, { "fieldName" : "message.groupId", "content" : "KMOffsetCache-dms-vm-fa3cf9d6-manager-shared-server-0", "type" : "string", "isAnalysis" : false }, { "fieldName" : "message.coordinatorId", "content" : "0", "type" : "string", "isAnalysis" : false }, { "fieldName" : "message.type", "content" : "END_REBALANCE", "type" : "string", "isAnalysis" : false }, { "fieldName" : "message.group", "content" : "GroupMetadata(groupId=KMOffsetCache-dms-vm-fa3cf9d6-manager-shared-server-0, generation=1, protocolType=Some(consumer), currentState=CompletingRebalance, members=Map(consumer-1-177817b6-1f29-4717-8a83-dda8eaab1635 -> MemberMetadata(memberId=consumer-1-177817b6-1f29-4717-8a83-dda8eaab1635, clientId=consumer-1, clientHost=/172.31.2.168, sessionTimeoutMs=10000, rebalanceTimeoutMs=300000, supportedProtocols=List(range), )))", "type" : "string", "isAnalysis" : false } ], "tag_fields" : [ { "fieldName" : "hostIP", "content" : "192.168.2.134", "type" : "string", "isAnalysis" : true } ], "rule" : { "type" : "built_in", "param" : "DMS_REBALANCED" }, "log_group_id" : "925a750-e0f3-4fe9-a046-a04af676xxxx", "log_stream_id" : "7e432db8-9dad-4723-a4b1-fdabf712xxxx", "parse_type" : " ", "project_id" : "2a473356cca5487f8373be891bffxxxx" }
响应示例
状态码: 200
请求响应成功, 成功创建结构化配置。
{ "2a473356cca5487f8373be891bffc1cf_8a75b77d-7d72-4d7e-8c50-a24562cf8b0b_fd5e1a7c-7412-475d-a013-8891d539574e" }
状态码: 400
BadRequest。非法请求。 建议根据error_msg直接修改该请求,不要重试该请求。
{ "errorCode" : "LTS.0612", "errorMessage" : "timee fieldType is error" }
状态码: 401
AuthFailed。鉴权失败, 请确认token后再次请求 。
{ "error_code" : "LTS.0414", "error_msg" : "Invalid token" }
状态码: 403
Forbidden。请求被拒绝访问。返回该状态码,表明请求能够到达服务端,且服务端能够理解用户请求,但是拒绝做更多的事情,因为该请求被设置为拒绝访问,建议直接修改该请求,不要重试该请求。
{ "error_code" : "LTS.0001", "error_msg" : "Invalid projectId" }
状态码: 500
InternalServerError。 表明服务端能被请求访问到,但是服务内部出错。
{ "error_code" : "LTS.0102", "error_msg" : "addOrUpdateTableTemplate exception" }
SDK代码示例
SDK代码示例如下。
正则方式:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); listbodyTagFields.add( new TagField() .withFieldName("hostName") .withType("string") .withContent("ecs-ictest") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withFieldName("a01") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withFieldName("a02") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withFieldName("a03") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withFieldName("a04") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withFieldName("a05") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withFieldName("a06") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withFieldName("a07") .withType("long") ); body.withRegexRules("^(?<a01>[^ ]+)(?:[^ ]* ){1}(?<a02>\w+)(?:[^ ]* ){1}(?<a03>\w+)(?:[^ ]* ){1}(?<a04>\w+)(?:[^ ]* ){1}(?<a05>\w+)(?:[^ ]* ){1}(?<a06>\w+)(?:[^ ]* ){1}(?<a07>\d+)"); body.withProjectId(" "); body.withLogStreamId("ff8bd110-dc44-4692-af74-d3b1f6197887"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue("custom_regex")); body.withLogGroupId("ada6ce6b-17ba-43f3-a27f-aa563b4ab14e"); body.withContent("2021-09-09/18:15:41 this log is Error NO 6323"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
JSON方式:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); listbodyTagFields.add( new TagField() .withFieldName("hostName") .withType("string") .withContent("ecs-ictest") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withFieldName("code") .withType("long") .withUserDefinedName("jl") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withFieldName("record_time") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withFieldName("tracker_name") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withFieldName("user.id") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withFieldName("user.name") .withType("string") ); body.withLayers(3); body.withProjectId(" "); body.withLogStreamId("ff8bd110-dc44-4692-af74-d3b1f6197887"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue("json")); body.withLogGroupId("ada6ce6b-17ba-43f3-a27f-aa563b4ab14e"); body.withContent("{'code':38,'tracker_name':'global','record_time':'1597042370464','user':{'name':'testdemo','id':'123456789'}}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
分隔符:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); listbodyTagFields.add( new TagField() .withFieldName("hostName") .withType("string") .withContent("ecs-ictest") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withFieldName("b1") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withFieldName("b2") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withFieldName("b3") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withFieldName("b4") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withFieldName("b5") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withFieldName("b6") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withFieldName("b7") .withType("long") ); body.withTokenizer(" "); body.withProjectId(""); body.withLogStreamId("ff8bd110-dc44-4692-af74-d3b1f6197887"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue("split")); body.withLogGroupId("ada6ce6b-17ba-43f3-a27f-aa563b4ab14e"); body.withContent("2021-09-09/18:50:51 this log is Error NO 37"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
Nginx:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); listbodyTagFields.add( new TagField() .withFieldName("hostName") .withType("string") .withContent("ecs-ictest") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("0") .withFieldName("body_bytes_sent") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("-") .withFieldName("http_referer") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("Mozilla/5.0") .withFieldName("http_user_agent") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("-") .withFieldName("http_x_forwarded_for") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("192.168.0.0") .withFieldName("remote_addr") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("sgq") .withFieldName("remote_user") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("GET") .withFieldName("request_method") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("/") .withFieldName("request_uri") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("304") .withFieldName("status") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("12/Mar/2020:12:24:02") .withFieldName("time_local") .withType("string") ); body.withLogFormat("log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';"); body.withProjectId("2a473356cca5487f8373be891bffc1cf"); body.withLogStreamId("60906859-e91e-4d4a-9a21-ae319f544567"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue("nginx")); body.withLogGroupId("d1f4240d-5ee2-4e0b-9e2c-e25c7978c001"); body.withContent("192.168.0.0 - sgq [12/Mar/2020:12:24:02 +0800] "GET / 127/query" 304 0 "-" "Mozilla/5.0" "-""); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
CTS:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("CTS"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); listbodyTagFields.add( new TagField() .withFieldName("hostName") .withType("string") .withContent("ecs-ictest") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("201") .withFieldName("code") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("global") .withFieldName("event_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("221123nsada3sda3231das3111ndsab") .withFieldName("project_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1597042370464") .withFieldName("record_time") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("98763hkjhdteoi03861732hjh7983bhd") .withFieldName("resource_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("demodemodemo/demo") .withFieldName("resource_name") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("token") .withFieldName("resource_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("IAM") .withFieldName("service_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("10.10.1.10") .withFieldName("source_ip") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1597042369296") .withFieldName("time") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1eesdd-dad6-11dsaea-edaxfeqdf") .withFieldName("trace_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("demodemodemo") .withFieldName("trace_name") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("normal") .withFieldName("trace_rating") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("ApiCall") .withFieldName("trace_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("global") .withFieldName("tracker_name") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("21185d8818e443e1ryjkh71622f09212b") .withFieldName("user.domain.id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("testdemo") .withFieldName("user.domain.name") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("6hfakl86faqw87dsasasadf09ajbml") .withFieldName("user.id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("testdemo/demo") .withFieldName("user.name") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"code":"201","source_ip":"10.10.1.10","trace_type":"ApiCall","event_type":"global","project_id":"221123nsada3sda3231das3111ndsab","trace_id":"1eesdd-dad6-11dsaea-edaxfeqdf","trace_name":"demodemodemo","resource_type":"token","trace_rating":"normal","service_type":"IAM","resource_id":"98763hkjhdteoi03861732hjh7983bhd","tracker_name":"global","time":"1597042369296","resource_name":"demodemodemo/demo","record_time":"1597042370464","user":{"domain":{"name":"testdemo","id":"21185d8818e443e1ryjkh71622f09212b"},"name":"testdemo/demo","id":"6hfakl86faqw87dsasasadf09ajbml"}}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
ELB:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("ELB"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); listbodyTagFields.add( new TagField() .withFieldName("hostName") .withType("string") .withContent("ecs-ictest") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1594727856.337") .withFieldName("msec") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("e7c37d97-e922-457c-bbf3-dsadeqac") .withFieldName("access_log_topic_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("2020-07-14T19:57:36+08:00") .withFieldName("time_iso8601") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("elb_01") .withFieldName("log_ver") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("192.0.0.0") .withFieldName("remote_addr") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("88888") .withFieldName("remote_port") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("200") .withFieldName("status") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("GET") .withFieldName("request_method") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("http") .withFieldName("scheme") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("prod.sss.ads.sg2.aaa") .withFieldName("host") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("loc/ation?version=3&ip=100.0.0.0&coordinate=27.7044784,85.3007481&device_id=dsadsadasdsadasd&beyla_id=wqeb123ndadsa233ddada") .withFieldName("router_request_uri") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("HTTP/1.1") .withFieldName("server_protocol") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("233") .withFieldName("request_length") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("293") .withFieldName("bytes_sent") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("138") .withFieldName("body_bytes_sent") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0.001") .withFieldName("request_time") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("200") .withFieldName("upstream_status") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0.000") .withFieldName("upstream_connect_time") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0.001") .withFieldName("upstream_header_time") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0.001") .withFieldName("upstream_response_time") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("100.0.0.0:9999") .withFieldName("upstream_addr") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("lua-resty-http/0.14 (Lua) ngx_lua/10000") .withFieldName("http_user_agent") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("http_referer") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("http_x_forwarded_for") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("loadbalancer_edsaee-4c9c-b467-5b8126b2f7f7dsa") .withFieldName("lb_name") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("listener_6077809b-913f-466d-a96c-376f08882d5d") .withFieldName("listener_name") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("08cc2b3f68aa4dddd1e6a90dddd1688348a4480") .withFieldName("listener_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("pool_b2f2966c-043d-4674-ad4b-c15f2adb2c6b") .withFieldName("pool_name") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("member_name") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("2fb78dsadadq1213das1121dab146ad3cb0") .withFieldName("tenant_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("eip_address") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("80") .withFieldName("eip_port") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("101.0.0.0:10000") .withFieldName("upstream_addr_priv") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("certificate_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("ssl_protocol") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("ssl_cipher") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("sni_domain_name") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("9739") .withFieldName("tcpinfo_rtt") .withType("long") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("1594727856.337 e7c37d97-e922-457c-bbf3-dsadeqac 2020-07-14T19:57:36+08:00 elb_01 192.0.0.0:88888 200 "GET http://prod.sss.ads.sg2.aaa/loc/ation?version=3&ip=100.0.0.0&coordinate=27.7044784,85.3007481&device_id=dsadsadasdsadasd&beyla_id=wqeb123ndadsa233ddada HTTP/1.1" 233 293 138 0.001 "200" "0.000" "0.001" "0.001" "100.0.0.0:9999" "lua-resty-http/0.14 (Lua) ngx_lua/10000" "-" "-" loadbalancer_edsaee-4c9c-b467-5b8126b2f7f7dsa listener_6077809b-913f-466d-a96c-376f08882d5d 08cc2b3f68aa4dddd1e6a90dddd1688348a4480 pool_b2f2966c-043d-4674-ad4b-c15f2adb2c6b "-" 2fb78dsadadq1213das1121dab146ad3cb0 -:80 "101.0.0.0:10000" - - - - 9739"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
VPC:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("VPC"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); listbodyTagFields.add( new TagField() .withFieldName("hostName") .withType("string") .withContent("ecs-ictest") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1") .withFieldName("version") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("5f67944957444bd6bb4fe3b367de8f3d") .withFieldName("project_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1d515d18-1b36-47dc-a983-bd6512aed4bd") .withFieldName("interface_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("192.168.0.154") .withFieldName("srcaddr") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("192.168.3.25") .withFieldName("dstaddr") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("38929") .withFieldName("srcport") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("53") .withFieldName("dstport") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("17") .withFieldName("protocol") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1") .withFieldName("packets") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("96") .withFieldName("bytes") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1548752136") .withFieldName("start") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1548752736") .withFieldName("end") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("ACCEPT") .withFieldName("action") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("OK") .withFieldName("log_status") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("1 5f67944957444bd6bb4fe3b367de8f3d 1d515d18-1b36-47dc-a983-bd6512aed4bd 192.168.0.154 192.168.3.25 38929 53 17 1 96 1548752136 1548752736 ACCEPT OK"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
APIG:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("APIG"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); listbodyTagFields.add( new TagField() .withFieldName("hostName") .withType("string") .withContent("ecs-ictest") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("100.125.7.59") .withFieldName("my_remote_addr") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("f57f6523b675504a23887d0f5c1c8ef3") .withFieldName("request_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("f5ea2360a2fa443cac236b76f4052ad6") .withFieldName("api_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("user_name") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("app_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("27/Jan/2022:15:56:44") .withFieldName("time_local") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0.113") .withFieldName("request_time") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("GET") .withFieldName("request_method") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("http") .withFieldName("scheme") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("c965898968af48248ec7fac4ec0666f4.apic.cn-north-4.huaweicloudapis.com") .withFieldName("host") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("/api/echo") .withFieldName("router_uri") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("HTTP/1.1") .withFieldName("server_protocol") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("200") .withFieldName("status") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1443") .withFieldName("bytes_sent") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("408") .withFieldName("request_length") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("APIGatewayDebugClient/1.0") .withFieldName("http_user_agent") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("http_x_forwarded_for") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("100.125.2.39:443") .withFieldName("upstream_addr") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("/v2/x/fgs/functions/urn:fss:cn-north-4:106506b9a92342df9a5025fc12351cfc:function:default:apigDemo_1640743997661:latest/invocations") .withFieldName("upstream_uri") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("200") .withFieldName("upstream_status") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0.010") .withFieldName("upstream_connect_time") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0.083") .withFieldName("upstream_header_time") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0.083") .withFieldName("upstream_response_time") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("cn-north-4") .withFieldName("region_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0.083") .withFieldName("all_upstream_response_time") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0") .withFieldName("errorType") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("auth_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("access_model1") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("access_model2") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0.03000020980835") .withFieldName("inner_time") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("proxy_protocol_vni") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("proxy_protocol_vpce_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("proxy_protocol_addr") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("486") .withFieldName("body_bytes_sent") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("HttpEchoDemo") .withFieldName("api_name") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("app_name") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("provider_app_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("provider_app_name") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("custom_data_log1") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("custom_data_log2") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("custom_data_log3") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("custom_data_log4") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("custom_data_log5") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("custom_data_log6") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("custom_data_log7") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("custom_data_log8") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("custom_data_log9") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("-") .withFieldName("custom_data_log10") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("remote") .withFieldName("response_source") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("100.125.7.59 f57f6523b675504a23887d0f5c1c8ef3 f5ea2360a2fa443cac236b76f4052ad6 - - [27/Jan/2022:15:56:44 +0800] 0.113 GET http://c965898968af48248ec7fac4ec0666f4.apic.cn-north-4.huaweicloudapis.com /api/echo HTTP/1.1 200 1443 408 "APIGatewayDebugClient/1.0" "-" "100.125.2.39:443" /v2/x/fgs/functions/urn:fss:cn-north-4:106506b9a92342df9a5025fc12351cfc:function:default:apigDemo_1640743997661:latest/invocations "200" "0.010" "0.083" "0.083" cn-north-4 0.083 0 - - - 0.03000020980835 - - "-" 486 HttpEchoDemo - - - "-" "-" "-" "-" "-" "-" "-" "-" "-" "-" remote"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建DDS审计日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("DCS_AUDIT"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withContent("1640966500017") .withFieldName("time") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("199a1e5a-8a37-40b9-899e-0ab6805c69eb") .withFieldName("instance_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("192.168.0.1") .withFieldName("server_addr") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("proxy") .withFieldName("role") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("10.0.0.1") .withFieldName("client_addr") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("0") .withFieldName("client_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("default") .withFieldName("user") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("1") .withFieldName("db") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("DEL") .withFieldName("command_name") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("string") .withFieldName("command_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("["key1","key2","key3"]") .withFieldName("command_keys") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("DEL key1 key2 key3") .withFieldName("command_param") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("500") .withFieldName("use_time") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("") .withFieldName("extend") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"time": 1640966500017, "instance_id": "199a1e5a-8a37-40b9-899e-0ab6805c69eb", "server_addr": "192.168.0.1", "role": "proxy", "client_addr": "10.0.0.1", "client_type": "0", "user": "default", "db": 1, "command_name": "DEL", "command_type": "string", "command_keys": ["key1", "key2", "key3"], "command_param": "DEL key1 key2 key3", "use_time": 500, "extend": ""}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建NGINX方式的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("NGINX"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withContent("192.168.1.101") .withFieldName("remote_addr") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("-") .withFieldName("remote_user") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("27/Aug/2018:14:20:29") .withFieldName("time_local") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("GET") .withFieldName("request_method") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("http") .withFieldName("scheme") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("www.example.com") .withFieldName("host") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("/") .withFieldName("request_uri") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("HTTP/1.0") .withFieldName("server_protocol") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("200") .withFieldName("status") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("8796") .withFieldName("bytes_sent") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("6775") .withFieldName("body_bytes_sent") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("-") .withFieldName("http_referer") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36") .withFieldName("http_user_agent") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("-") .withFieldName("http_x_forwarded_for") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("0.185") .withFieldName("request_time") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("0.010") .withFieldName("upstream_response_time") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("12.129.120.121:8090") .withFieldName("upstream_addr") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("200") .withFieldName("upstream_status") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("794") .withFieldName("request_length") .withType("long") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("192.168.1.101 - [27/Aug/2018:14:20:29 +0800] "GET http://www.example.com / HTTP/1.0" 200 8796 6775 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" "0.185" "0.010" 12.129.120.121:8090 200 794"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建GAUSSDB_OPENGAUSS_AUDIT方式的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("GAUSSDB_OPENGAUSS_AUDIT"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withContent("rdsAdmin") .withFieldName("username") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("cm_agent@10.254.95.70") .withFieldName("client_conninfo") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("96e86f462bbc4f2286d7c8274815d0fein14") .withFieldName("instanceId") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("xid=30818, SET statement_timeout = 10000000;n") .withFieldName("detail_info") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("140463114942208@713872403507507") .withFieldName("thread_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("ok") .withFieldName("result") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("postgres") .withFieldName("database") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("8001") .withFieldName("local_port") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("10") .withFieldName("userid") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("06c267fad8054a0abcb17cfa3b8f260cno14") .withFieldName("nodeId") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("dn_6001_6002_6003") .withFieldName("node_name") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("statement_timeout") .withFieldName("object_name") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("2022-08-15 17:53:23+08") .withFieldName("time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("set_parameter") .withFieldName("type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("50952") .withFieldName("remote_port") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"username":"rdsAdmin","client_conninfo":"cm_agent@10.254.95.70","instanceId":"96e86f462bbc4f2286d7c8274815d0fein14","detail_info":"xid=30818, SET statement_timeout = 10000000;n","thread_id":"140463114942208@713872403507507","result":"ok","database":"postgres","local_port":"8001","userid":"10","nodeId":"06c267fad8054a0abcb17cfa3b8f260cno14","node_name":"dn_6001_6002_6003","object_name":"statement_timeout","time":"2022-08-15 17:53:23+08","type":"set_parameter","remote_port":"50952"}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建TOMCAT方式的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("TOMCAT"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); listbodyTagFields.add( new TagField() .withFieldName("hostName") .withType("string") .withContent("ecs-ictest") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withContent("192.168.12.2") .withFieldName("remote_ip_address") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("-") .withFieldName("remote_logical_username") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("-") .withFieldName("remote_user_authenticated") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("07/Mar/2018:09:49:55") .withFieldName("time_local") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("GET") .withFieldName("scheme") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("/logHello/test") .withFieldName("router_uri") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("HTTP/1.1") .withFieldName("server_protocol") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("200") .withFieldName("status") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("1943") .withFieldName("bytes_sent") .withType("long") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("192.168.12.2 - - [07/Mar/2018:09:49:55 +0800] "GET /logHello/test HTTP/1.1" 200 1943"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建DCS审计日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("DDS_AUDIT"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withContent("auditLog") .withFieldName("topic") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("9fbf813bc27e4a3ab54bddf783a4f774in01") .withFieldName("instanceid") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("bf4cb0413d0b4221be94b08471708586no01") .withFieldName("nodeid") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("test") .withFieldName("db") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("testCollection") .withFieldName("coll") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("update") .withFieldName("optype") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("2022-08-05T08:24:15.536+0000") .withFieldName("time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("10.4.23.205") .withFieldName("user_ip") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("47668") .withFieldName("user_port") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("rw_testuser") .withFieldName("user") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withContent("{"command":"update","ns":"test.testCollection","op":[{"q":{"vin":"LDP31B965NG036174"},"u":{"$set":{"timestamp":{"$numberLong":"1659687855535"},"deviceTime":{"$numberLong":"1659687855340"},"longitude":"119.35516805555555","latitude":"26.057936388888891","location":"119.35516805555555,26.057936388888891","height":"10.097286797128618","direction":"12","speed":14,"accuracy":"0","h3Address7":"8741b5300ffffff"}},"upsert":true}],"args":{"update":"testCollection","ordered":true,"$db":"test","$clusterTime":{"clusterTime":{"$timestamp":{"t":1659687855,"i":1685}},"signature":{"hash":{"$binary":"CP5bfEf+gBJZdAxCKtF9HiSeqQY=","$type":"00"},"keyId":{"$numberLong":"7102408879899674942"}}},"lsid":{"id":{"$binary":"PXVVrbuvRuGkypCbu/oXXQ==","$type":"04"}}}}") .withFieldName("param") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"topic":"auditLog","instanceid":"9fbf813bc27e4a3ab54bddf783a4f774in01","nodeid":"bf4cb0413d0b4221be94b08471708586no01","db":"test","coll":"testCollection","optype":"update","time":"2022-08-05T08:24:15.536+0000","user_ip":"10.4.23.205","user_port":"47668","user":"rw_testuser","param":{"command":"update","ns":"test.testCollection","op":[{"q":{"vin":"LDP31B965NG036174"},"u":{"$set":{"timestamp":{"$numberLong":"1659687855535"},"deviceTime":{"$numberLong":"1659687855340"},"longitude":"119.35516805555555","latitude":"26.057936388888891","location":"119.35516805555555,26.057936388888891","height":"10.097286797128618","direction":"12","speed":14,"accuracy":"0","h3Address7":"8741b5300ffffff"}},"upsert":true}],"args":{"update":"testCollection","ordered":true,"$db":"test","$clusterTime":{"clusterTime":{"$timestamp":{"t":1659687855,"i":1685}},"signature":{"hash":{"$binary":"CP5bfEf+gBJZdAxCKtF9HiSeqQY=","$type":"00"},"keyId":{"$numberLong":"7102408879899674942"}}},"lsid":{"id":{"$binary":"PXVVrbuvRuGkypCbu/oXXQ==","$type":"04"}}}}}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建DDS错误日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("MONGODB_ERROR"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("error_log") .withFieldName("log_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("Error") .withFieldName("severity") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("2022-08-22T09:33:15.142+0000") .withFieldName("log_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("E QUERY [ClusterDisasterBackupChangeJob] Get global setting disasterBackup failed.") .withFieldName("raw_message") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("5b67dc63ba824145aae1f12ff51e58b8in02") .withFieldName("instance_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("686a791e690e4db3af591ec4b6f72916no02") .withFieldName("node_id") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"log_type":"error_log","severity":"Error","log_time":"2022-08-22T09:33:15.142+0000","raw_message":"E QUERY [ClusterDisasterBackupChangeJob] Get global setting disasterBackup failed.","instance_id": "5b67dc63ba824145aae1f12ff51e58b8in02","node_id": "686a791e690e4db3af591ec4b6f72916no02"}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建DDS慢日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("MONGODB_SLOW"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("slow_log") .withFieldName("log_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("2022-08-20T10:04:03.204000Z") .withFieldName("log_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("data0820.table") .withFieldName("namespace") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("data0820") .withFieldName("database") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("table") .withFieldName("collection") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("insert") .withFieldName("operate_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0") .withFieldName("docs_scanned") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0") .withFieldName("docs_returned") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0") .withFieldName("n_deleted") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0") .withFieldName("n_matched") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0") .withFieldName("n_modified") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("10") .withFieldName("n_inserted") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("555") .withFieldName("cost_time") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0") .withFieldName("lock_time") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("{"op": "insert", "ns": "data0820.usrtable", "command": "{N}", "ninserted": 1, "keysInserted": 1, "numYield": 0, "locks": {"Global": {"acquireCount": {"r": 5, "w": 5}}, "Database": {"acquireCount": {"w": 4, "W": 1}}, "Collection": {"acquireCount": {"w": 2}}, "oplog": {"acquireCount": {"w": 2}}}, "responseLength": 230, "protocol": "op_msg", "millis": 555, "ts": {"$date": 1660989843204}, "client": "192.168.0.64", "appName": "MongoDB Shell", "allUsers": [{"user": "rwuser", "db": "admin"}], "user": "rwuser@admin"}") .withFieldName("whole_message") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("5b67dc63ba824145aae1f12ff51e58b8in02") .withFieldName("instance_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("686a791e690e4db3af591ec4b6f72916no02") .withFieldName("node_id") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"log_type":"slow_log","log_time":"2022-08-20T10:04:03.204000Z","namespace":"data0820.table","database":"data0820","collection":"table","operate_type":"insert","docs_scanned":0,"docs_returned":0,"n_deleted":0,"n_matched":0,"n_modified":0,"n_inserted":10,"cost_time":555,"lock_time":0,"whole_message":"{"op": "insert", "ns": "data0820.usrtable", "command": "{N}", "ninserted": 1, "keysInserted": 1, "numYield": 0, "locks": {"Global": {"acquireCount": {"r": 5, "w": 5}}, "Database": {"acquireCount": {"w": 4, "W": 1}}, "Collection": {"acquireCount": {"w": 2}}, "oplog": {"acquireCount": {"w": 2}}}, "responseLength": 230, "protocol": "op_msg", "millis": 555, "ts": {"$date": 1660989843204}, "client": "192.168.0.64", "appName": "MongoDBShell", "allUsers": [{"user": "rwuser", "db": "admin"}], "user": "rwuser@admin"}","instance_id": "5b67dc63ba824145aae1f12ff51e58b8in02","node_id":"686a791e690e4db3af591ec4b6f72916no02"}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建CFW访问控制日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("CFW_ACCESS"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("PING") .withFieldName("app") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("in2out") .withFieldName("direction") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("3002") .withFieldName("source-zone") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("56827792-173e-435a-b22b-229f21d78244") .withFieldName("rule_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("ICMP: ECHO_REQUEST") .withFieldName("protocol") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("100.85.222.23") .withFieldName("dst_ip") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("100.85.112.49") .withFieldName("src_ip") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("eip") .withFieldName("log_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1655882537006") .withFieldName("hit_time") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("44243649") .withFieldName("log-id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("45243") .withFieldName("dst_port") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("3001") .withFieldName("destination-zone") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("2022.06.22") .withFieldName("index_day") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("6781") .withFieldName("log_id") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("17589") .withFieldName("src_port") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("58ead9e7-418d-4166-8df8-f24941d4205c") .withFieldName("fw_instance_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("permit") .withFieldName("action") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1") .withFieldName("vsys") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"app":"PING","direction":"in2out","source-zone":"3002","rule_id":"56827792-173e-435a-b22b-229f21d78244","protocol":"ICMP: ECHO_REQUEST","dst_ip":"100.85.222.23","src_ip":"100.85.112.49","log_type":"eip","hit_time":1655882537006,"log-id":"44243649","dst_port":"45243","destination-zone":"3001","index_day":"2022.06.22","log_id":6781,"src_port":"17589","fw_instance_id":"58ead9e7-418d-4166-8df8-f24941d4205c","action":"permit","vsys":"1"}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建CFW攻击日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("CFW_ATTACK"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0") .withFieldName("source") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("HTTP") .withFieldName("app") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("out2in") .withFieldName("direction") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("100.85.222.23") .withFieldName("dst_ip") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("10.108.170.229") .withFieldName("src_ip") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1655974411462") .withFieldName("event_time") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("eip") .withFieldName("log_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("80") .withFieldName("dst_port") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("330409") .withFieldName("attack_rule_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("2022.06.23") .withFieldName("index_day") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("462688") .withFieldName("log_id") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("51002") .withFieldName("src_port") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("TCP") .withFieldName("protocol") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent() .withFieldName("packet") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("HIGH") .withFieldName("level") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("Vulnerability Exploit Attack") .withFieldName("attack_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("58ead9e7-418d-4166-8df8-f24941d4205c") .withFieldName("fw_instance_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("permit") .withFieldName("action") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1") .withFieldName("vsys") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("VMware Spring Cloud Directory Traversal Vulnerability (CVE-2020-5410)") .withFieldName("attack_rule") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"source":"0","app":"HTTP","direction":"out2in","dst_ip":"100.85.222.23","src_ip":"10.108.170.229","event_time":1655974411462,"log_type":"eip","dst_port":"80","attack_rule_id":"330409","index_day":"2022.06.23","log_id":462688,"src_port":"51002","protocol":"TCP","packet":"+hZUZMhT+hY/AaHMCABFAADnicBAAHgGgJIKbKrlZFXeF8c6AFAYCIpDV562+VAYBAILMwAAR0VUIC9qb2JtYW5hZ2VyL2xvZ3MvLi4lMjUyZi4uJTI1MmYuLiUyNTJmLi4lMjUyZi4uJTI1MmYuLiUyNTJmLi4lMjUyZi4uJTI1MmYuLiUyNTJmLi4lMjUyZi4uJTI1MmYuLiUyNTJmZXRjJTI1MmZwYXNzd2QgSFRUUC8xLjENCkhvc3Q6IDEwMC44NS4yMjIuMjMNClVzZXItQWdlbnQ6IGN1cmwvNy42NS4wDQpBY2NlcHQ6ICovKg0KDQo=","level":"HIGH","attack_type":"Vulnerability Exploit Attack","fw_instance_id":"58ead9e7-418d-4166-8df8-f24941d4205c","action":"permit","vsys":"1","attack_rule":"VMware Spring Cloud Directory Traversal Vulnerability (CVE-2020-5410)"}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建CFW流量日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("CFW_FLOW"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("80") .withFieldName("dst_port") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("HTTP") .withFieldName("app") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0.1") .withFieldName("to_c_pkts") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("100.85.222.23") .withFieldName("dst_ip") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0.1") .withFieldName("to_c_bytes") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1655436321000") .withFieldName("end_time") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("10.108.170.229") .withFieldName("src_ip") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("2022.06.17") .withFieldName("index_day") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1232.1") .withFieldName("bytes") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("4424364f") .withFieldName("log-id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1") .withFieldName("vsys") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("67") .withFieldName("suffix") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("10.1") .withFieldName("packets") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("out2in") .withFieldName("direction") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("TCP") .withFieldName("protocol") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1232.1") .withFieldName("to_s_bytes") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("10.1") .withFieldName("to_s_pkts") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("63934") .withFieldName("src_port") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1655436299000") .withFieldName("start_time") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("efbeb90c-1108-42ce-b099-f7e035a10b67") .withFieldName("fw_instance_id") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"dst_port":"80","app":"HTTP","to_c_pkts":0.1,"dst_ip":"100.85.222.23","to_c_bytes":0.1,"end_time":1655436321000,"src_ip":"10.108.170.229","index_day":"2022.06.17","bytes":1232.1,"log-id":"4424364f","vsys":"1","suffix":"67","packets":10.1,"direction":"out2in","protocol":"TCP","to_s_bytes":1232.1,"to_s_pkts":10.1,"src_port":"63934","start_time":1655436299000,"fw_instance_id":"efbeb90c-1108-42ce-b099-f7e035a10b67"}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建MYSQL错误日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("MYSQL_ERROR"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("error_log") .withFieldName("log_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("WARNING") .withFieldName("severity") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("2022-08-22T06:52:08Z") .withFieldName("log_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("Occur error when reading bytes from a network handler. Client actively closes the connection.") .withFieldName("raw_message") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("5d6c61bbd49b4ad3a1572461811e3dacno01") .withFieldName("node_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("207032924c644f429b74f6fc5d8c97f9in01") .withFieldName("instance_id") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"log_type":"error_log","severity":"WARNING","log_time":"2022-08-22T06:52:08Z","raw_message":"Occur error when reading bytes from a network handler. Client actively closes the connection.","node_id":"5d6c61bbd49b4ad3a1572461811e3dacno01","instance_id":"207032924c644f429b74f6fc5d8c97f9in01"}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建MYSQL慢日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("MYSQL_SLOW"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("2022-07-27T02:49:19.000") .withFieldName("start_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("commerce") .withFieldName("user") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("100.*.*.222") .withFieldName("host") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1.461583") .withFieldName("query_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0.000050") .withFieldName("lock_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("500") .withFieldName("rows_sent") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("581000") .withFieldName("rows_examined") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("SELECT DN_N.record_id `a.id`,DN_N.name `a.name`,DN_N.valueN `a.ExternalCode`,DN_N.valueN `a.DeviceName`,DN_N.valueN `a.DeviceDef`,DN_N.created_date `a.createdDate`,DN_N.last_modified_date `a.lastModifiedDate`,DN_N.valueN `a.DeviceProduct`,DN_N.valueN `a.Channel`,DN_N.valueN `a.Status`,CN_N.valueN `a.Remark`,DN_N.valueN `a.NodeId`,DN_N.valueN `a.ConnectStatus`,CAST(DN_N.valueN AS CHAR(N)) `a.GatewayId`,CAST(DN_N.valueN AS CHAR(N)) `a.HMI`,DN_N.valueN `a.SerialNo`,CAST(DN_N.valueN AS DECIMAL(N,N)) `a.TelemetryPeriod`,DN_N.valueN `a.ConnectStatusChgTime`,DN_N.valueN `a.DeviceNumber`,CAST(DN_N.valueN AS CHAR(N)) `a.ControllerType`,CAST(DN_N.valueN AS CHAR(N)) `a.ProjectId`,DN_N.valueN `a.RegisterStatus`,DN_N.created_date ORD_FN FROM dataN DN_N,clobs CN_N WHERE (DN_N.tenant_id= N AND DN_N.obj_id= N AND DN_N.tenant_id= CN_N.tenant_id AND DN_N.obj_id= CN_N.obj_id AND DN_N.record_id= CN_N.record_id) AND ((DN_N.valueN = N)) ORDER BY DN_N.created_date DESC limit N,N;") .withFieldName("command_text") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("saas_perf") .withFieldName("database") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("slow_log") .withFieldName("log_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1658890159") .withFieldName("log_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("SELECT") .withFieldName("operate_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("5d6c61bbd49b4ad3a1572461811e3dacno01") .withFieldName("node_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("207032924c644f429b74f6fc5d8c97f9in01") .withFieldName("instance_id") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"start_time":"2022-07-27T02:49:19.000","user":"commerce","host":"100.*.*.222","query_time":"1.461583","lock_time":"0.000050","rows_sent":"500","rows_examined":"581000","command_text":"SELECT DN_N.record_id `a.id`,DN_N.name `a.name`,DN_N.valueN `a.ExternalCode`,DN_N.valueN `a.DeviceName`,DN_N.valueN `a.DeviceDef`,DN_N.created_date `a.createdDate`,DN_N.last_modified_date `a.lastModifiedDate`,DN_N.valueN `a.DeviceProduct`,DN_N.valueN `a.Channel`,DN_N.valueN `a.Status`,CN_N.valueN `a.Remark`,DN_N.valueN `a.NodeId`,DN_N.valueN `a.ConnectStatus`,CAST(DN_N.valueN AS CHAR(N)) `a.GatewayId`,CAST(DN_N.valueN AS CHAR(N)) `a.HMI`,DN_N.valueN `a.SerialNo`,CAST(DN_N.valueN AS DECIMAL(N,N)) `a.TelemetryPeriod`,DN_N.valueN `a.ConnectStatusChgTime`,DN_N.valueN `a.DeviceNumber`,CAST(DN_N.valueN AS CHAR(N)) `a.ControllerType`,CAST(DN_N.valueN AS CHAR(N)) `a.ProjectId`,DN_N.valueN `a.RegisterStatus`,DN_N.created_date ORD_FN FROM dataN DN_N,clobs CN_N WHERE (DN_N.tenant_id= N AND DN_N.obj_id= N AND DN_N.tenant_id= CN_N.tenant_id AND DN_N.obj_id= CN_N.obj_id AND DN_N.record_id= CN_N.record_id) AND ((DN_N.valueN = N)) ORDER BY DN_N.created_date DESC limit N,N;","database":"saas_perf","log_type":"slow_log","log_time":"1658890159","operate_type":"SELECT","node_id":"5d6c61bbd49b4ad3a1572461811e3dacno01","instance_id":"207032924c644f429b74f6fc5d8c97f9in01"}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建POSTGRESQL慢日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("POSTGRESQL_SLOW"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("slow_log") .withFieldName("log_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("328.662") .withFieldName("execute_time") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("authoring") .withFieldName("user") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("2022-07-24T10:06:41.000") .withFieldName("log_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("authoring-test") .withFieldName("database") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("SELECT * FROM ( SELECT n.user_id,n.id AS resource_id,e.create_at AS begin_time,e.create_at AS end_time ,N AS resource_spec_code,COALESCE(cast(e.flavor as varchar), cast(s.volume_size as varchar)) AS billing_unit,c.az_id,-N AS accumulate_factor_value,CONCAT(N, s.id, N) AS bss_params,n.project_id, n.domain_id, e.status , N AS resource_type , w.workspace_id,w.enterprise_project_id FROM t_resource_status_event e INNER JOIN t_notebook_evs_storage s on s.id=e.resource_id LEFT JOIN t_notebook_instance n on s.id=n.storage_id LEFT JOIN t_logic_cluster l on n.resource_cluster_id=l.id LEFT JOIN t_cce_cluster c on c.id=l.cce_id LEFT JOIN t_workspace w on w.workspace_id=n.workspace_id WHERE e.category = N AND s.resource_ownership=N AND e.create_at BETWEEN $N AND $N UNION ALL SELECT n.user_id,n.id AS resource_id,$N AS begin_time,$N AS end_time ,N AS resource_spec_code,COALESCE(cast(e.flavor as varchar), cast(s.volume_size as varchar)) AS billing_unit,c.az_id,-N AS accumulate_factor_value,CONCAT(N, s.id, N) AS bss_params,n.project_id, n.domain_id, e.status , N AS resource_type , w.workspace_id,w.enterprise_project_id FROM t_resource_status_event e INNER JOIN t_notebook_evs_storage s on s.id=e.resource_id LEFT JOIN t_notebook_instance n on s.id=n.storage_id LEFT JOIN t_logic_cluster l on n.resource_cluster_id=l.id LEFT JOIN t_cce_cluster c on c.id=l.cce_id LEFT JOIN t_workspace w on w.workspace_id=n.workspace_id INNER JOIN (SELECT resource_id,max(create_at) as create_at FROM t_resource_status_event WHERE create_at < $N AND category = N GROUP BY resource_id) x ON e.resource_id=x.resource_id AND e.create_at=x.create_at WHERE e.create_at < $N AND e.category = N AND e.status = N AND s.resource_ownership=N) m ORDER BY resource_id,begin_time ASC") .withFieldName("statement") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("10.*.*.206") .withFieldName("host") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1658657201") .withFieldName("log_timestamp") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("SELECT") .withFieldName("operate_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("d285609201534696bdcd648519fe2b8dno02") .withFieldName("node_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("5b67dc63ba824145aae1f12ff51e58b8in02") .withFieldName("instance_id") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"log_type":"slow_log","execute_time":328.662,"user":"authoring","log_time":"2022-07-24T10:06:41.000","database":"authoring-test","statement":"SELECT * FROM ( SELECT n.user_id,n.id AS resource_id,e.create_at AS begin_time,e.create_at AS end_time ,N AS resource_spec_code,COALESCE(cast(e.flavor as varchar), cast(s.volume_size as varchar)) AS billing_unit,c.az_id,-N AS accumulate_factor_value,CONCAT(N, s.id, N) AS bss_params,n.project_id, n.domain_id, e.status , N AS resource_type , w.workspace_id,w.enterprise_project_id FROM t_resource_status_event e INNER JOIN t_notebook_evs_storage s on s.id=e.resource_id LEFT JOIN t_notebook_instance n on s.id=n.storage_id LEFT JOIN t_logic_cluster l on n.resource_cluster_id=l.id LEFT JOIN t_cce_cluster c on c.id=l.cce_id LEFT JOIN t_workspace w on w.workspace_id=n.workspace_id WHERE e.category = N AND s.resource_ownership=N AND e.create_at BETWEEN $N AND $N UNION ALL SELECT n.user_id,n.id AS resource_id,$N AS begin_time,$N AS end_time ,N AS resource_spec_code,COALESCE(cast(e.flavor as varchar), cast(s.volume_size as varchar)) AS billing_unit,c.az_id,-N AS accumulate_factor_value,CONCAT(N, s.id, N) AS bss_params,n.project_id, n.domain_id, e.status , N AS resource_type , w.workspace_id,w.enterprise_project_id FROM t_resource_status_event e INNER JOIN t_notebook_evs_storage s on s.id=e.resource_id LEFT JOIN t_notebook_instance n on s.id=n.storage_id LEFT JOIN t_logic_cluster l on n.resource_cluster_id=l.id LEFT JOIN t_cce_cluster c on c.id=l.cce_id LEFT JOIN t_workspace w on w.workspace_id=n.workspace_id INNER JOIN (SELECT resource_id,max(create_at) as create_at FROM t_resource_status_event WHERE create_at < $N AND category = N GROUP BY resource_id) x ON e.resource_id=x.resource_id AND e.create_at=x.create_at WHERE e.create_at < $N AND e.category = N AND e.status = N AND s.resource_ownership=N) m ORDER BY resource_id,begin_time ASC","host":"10.*.*.206","log_timestamp":"1658657201","operate_type":"SELECT","node_id":"d285609201534696bdcd648519fe2b8dno02","instance_id":"5b67dc63ba824145aae1f12ff51e58b8in02"}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建POSTGRESQL错误日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("POSTGRESQL_ERROR"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("error_log") .withFieldName("log_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("WARNING") .withFieldName("severity") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("2022-08-22T06:52:08Z") .withFieldName("log_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("Occur error when reading bytes from a network handler. Client actively closes the connection.") .withFieldName("raw_message") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("d285609201534696bdcd648519fe2b8dno02") .withFieldName("node_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("5b67dc63ba824145aae1f12ff51e58b8in02") .withFieldName("instance_id") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"log_type":"error_log","severity":"WARNING","log_time":"2022-08-22T06:52:08Z","raw_message":"Occur error when reading bytes from a network handler. Client actively closes the connection.","node_id":"d285609201534696bdcd648519fe2b8dno02","instance_id":"5b67dc63ba824145aae1f12ff51e58b8in02"}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建SQLSERVER错误日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("SQLSERVER_ERROR"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("error_log") .withFieldName("log_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("WARNING") .withFieldName("severity") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("2022-08-22T06:52:08Z") .withFieldName("log_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("Occur error when reading bytes from a network handler. Client actively closes the connection.") .withFieldName("raw_message") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("7346b0db609b463e976054928af50e85no01") .withFieldName("node_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("9c589b9d7a4d45dbaf7deb9f8520611cin01") .withFieldName("instance_id") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"log_type":"error_log","severity":"WARNING","log_time":"2022-08-22T06:52:08Z","raw_message":"Occur error when reading bytes from a network handler. Client actively closes the connection.","node_id":"7346b0db609b463e976054928af50e85no01","instance_id":"9c589b9d7a4d45dbaf7deb9f8520611cin01"}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建GAUSSDB_REDIS慢日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("GAUSSDB_REDIS_SLOW"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("32eaaf6c5a0142e3a6d80740cd5b3803in12") .withFieldName("instance_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("597a15b9f2ef4436811c5edcc67c013cno12") .withFieldName("node_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("0") .withFieldName("database") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("slow_log") .withFieldName("log_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("sismember") .withFieldName("operate_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("2022-10-12T07:42:21.253484Z") .withFieldName("log_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("1277.47") .withFieldName("cost_time") .withType("float") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("{"command_param":"dc:set:new:follow:uids:monthly:259008728:202210","database":"0"}") .withFieldName("whole_message") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"instance_id":"32eaaf6c5a0142e3a6d80740cd5b3803in12","node_id":"597a15b9f2ef4436811c5edcc67c013cno12","database":"0","log_type":"slow_log","operate_type":"sismember","log_time":"2022-10-12T07:42:21.253484Z","cost_time":1277.47,"whole_message":"{"command_param":"dc:set:new:follow:uids:monthly:259008728:202210","database":0}"}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建GAUSSDB_MYSQL慢日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("GAUSSDB_MYSQL_SLOW"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); listbodyTagFields.add( new TagField() .withFieldName("hostName") .withType("string") .withContent("ecs-ictest") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("2022-07-27T02:49:19.000") .withFieldName("start_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("commerce") .withFieldName("user") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("100.*.*.222") .withFieldName("host") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("1.461583") .withFieldName("query_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("0.000050") .withFieldName("lock_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("500") .withFieldName("rows_sent") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("581000") .withFieldName("rows_examined") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("SELECT DN_N.record_id `a.id`,DN_N.name `a.name`,DN_N.valueN `a.ExternalCode`,DN_N.valueN `a.DeviceName`,DN_N.valueN `a.DeviceDef`,DN_N.created_date `a.createdDate`,DN_N.last_modified_date `a.lastModifiedDate`,DN_N.valueN `a.DeviceProduct`,DN_N.valueN `a.Channel`,DN_N.valueN `a.Status`,CN_N.valueN `a.Remark`,DN_N.valueN `a.NodeId`,DN_N.valueN `a.ConnectStatus`,CAST(DN_N.valueN AS CHAR(N)) `a.GatewayId`,CAST(DN_N.valueN AS CHAR(N)) `a.HMI`,DN_N.valueN `a.SerialNo`,CAST(DN_N.valueN AS DECIMAL(N,N)) `a.TelemetryPeriod`,DN_N.valueN `a.ConnectStatusChgTime`,DN_N.valueN `a.DeviceNumber`,CAST(DN_N.valueN AS CHAR(N)) `a.ControllerType`,CAST(DN_N.valueN AS CHAR(N)) `a.ProjectId`,DN_N.valueN `a.RegisterStatus`,DN_N.created_date ORD_FN FROM dataN DN_N,clobs CN_N WHERE (DN_N.tenant_id= N AND DN_N.obj_id= N AND DN_N.tenant_id= CN_N.tenant_id AND DN_N.obj_id= CN_N.obj_id AND DN_N.record_id= CN_N.record_id) AND ((DN_N.valueN = N)) ORDER BY DN_N.created_date DESC limit N,N;") .withFieldName("command_text") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(true) .withContent("saas_perf") .withFieldName("database") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("slow_log") .withFieldName("log_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("1658890159") .withFieldName("log_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("SELECT") .withFieldName("operate_type") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"start_time":"2022-07-27T02:49:19.000","user":"commerce","host":"100.*.*.222","query_time":"1.461583","lock_time":"0.000050","rows_sent":"500","rows_examined":"581000","command_text":"SELECT DN_N.record_id `a.id`,DN_N.name `a.name`,DN_N.valueN `a.ExternalCode`,DN_N.valueN `a.DeviceName`,DN_N.valueN `a.DeviceDef`,DN_N.created_date `a.createdDate`,DN_N.last_modified_date `a.lastModifiedDate`,DN_N.valueN `a.DeviceProduct`,DN_N.valueN `a.Channel`,DN_N.valueN `a.Status`,CN_N.valueN `a.Remark`,DN_N.valueN `a.NodeId`,DN_N.valueN `a.ConnectStatus`,CAST(DN_N.valueN AS CHAR(N)) `a.GatewayId`,CAST(DN_N.valueN AS CHAR(N)) `a.HMI`,DN_N.valueN `a.SerialNo`,CAST(DN_N.valueN AS DECIMAL(N,N)) `a.TelemetryPeriod`,DN_N.valueN `a.ConnectStatusChgTime`,DN_N.valueN `a.DeviceNumber`,CAST(DN_N.valueN AS CHAR(N)) `a.ControllerType`,CAST(DN_N.valueN AS CHAR(N)) `a.ProjectId`,DN_N.valueN `a.RegisterStatus`,DN_N.created_date ORD_FN FROM dataN DN_N,clobs CN_N WHERE (DN_N.tenant_id= N AND DN_N.obj_id= N AND DN_N.tenant_id= CN_N.tenant_id AND DN_N.obj_id= CN_N.obj_id AND DN_N.record_id= CN_N.record_id) AND ((DN_N.valueN = N)) ORDER BY DN_N.created_date DESC limit N,N;","database":"saas_perf","log_type":"slow_log","log_time":"1658890159","operate_type":"SELECT"}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建GAUSSDB_MYSQL错误日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("GAUSSDB_MYSQL_ERROR"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("error_log") .withFieldName("log_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("WARNING") .withFieldName("severity") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("2022-08-22T06:52:08Z") .withFieldName("log_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("Occur error when reading bytes from a network handler. Client actively closes the connection.") .withFieldName("raw_message") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"log_type":"error_log","severity":"WARNING","log_time":"2022-08-22T06:52:08Z","raw_message":"Occur error when reading bytes from a network handler. Client actively closes the connection."}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建CDN结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("CDN"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("1666604392000") .withFieldName("request_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("findercdn.video.qq.com") .withFieldName("domain") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("GET") .withFieldName("method") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("http") .withFieldName("scheme") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("/BcimRg.txt") .withFieldName("uri") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("cdnkey=*****&cdntoken=*****&tokenidx=1") .withFieldName("uri_param") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("192.168.233.142") .withFieldName("client_ip") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("51517") .withFieldName("client_port") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("-") .withFieldName("refer_protocol") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("-") .withFieldName("refer_domain") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("-") .withFieldName("refer_uri") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("-") .withFieldName("refer_param") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("301") .withFieldName("request_size") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("14") .withFieldName("response_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("588") .withFieldName("response_size") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("403") .withFieldName("http_code") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("-") .withFieldName("response_range") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("-") .withFieldName("request_range") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("150") .withFieldName("request_body_bytes") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("text/html") .withFieldName("content_type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("HIT") .withFieldName("hit_info") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("python-requests/2.21.0") .withFieldName("user_agent") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("ce6327e015c1e16f581818b838a6cb0c") .withFieldName("uuid") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("edge-cache01[14]") .withFieldName("via_info") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("-") .withFieldName("xforwordfor") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"request_time":"1666604392000","domain":"findercdn.video.qq.com","method":"GET","scheme":"http","uri":"/BcimRg.txt","uri_param":"cdnkey=******&cdntoken=******&tokenidx=1","client_ip":"192.168.233.142","client_port":"51517","refer_protocol":"-","refer_domain":"-","refer_uri":"-","refer_param":"-","request_size":"301","response_time":"14","response_size":"588","http_code":"403","response_range":"-","request_range":"-","request_body_bytes":"150","content_type":"text/html","hit_info":"HIT","user_agent":"python-requests/2.21.0","uuid":"ce6327e015c1e16f581818b838a6cb0c","via_info":"edge-cache01[14]","xforwordfor":"-"}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建SMN结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("SMN"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("1ae49922602a42fc83acb9689a2eb5f4") .withFieldName("message_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("5a9f32e4f1ec4bbe9695ff9da51c2925") .withFieldName("project_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("urn:smn:cn-north-1:5a9f32e4f1ec4bbe9695ff9da51c2925:demo") .withFieldName("topic_urn") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("urn:smn:cn-north-1:5a9f32e4f1ec4bbe9695ff9da51c2925:demo:b55c3c6fa7cd471b9f24818d530a8740") .withFieldName("subscriber_urn") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("https") .withFieldName("protocol_name") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("https://127.0.0.1:443/https") .withFieldName("endpoint") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("DELIVERED") .withFieldName("status") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("200") .withFieldName("http_code") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("2022-11-01T00:00:00Z") .withFieldName("create_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("2022-11-01T00:00:10Z") .withFieldName("send_time") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"message_id":"1ae49922602a42fc83acb9689a2eb5f4","project_id":"5a9f32e4f1ec4bbe9695ff9da51c2925","topic_urn":"urn:smn:cn-north-1:5a9f32e4f1ec4bbe9695ff9da51c2925:demo","subscriber_urn":"urn:smn:cn-north-1:5a9f32e4f1ec4bbe9695ff9da51c2925:demo:b55c3c6fa7cd471b9f24818d530a8740","protocol_name":"https","endpoint":"https://127.0.0.1:443/https","status":"DELIVERED","http_code":200,"create_time":"2022-11-01T00:00:00Z","send_time":"2022-11-01T00:00:10Z"}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建WAF访问日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("WAF_ACCESS"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("504") .withFieldName("response_code") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("http") .withFieldName("scheme") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("100.93.2.229:80") .withFieldName("upstream_addr") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("163") .withFieldName("body_bytes_sent") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("-") .withFieldName("upstream_header_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("1") .withFieldName("connection_requests") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("") .withFieldName("ssl_cipher") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("1736cc7331b74b198e2ef07555a970ce") .withFieldName("hostid") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("2152") .withFieldName("pid") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("") .withFieldName("tls_version") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("www.testh.com") .withFieldName("http_host") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("0") .withFieldName("process_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("88003425-d7bc-46ce-8ae7-77a8aa18a814") .withFieldName("access_stream_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("2022-07-29T19:39:10+08:00") .withFieldName("time_iso8601") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("") .withFieldName("intel_crawler") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("504") .withFieldName("upstream_status") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("10.63.46.110") .withFieldName("remote_ip") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("30.008") .withFieldName("request_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("1d26cc8c86a840e28a4f8d0d07852f1d") .withFieldName("tenantid") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("10.63.46.110") .withFieldName("sip") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("420") .withFieldName("bytes_send") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("2a473356cca5487f8373be891bffc1cf") .withFieldName("projectid") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("curl/7.29.0") .withFieldName("user_agent") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("") .withFieldName("web_tag") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("GET") .withFieldName("method") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("10.63.36.208") .withFieldName("bind_ip") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("") .withFieldName("region_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("20582") .withFieldName("remote_port") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("") .withFieldName("ssl_ciphers_md5") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("") .withFieldName("x_real_ip") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("/") .withFieldName("url") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("") .withFieldName("x_forwarded_for") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("") .withFieldName("sni") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("public/../style/general.css=true") .withFieldName("args") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("") .withFieldName("cdn_src_ip") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("0") .withFieldName("enterprise_project_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("-") .withFieldName("upstream_connect_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("") .withFieldName("engine_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("110") .withFieldName("request_length") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("5d574e6a-87da-42bc-bfd4-ff61a1b336a4") .withFieldName("group_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("36f0a9212b14528ffc090f1811cd87d8") .withFieldName("requestid") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("") .withFieldName("ssl_curves") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("") .withFieldName("ssl_session_reused") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("2022-07-29T11:39:10.000Z") .withFieldName("waf-time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("30.009") .withFieldName("upstream_response_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("29/Jul/2022:19:39:10 +0800") .withFieldName("time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("access") .withFieldName("waf_category") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("10.63.36.208") .withFieldName("eng_ip") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"response_code":"504","scheme":"http","upstream_addr":"100.93.2.229:80","body_bytes_sent":"163","upstream_header_time":"-","connection_requests":"1","ssl_cipher":"","hostid":"1736cc7331b74b198e2ef07555a970ce","pid":"2152","tls_version":"","http_host":"www.testh.com","process_time":"0","access_stream_id":"88003425-d7bc-46ce-8ae7-77a8aa18a814","time_iso8601":"2022-07-29T19:39:10+08:00","intel_crawler":"","upstream_status":"504","remote_ip":"10.63.46.110","request_time":"30.008","tenantid":"1d26cc8c86a840e28a4f8d0d07852f1d","sip":"10.63.46.110","bytes_send":"420","projectid":"2a473356cca5487f8373be891bffc1cf","user_agent":"curl/7.29.0","web_tag":"","method":"GET","bind_ip":"10.63.36.208","region_id":"","remote_port":"20582","ssl_ciphers_md5":"","x_real_ip":"","url":"/","x_forwarded_for":"","sni":"","args":"public/../style/general.css=true","cdn_src_ip":"","enterprise_project_id":"0","upstream_connect_time":"-","engine_id":"","request_length":"110","group_id":"5d574e6a-87da-42bc-bfd4-ff61a1b336a4","requestid":"36f0a9212b14528ffc090f1811cd87d8","ssl_curves":"","ssl_session_reused":"","waf-time":"2022-07-29T11:39:10.000Z","upstream_response_time":"30.008","time":"29/Jul/2022:19:39:10 +0800","category":"access","eng_ip":"10.63.36.208"}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建WAF攻击日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("WAF_ATTACK"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("cd081ba3d6674000acc37d7e2a4b9140") .withFieldName("policy_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("80") .withFieldName("hport") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("163") .withFieldName("body_bytes_sent") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("1736cc7331b74b198e2ef07555a970ce") .withFieldName("hostid") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("040002") .withFieldName("rule") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("10.63.36.208") .withFieldName("engine_ip") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("2152") .withFieldName("pid") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("www.testh.com") .withFieldName("http_host") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("1") .withFieldName("process_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("0000-0000-0000-20820220729193940-f34cf25e") .withFieldName("reqid") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("2022-07-29T19:39:40+08:00") .withFieldName("time_iso8601") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("504") .withFieldName("upstream_status") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("public/../style/general.css") .withFieldName("hit_data") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("98de5d5a-9f54-4d01-9882-eca7bec99d09") .withFieldName("attack_stream_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("10.63.46.110") .withFieldName("remote_ip") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("lfi") .withFieldName("attack") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("1d26cc8c86a840e28a4f8d0d07852f1d") .withFieldName("tenantid") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("www.testh.com") .withFieldName("host") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("log") .withFieldName("action") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("HTTP") .withFieldName("backend.protocol") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("true") .withFieldName("backend.alive") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("80") .withFieldName("backend.port") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("100.93.2.229") .withFieldName("backend.host") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("1") .withFieldName("backend.weight") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("ip") .withFieldName("backend.type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("04-0000-0000-0000-20820220729193940-f34cf25e") .withFieldName("id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("10.63.46.110") .withFieldName("sip") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("2a473356cca5487f8373be891bffc1cf") .withFieldName("projectid") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("") .withFieldName("web_tag") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("2022-07-29T11:39:40.000Z") .withFieldName("attack-time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("GET") .withFieldName("method") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("{"HWWAFSESTIME":"1659094780939","HWWAFSESID":"e2cd0733b4712e4cc4"}") .withFieldName("cookie") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("2") .withFieldName("level") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("{\"public\\/..\\/style\\/general.css\":\"true\"}") .withFieldName("params") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("") .withFieldName("x_real_ip") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("/") .withFieldName("url") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("") .withFieldName("x_forwarded_for") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("") .withFieldName("cdn_src_ip") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("0") .withFieldName("enterprise_project_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("") .withFieldName("req_body") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("") .withFieldName("engine_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("5d574e6a-87da-42bc-bfd4-ff61a1b336a4") .withFieldName("group_id") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("f34cf25eb33ed82cd7261a8276a60c39") .withFieldName("requestid") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("null") .withFieldName("multipart") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("{\"host\":\"www.testh.com\",\"user-agent\":\"curl\\/7.29.0\",\"accept\":\"*\\/*\"}") .withFieldName("header") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("params") .withFieldName("location") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("30.000") .withFieldName("upstream_response_time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("2022-07-29 19:39:40") .withFieldName("time") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("attack") .withFieldName("waf_category") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("28408") .withFieldName("sport") .withType("long") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("504") .withFieldName("status") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"policy_id":"cd081ba3d6674000acc37d7e2a4b9140","hport":"80","body_bytes_sent":"163","hostid":"1736cc7331b74b198e2ef07555a970ce","rule":"040002","engine_ip":"10.63.36.208","pid":"2152","http_host":"www.testh.com","process_time":"1","reqid":"0000-0000-0000-20820220729193940-f34cf25e","time_iso8601":"2022-07-29T19:39:40+08:00","upstream_status":"504","hit_data":"public/../style/general.css","attack_stream_id":"98de5d5a-9f54-4d01-9882-eca7bec99d09","remote_ip":"10.63.46.110","attack":"lfi","tenantid":"1d26cc8c86a840e28a4f8d0d07852f1d","host":"www.testh.com","action":"log","backend":{"protocol":"HTTP","alive":true,"port":80,"host":"100.93.2.229","weight":1,"type":"ip"},"id":"04-0000-0000-0000-20820220729193940-f34cf25e","sip":"10.63.46.110","projectid":"2a473356cca5487f8373be891bffc1cf","web_tag":"","attack-time":"2022-07-29T11:39:40.000Z","method":"GET","cookie":"{\"HWWAFSESTIME\":\"1659094780939\",\"HWWAFSESID\":\"e2cd0733b4712e4cc4\"}","level":2,"params":"{\"public\\/..\\/style\\/general.css\":\"true\"}","x_real_ip":"","uri":"/","x_forwarded_for":"","cdn_src_ip":"","enterprise_project_id":"0","req_body":"","engine_id":"","group_id":"5d574e6a-87da-42bc-bfd4-ff61a1b336a4","requestid":"f34cf25eb33ed82cd7261a8276a60c39","multipart":"null","header":"{\"host\":\"www.testh.com\",\"user-agent\":\"curl\\/7.29.0\",\"accept\":\"*\\/*\"}","location":"params","upstream_response_time":"30.000","time":"2022-07-29 19:39:40","category":"attack","sport":28408,"status":"504"}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
创建DMS重平衡日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.lts.v2.region.LtsRegion; import com.huaweicloud.sdk.lts.v2.*; import com.huaweicloud.sdk.lts.v2.model.*; import java.util.List; import java.util.ArrayList; public class CreateStructTemplateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); LtsClient client = LtsClient.newBuilder() .withCredential(auth) .withRegion(LtsRegion.valueOf("<YOUR REGION>")) .build(); CreateStructTemplateRequest request = new CreateStructTemplateRequest(); LtsStructTemplateInfo body = new LtsStructTemplateInfo(); Rule rulebody = new Rule(); rulebody.withType("built_in") .withParam("DMS_REBALANCED"); List<TagField> listbodyTagFields = new ArrayList<>(); listbodyTagFields.add( new TagField() .withFieldName("hostIP") .withType("string") .withContent("192.168.2.134") .withIsAnalysis(true) ); List<StructFieldInfo> listbodyDemoFields = new ArrayList<>(); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("INFO") .withFieldName("level") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("2023-03-23 17:23:22,906") .withFieldName("timestamp") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("consumer-1-177817b6-1f29-4717-8a83-dda8eaab1635") .withFieldName("message.leaderId") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("1") .withFieldName("message.generationId") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("Assignment received from leader for group KMOffsetCache-dms-vm-fa3cf9d6-manager-shared-server-0 for generation 1") .withFieldName("message.reason") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("KMOffsetCache-dms-vm-fa3cf9d6-manager-shared-server-0") .withFieldName("message.groupId") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("0") .withFieldName("message.coordinatorId") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("END_REBALANCE") .withFieldName("message.type") .withType("string") ); listbodyDemoFields.add( new StructFieldInfo() .withIsAnalysis(false) .withContent("GroupMetadata(groupId=KMOffsetCache-dms-vm-fa3cf9d6-manager-shared-server-0, generation=1, protocolType=Some(consumer), currentState=CompletingRebalance, members=Map(consumer-1-177817b6-1f29-4717-8a83-dda8eaab1635 -> MemberMetadata(memberId=consumer-1-177817b6-1f29-4717-8a83-dda8eaab1635, clientId=consumer-1, clientHost=/172.31.2.168, sessionTimeoutMs=10000, rebalanceTimeoutMs=300000, supportedProtocols=List(range), )))") .withFieldName("message.group") .withType("string") ); body.withRule(rulebody); body.withProjectId("2a473356cca5487f8373be891bffxxxx"); body.withLogStreamId("7e432db8-9dad-4723-a4b1-fdabf712xxxx"); body.withParseType(LtsStructTemplateInfo.ParseTypeEnum.fromValue(" ")); body.withLogGroupId("925a750-e0f3-4fe9-a046-a04af676xxxx"); body.withContent("{"level":"INFO","timestamp":"2023-03-23 17:23:22,906","message":{"leaderId":"consumer-1-177817b6-1f29-4717-8a83-dda8eaab1635","generationId":"1","reason":"Assignment received from leader for group KMOffsetCache-dms-vm-fa3cf9d6-manager-shared-server-0 for generation 1","groupId":"KMOffsetCache-dms-vm-fa3cf9d6-manager-shared-server-0","coordinatorId":"0","type":"END_REBALANCE","group":"GroupMetadata(groupId=KMOffsetCache-dms-vm-fa3cf9d6-manager-shared-server-0, generation=1, protocolType=Some(consumer), currentState=CompletingRebalance, members=Map(consumer-1-177817b6-1f29-4717-8a83-dda8eaab1635 -> MemberMetadata(memberId=consumer-1-177817b6-1f29-4717-8a83-dda8eaab1635, clientId=consumer-1, clientHost=/172.31.2.168, sessionTimeoutMs=10000, rebalanceTimeoutMs=300000, supportedProtocols=List(range), )))"}}"); body.withTagFields(listbodyTagFields); body.withDemoFields(listbodyDemoFields); request.withBody(body); try { CreateStructTemplateResponse response = client.createStructTemplate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
正则方式:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ), TagField( field_name="hostName", type="string", content="ecs-ictest", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=True, field_name="a01", type="string" ), StructFieldInfo( is_analysis=True, field_name="a02", type="string" ), StructFieldInfo( is_analysis=True, field_name="a03", type="string" ), StructFieldInfo( is_analysis=True, field_name="a04", type="string" ), StructFieldInfo( is_analysis=True, field_name="a05", type="string" ), StructFieldInfo( is_analysis=True, field_name="a06", type="string" ), StructFieldInfo( is_analysis=True, field_name="a07", type="long" ) ] request.body = LtsStructTemplateInfo( regex_rules="^(?<a01>[^ ]+)(?:[^ ]* ){1}(?<a02>\w+)(?:[^ ]* ){1}(?<a03>\w+)(?:[^ ]* ){1}(?<a04>\w+)(?:[^ ]* ){1}(?<a05>\w+)(?:[^ ]* ){1}(?<a06>\w+)(?:[^ ]* ){1}(?<a07>\d+)", project_id=" ", log_stream_id="ff8bd110-dc44-4692-af74-d3b1f6197887", parse_type="custom_regex", log_group_id="ada6ce6b-17ba-43f3-a27f-aa563b4ab14e", content="2021-09-09/18:15:41 this log is Error NO 6323", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
JSON方式:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ), TagField( field_name="hostName", type="string", content="ecs-ictest", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=True, field_name="code", type="long", user_defined_name="jl" ), StructFieldInfo( is_analysis=True, field_name="record_time", type="long" ), StructFieldInfo( is_analysis=True, field_name="tracker_name", type="string" ), StructFieldInfo( is_analysis=True, field_name="user.id", type="long" ), StructFieldInfo( is_analysis=True, field_name="user.name", type="string" ) ] request.body = LtsStructTemplateInfo( layers=3, project_id=" ", log_stream_id="ff8bd110-dc44-4692-af74-d3b1f6197887", parse_type="json", log_group_id="ada6ce6b-17ba-43f3-a27f-aa563b4ab14e", content="{'code':38,'tracker_name':'global','record_time':'1597042370464','user':{'name':'testdemo','id':'123456789'}}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
分隔符:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ), TagField( field_name="hostName", type="string", content="ecs-ictest", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=True, field_name="b1", type="string" ), StructFieldInfo( is_analysis=True, field_name="b2", type="string" ), StructFieldInfo( is_analysis=True, field_name="b3", type="string" ), StructFieldInfo( is_analysis=True, field_name="b4", type="string" ), StructFieldInfo( is_analysis=True, field_name="b5", type="string" ), StructFieldInfo( is_analysis=True, field_name="b6", type="string" ), StructFieldInfo( is_analysis=True, field_name="b7", type="long" ) ] request.body = LtsStructTemplateInfo( tokenizer=" ", project_id="", log_stream_id="ff8bd110-dc44-4692-af74-d3b1f6197887", parse_type="split", log_group_id="ada6ce6b-17ba-43f3-a27f-aa563b4ab14e", content="2021-09-09/18:50:51 this log is Error NO 37", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
Nginx:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ), TagField( field_name="hostName", type="string", content="ecs-ictest", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=False, content="0", field_name="body_bytes_sent", type="long" ), StructFieldInfo( is_analysis=False, content="-", field_name="http_referer", type="string" ), StructFieldInfo( is_analysis=False, content="Mozilla/5.0", field_name="http_user_agent", type="string" ), StructFieldInfo( is_analysis=False, content="-", field_name="http_x_forwarded_for", type="string" ), StructFieldInfo( is_analysis=False, content="192.168.0.0", field_name="remote_addr", type="string" ), StructFieldInfo( is_analysis=False, content="sgq", field_name="remote_user", type="string" ), StructFieldInfo( is_analysis=False, content="GET", field_name="request_method", type="string" ), StructFieldInfo( is_analysis=False, content="/", field_name="request_uri", type="string" ), StructFieldInfo( is_analysis=False, content="304", field_name="status", type="long" ), StructFieldInfo( is_analysis=False, content="12/Mar/2020:12:24:02", field_name="time_local", type="string" ) ] request.body = LtsStructTemplateInfo( log_format="log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';", project_id="2a473356cca5487f8373be891bffc1cf", log_stream_id="60906859-e91e-4d4a-9a21-ae319f544567", parse_type="nginx", log_group_id="d1f4240d-5ee2-4e0b-9e2c-e25c7978c001", content="192.168.0.0 - sgq [12/Mar/2020:12:24:02 +0800] "GET / 127/query" 304 0 "-" "Mozilla/5.0" "-"", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
CTS:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="CTS" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ), TagField( field_name="hostName", type="string", content="ecs-ictest", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=True, content="201", field_name="code", type="long" ), StructFieldInfo( is_analysis=True, content="global", field_name="event_type", type="string" ), StructFieldInfo( is_analysis=True, content="221123nsada3sda3231das3111ndsab", field_name="project_id", type="string" ), StructFieldInfo( is_analysis=True, content="1597042370464", field_name="record_time", type="long" ), StructFieldInfo( is_analysis=True, content="98763hkjhdteoi03861732hjh7983bhd", field_name="resource_id", type="string" ), StructFieldInfo( is_analysis=True, content="demodemodemo/demo", field_name="resource_name", type="string" ), StructFieldInfo( is_analysis=True, content="token", field_name="resource_type", type="string" ), StructFieldInfo( is_analysis=True, content="IAM", field_name="service_type", type="string" ), StructFieldInfo( is_analysis=True, content="10.10.1.10", field_name="source_ip", type="string" ), StructFieldInfo( is_analysis=True, content="1597042369296", field_name="time", type="long" ), StructFieldInfo( is_analysis=True, content="1eesdd-dad6-11dsaea-edaxfeqdf", field_name="trace_id", type="string" ), StructFieldInfo( is_analysis=True, content="demodemodemo", field_name="trace_name", type="string" ), StructFieldInfo( is_analysis=True, content="normal", field_name="trace_rating", type="string" ), StructFieldInfo( is_analysis=True, content="ApiCall", field_name="trace_type", type="string" ), StructFieldInfo( is_analysis=True, content="global", field_name="tracker_name", type="string" ), StructFieldInfo( is_analysis=True, content="21185d8818e443e1ryjkh71622f09212b", field_name="user.domain.id", type="string" ), StructFieldInfo( is_analysis=True, content="testdemo", field_name="user.domain.name", type="string" ), StructFieldInfo( is_analysis=True, content="6hfakl86faqw87dsasasadf09ajbml", field_name="user.id", type="string" ), StructFieldInfo( is_analysis=True, content="testdemo/demo", field_name="user.name", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"code":"201","source_ip":"10.10.1.10","trace_type":"ApiCall","event_type":"global","project_id":"221123nsada3sda3231das3111ndsab","trace_id":"1eesdd-dad6-11dsaea-edaxfeqdf","trace_name":"demodemodemo","resource_type":"token","trace_rating":"normal","service_type":"IAM","resource_id":"98763hkjhdteoi03861732hjh7983bhd","tracker_name":"global","time":"1597042369296","resource_name":"demodemodemo/demo","record_time":"1597042370464","user":{"domain":{"name":"testdemo","id":"21185d8818e443e1ryjkh71622f09212b"},"name":"testdemo/demo","id":"6hfakl86faqw87dsasasadf09ajbml"}}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
ELB:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="ELB" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ), TagField( field_name="hostName", type="string", content="ecs-ictest", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=True, content="1594727856.337", field_name="msec", type="float" ), StructFieldInfo( is_analysis=True, content="e7c37d97-e922-457c-bbf3-dsadeqac", field_name="access_log_topic_id", type="string" ), StructFieldInfo( is_analysis=True, content="2020-07-14T19:57:36+08:00", field_name="time_iso8601", type="string" ), StructFieldInfo( is_analysis=True, content="elb_01", field_name="log_ver", type="string" ), StructFieldInfo( is_analysis=True, content="192.0.0.0", field_name="remote_addr", type="string" ), StructFieldInfo( is_analysis=True, content="88888", field_name="remote_port", type="long" ), StructFieldInfo( is_analysis=True, content="200", field_name="status", type="long" ), StructFieldInfo( is_analysis=True, content="GET", field_name="request_method", type="string" ), StructFieldInfo( is_analysis=True, content="http", field_name="scheme", type="string" ), StructFieldInfo( is_analysis=True, content="prod.sss.ads.sg2.aaa", field_name="host", type="string" ), StructFieldInfo( is_analysis=True, content="loc/ation?version=3&ip=100.0.0.0&coordinate=27.7044784,85.3007481&device_id=dsadsadasdsadasd&beyla_id=wqeb123ndadsa233ddada", field_name="router_request_uri", type="string" ), StructFieldInfo( is_analysis=True, content="HTTP/1.1", field_name="server_protocol", type="string" ), StructFieldInfo( is_analysis=True, content="233", field_name="request_length", type="long" ), StructFieldInfo( is_analysis=True, content="293", field_name="bytes_sent", type="long" ), StructFieldInfo( is_analysis=True, content="138", field_name="body_bytes_sent", type="long" ), StructFieldInfo( is_analysis=True, content="0.001", field_name="request_time", type="float" ), StructFieldInfo( is_analysis=True, content="200", field_name="upstream_status", type="long" ), StructFieldInfo( is_analysis=True, content="0.000", field_name="upstream_connect_time", type="float" ), StructFieldInfo( is_analysis=True, content="0.001", field_name="upstream_header_time", type="float" ), StructFieldInfo( is_analysis=True, content="0.001", field_name="upstream_response_time", type="float" ), StructFieldInfo( is_analysis=True, content="100.0.0.0:9999", field_name="upstream_addr", type="string" ), StructFieldInfo( is_analysis=True, content="lua-resty-http/0.14 (Lua) ngx_lua/10000", field_name="http_user_agent", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="http_referer", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="http_x_forwarded_for", type="string" ), StructFieldInfo( is_analysis=True, content="loadbalancer_edsaee-4c9c-b467-5b8126b2f7f7dsa", field_name="lb_name", type="string" ), StructFieldInfo( is_analysis=True, content="listener_6077809b-913f-466d-a96c-376f08882d5d", field_name="listener_name", type="string" ), StructFieldInfo( is_analysis=True, content="08cc2b3f68aa4dddd1e6a90dddd1688348a4480", field_name="listener_id", type="string" ), StructFieldInfo( is_analysis=True, content="pool_b2f2966c-043d-4674-ad4b-c15f2adb2c6b", field_name="pool_name", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="member_name", type="string" ), StructFieldInfo( is_analysis=True, content="2fb78dsadadq1213das1121dab146ad3cb0", field_name="tenant_id", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="eip_address", type="string" ), StructFieldInfo( is_analysis=True, content="80", field_name="eip_port", type="long" ), StructFieldInfo( is_analysis=True, content="101.0.0.0:10000", field_name="upstream_addr_priv", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="certificate_id", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="ssl_protocol", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="ssl_cipher", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="sni_domain_name", type="string" ), StructFieldInfo( is_analysis=True, content="9739", field_name="tcpinfo_rtt", type="long" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="1594727856.337 e7c37d97-e922-457c-bbf3-dsadeqac 2020-07-14T19:57:36+08:00 elb_01 192.0.0.0:88888 200 "GET http://prod.sss.ads.sg2.aaa/loc/ation?version=3&ip=100.0.0.0&coordinate=27.7044784,85.3007481&device_id=dsadsadasdsadasd&beyla_id=wqeb123ndadsa233ddada HTTP/1.1" 233 293 138 0.001 "200" "0.000" "0.001" "0.001" "100.0.0.0:9999" "lua-resty-http/0.14 (Lua) ngx_lua/10000" "-" "-" loadbalancer_edsaee-4c9c-b467-5b8126b2f7f7dsa listener_6077809b-913f-466d-a96c-376f08882d5d 08cc2b3f68aa4dddd1e6a90dddd1688348a4480 pool_b2f2966c-043d-4674-ad4b-c15f2adb2c6b "-" 2fb78dsadadq1213das1121dab146ad3cb0 -:80 "101.0.0.0:10000" - - - - 9739", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
VPC:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="VPC" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ), TagField( field_name="hostName", type="string", content="ecs-ictest", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=True, content="1", field_name="version", type="long" ), StructFieldInfo( is_analysis=True, content="5f67944957444bd6bb4fe3b367de8f3d", field_name="project_id", type="string" ), StructFieldInfo( is_analysis=True, content="1d515d18-1b36-47dc-a983-bd6512aed4bd", field_name="interface_id", type="string" ), StructFieldInfo( is_analysis=True, content="192.168.0.154", field_name="srcaddr", type="string" ), StructFieldInfo( is_analysis=True, content="192.168.3.25", field_name="dstaddr", type="string" ), StructFieldInfo( is_analysis=True, content="38929", field_name="srcport", type="long" ), StructFieldInfo( is_analysis=True, content="53", field_name="dstport", type="long" ), StructFieldInfo( is_analysis=True, content="17", field_name="protocol", type="long" ), StructFieldInfo( is_analysis=True, content="1", field_name="packets", type="long" ), StructFieldInfo( is_analysis=True, content="96", field_name="bytes", type="long" ), StructFieldInfo( is_analysis=True, content="1548752136", field_name="start", type="long" ), StructFieldInfo( is_analysis=True, content="1548752736", field_name="end", type="long" ), StructFieldInfo( is_analysis=True, content="ACCEPT", field_name="action", type="string" ), StructFieldInfo( is_analysis=True, content="OK", field_name="log_status", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="1 5f67944957444bd6bb4fe3b367de8f3d 1d515d18-1b36-47dc-a983-bd6512aed4bd 192.168.0.154 192.168.3.25 38929 53 17 1 96 1548752136 1548752736 ACCEPT OK", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
APIG:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="APIG" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ), TagField( field_name="hostName", type="string", content="ecs-ictest", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=True, content="100.125.7.59", field_name="my_remote_addr", type="string" ), StructFieldInfo( is_analysis=True, content="f57f6523b675504a23887d0f5c1c8ef3", field_name="request_id", type="string" ), StructFieldInfo( is_analysis=True, content="f5ea2360a2fa443cac236b76f4052ad6", field_name="api_id", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="user_name", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="app_id", type="string" ), StructFieldInfo( is_analysis=True, content="27/Jan/2022:15:56:44", field_name="time_local", type="string" ), StructFieldInfo( is_analysis=True, content="0.113", field_name="request_time", type="float" ), StructFieldInfo( is_analysis=True, content="GET", field_name="request_method", type="string" ), StructFieldInfo( is_analysis=True, content="http", field_name="scheme", type="string" ), StructFieldInfo( is_analysis=True, content="c965898968af48248ec7fac4ec0666f4.apic.cn-north-4.huaweicloudapis.com", field_name="host", type="string" ), StructFieldInfo( is_analysis=True, content="/api/echo", field_name="router_uri", type="string" ), StructFieldInfo( is_analysis=True, content="HTTP/1.1", field_name="server_protocol", type="string" ), StructFieldInfo( is_analysis=True, content="200", field_name="status", type="long" ), StructFieldInfo( is_analysis=True, content="1443", field_name="bytes_sent", type="long" ), StructFieldInfo( is_analysis=True, content="408", field_name="request_length", type="long" ), StructFieldInfo( is_analysis=True, content="APIGatewayDebugClient/1.0", field_name="http_user_agent", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="http_x_forwarded_for", type="string" ), StructFieldInfo( is_analysis=True, content="100.125.2.39:443", field_name="upstream_addr", type="string" ), StructFieldInfo( is_analysis=True, content="/v2/x/fgs/functions/urn:fss:cn-north-4:106506b9a92342df9a5025fc12351cfc:function:default:apigDemo_1640743997661:latest/invocations", field_name="upstream_uri", type="string" ), StructFieldInfo( is_analysis=True, content="200", field_name="upstream_status", type="long" ), StructFieldInfo( is_analysis=True, content="0.010", field_name="upstream_connect_time", type="float" ), StructFieldInfo( is_analysis=True, content="0.083", field_name="upstream_header_time", type="float" ), StructFieldInfo( is_analysis=True, content="0.083", field_name="upstream_response_time", type="float" ), StructFieldInfo( is_analysis=True, content="cn-north-4", field_name="region_id", type="string" ), StructFieldInfo( is_analysis=True, content="0.083", field_name="all_upstream_response_time", type="float" ), StructFieldInfo( is_analysis=True, content="0", field_name="errorType", type="long" ), StructFieldInfo( is_analysis=True, content="-", field_name="auth_type", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="access_model1", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="access_model2", type="string" ), StructFieldInfo( is_analysis=True, content="0.03000020980835", field_name="inner_time", type="float" ), StructFieldInfo( is_analysis=True, content="-", field_name="proxy_protocol_vni", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="proxy_protocol_vpce_id", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="proxy_protocol_addr", type="string" ), StructFieldInfo( is_analysis=True, content="486", field_name="body_bytes_sent", type="long" ), StructFieldInfo( is_analysis=True, content="HttpEchoDemo", field_name="api_name", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="app_name", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="provider_app_id", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="provider_app_name", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="custom_data_log1", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="custom_data_log2", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="custom_data_log3", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="custom_data_log4", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="custom_data_log5", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="custom_data_log6", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="custom_data_log7", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="custom_data_log8", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="custom_data_log9", type="string" ), StructFieldInfo( is_analysis=True, content="-", field_name="custom_data_log10", type="string" ), StructFieldInfo( is_analysis=True, content="remote", field_name="response_source", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="100.125.7.59 f57f6523b675504a23887d0f5c1c8ef3 f5ea2360a2fa443cac236b76f4052ad6 - - [27/Jan/2022:15:56:44 +0800] 0.113 GET http://c965898968af48248ec7fac4ec0666f4.apic.cn-north-4.huaweicloudapis.com /api/echo HTTP/1.1 200 1443 408 "APIGatewayDebugClient/1.0" "-" "100.125.2.39:443" /v2/x/fgs/functions/urn:fss:cn-north-4:106506b9a92342df9a5025fc12351cfc:function:default:apigDemo_1640743997661:latest/invocations "200" "0.010" "0.083" "0.083" cn-north-4 0.083 0 - - - 0.03000020980835 - - "-" 486 HttpEchoDemo - - - "-" "-" "-" "-" "-" "-" "-" "-" "-" "-" remote", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建DDS审计日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="DCS_AUDIT" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( content="1640966500017", field_name="time", type="long" ), StructFieldInfo( content="199a1e5a-8a37-40b9-899e-0ab6805c69eb", field_name="instance_id", type="string" ), StructFieldInfo( content="192.168.0.1", field_name="server_addr", type="string" ), StructFieldInfo( content="proxy", field_name="role", type="string" ), StructFieldInfo( content="10.0.0.1", field_name="client_addr", type="string" ), StructFieldInfo( content="0", field_name="client_type", type="string" ), StructFieldInfo( content="default", field_name="user", type="string" ), StructFieldInfo( content="1", field_name="db", type="long" ), StructFieldInfo( content="DEL", field_name="command_name", type="string" ), StructFieldInfo( content="string", field_name="command_type", type="string" ), StructFieldInfo( content="["key1","key2","key3"]", field_name="command_keys", type="string" ), StructFieldInfo( content="DEL key1 key2 key3", field_name="command_param", type="string" ), StructFieldInfo( content="500", field_name="use_time", type="long" ), StructFieldInfo( content="", field_name="extend", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"time": 1640966500017, "instance_id": "199a1e5a-8a37-40b9-899e-0ab6805c69eb", "server_addr": "192.168.0.1", "role": "proxy", "client_addr": "10.0.0.1", "client_type": "0", "user": "default", "db": 1, "command_name": "DEL", "command_type": "string", "command_keys": ["key1", "key2", "key3"], "command_param": "DEL key1 key2 key3", "use_time": 500, "extend": ""}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建NGINX方式的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="NGINX" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( content="192.168.1.101", field_name="remote_addr", type="string" ), StructFieldInfo( content="-", field_name="remote_user", type="string" ), StructFieldInfo( content="27/Aug/2018:14:20:29", field_name="time_local", type="string" ), StructFieldInfo( content="GET", field_name="request_method", type="string" ), StructFieldInfo( content="http", field_name="scheme", type="string" ), StructFieldInfo( content="www.example.com", field_name="host", type="string" ), StructFieldInfo( content="/", field_name="request_uri", type="string" ), StructFieldInfo( content="HTTP/1.0", field_name="server_protocol", type="string" ), StructFieldInfo( content="200", field_name="status", type="long" ), StructFieldInfo( content="8796", field_name="bytes_sent", type="long" ), StructFieldInfo( content="6775", field_name="body_bytes_sent", type="long" ), StructFieldInfo( content="-", field_name="http_referer", type="string" ), StructFieldInfo( content="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36", field_name="http_user_agent", type="string" ), StructFieldInfo( content="-", field_name="http_x_forwarded_for", type="string" ), StructFieldInfo( content="0.185", field_name="request_time", type="float" ), StructFieldInfo( content="0.010", field_name="upstream_response_time", type="float" ), StructFieldInfo( content="12.129.120.121:8090", field_name="upstream_addr", type="string" ), StructFieldInfo( content="200", field_name="upstream_status", type="long" ), StructFieldInfo( content="794", field_name="request_length", type="long" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="192.168.1.101 - [27/Aug/2018:14:20:29 +0800] "GET http://www.example.com / HTTP/1.0" 200 8796 6775 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" "0.185" "0.010" 12.129.120.121:8090 200 794", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建GAUSSDB_OPENGAUSS_AUDIT方式的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="GAUSSDB_OPENGAUSS_AUDIT" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( content="rdsAdmin", field_name="username", type="string" ), StructFieldInfo( content="cm_agent@10.254.95.70", field_name="client_conninfo", type="string" ), StructFieldInfo( content="96e86f462bbc4f2286d7c8274815d0fein14", field_name="instanceId", type="string" ), StructFieldInfo( content="xid=30818, SET statement_timeout = 10000000;n", field_name="detail_info", type="string" ), StructFieldInfo( content="140463114942208@713872403507507", field_name="thread_id", type="string" ), StructFieldInfo( content="ok", field_name="result", type="string" ), StructFieldInfo( content="postgres", field_name="database", type="string" ), StructFieldInfo( content="8001", field_name="local_port", type="string" ), StructFieldInfo( content="10", field_name="userid", type="string" ), StructFieldInfo( content="06c267fad8054a0abcb17cfa3b8f260cno14", field_name="nodeId", type="string" ), StructFieldInfo( content="dn_6001_6002_6003", field_name="node_name", type="string" ), StructFieldInfo( content="statement_timeout", field_name="object_name", type="string" ), StructFieldInfo( content="2022-08-15 17:53:23+08", field_name="time", type="string" ), StructFieldInfo( content="set_parameter", field_name="type", type="string" ), StructFieldInfo( content="50952", field_name="remote_port", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"username":"rdsAdmin","client_conninfo":"cm_agent@10.254.95.70","instanceId":"96e86f462bbc4f2286d7c8274815d0fein14","detail_info":"xid=30818, SET statement_timeout = 10000000;n","thread_id":"140463114942208@713872403507507","result":"ok","database":"postgres","local_port":"8001","userid":"10","nodeId":"06c267fad8054a0abcb17cfa3b8f260cno14","node_name":"dn_6001_6002_6003","object_name":"statement_timeout","time":"2022-08-15 17:53:23+08","type":"set_parameter","remote_port":"50952"}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建TOMCAT方式的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="TOMCAT" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ), TagField( field_name="hostName", type="string", content="ecs-ictest", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( content="192.168.12.2", field_name="remote_ip_address", type="string" ), StructFieldInfo( content="-", field_name="remote_logical_username", type="string" ), StructFieldInfo( content="-", field_name="remote_user_authenticated", type="string" ), StructFieldInfo( content="07/Mar/2018:09:49:55", field_name="time_local", type="string" ), StructFieldInfo( content="GET", field_name="scheme", type="string" ), StructFieldInfo( content="/logHello/test", field_name="router_uri", type="string" ), StructFieldInfo( content="HTTP/1.1", field_name="server_protocol", type="string" ), StructFieldInfo( content="200", field_name="status", type="long" ), StructFieldInfo( content="1943", field_name="bytes_sent", type="long" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="192.168.12.2 - - [07/Mar/2018:09:49:55 +0800] "GET /logHello/test HTTP/1.1" 200 1943", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建DCS审计日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="DDS_AUDIT" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( content="auditLog", field_name="topic", type="string" ), StructFieldInfo( content="9fbf813bc27e4a3ab54bddf783a4f774in01", field_name="instanceid", type="string" ), StructFieldInfo( content="bf4cb0413d0b4221be94b08471708586no01", field_name="nodeid", type="string" ), StructFieldInfo( content="test", field_name="db", type="string" ), StructFieldInfo( content="testCollection", field_name="coll", type="string" ), StructFieldInfo( content="update", field_name="optype", type="string" ), StructFieldInfo( content="2022-08-05T08:24:15.536+0000", field_name="time", type="string" ), StructFieldInfo( content="10.4.23.205", field_name="user_ip", type="string" ), StructFieldInfo( content="47668", field_name="user_port", type="string" ), StructFieldInfo( content="rw_testuser", field_name="user", type="string" ), StructFieldInfo( content="{"command":"update","ns":"test.testCollection","op":[{"q":{"vin":"LDP31B965NG036174"},"u":{"$set":{"timestamp":{"$numberLong":"1659687855535"},"deviceTime":{"$numberLong":"1659687855340"},"longitude":"119.35516805555555","latitude":"26.057936388888891","location":"119.35516805555555,26.057936388888891","height":"10.097286797128618","direction":"12","speed":14,"accuracy":"0","h3Address7":"8741b5300ffffff"}},"upsert":true}],"args":{"update":"testCollection","ordered":true,"$db":"test","$clusterTime":{"clusterTime":{"$timestamp":{"t":1659687855,"i":1685}},"signature":{"hash":{"$binary":"CP5bfEf+gBJZdAxCKtF9HiSeqQY=","$type":"00"},"keyId":{"$numberLong":"7102408879899674942"}}},"lsid":{"id":{"$binary":"PXVVrbuvRuGkypCbu/oXXQ==","$type":"04"}}}}", field_name="param", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"topic":"auditLog","instanceid":"9fbf813bc27e4a3ab54bddf783a4f774in01","nodeid":"bf4cb0413d0b4221be94b08471708586no01","db":"test","coll":"testCollection","optype":"update","time":"2022-08-05T08:24:15.536+0000","user_ip":"10.4.23.205","user_port":"47668","user":"rw_testuser","param":{"command":"update","ns":"test.testCollection","op":[{"q":{"vin":"LDP31B965NG036174"},"u":{"$set":{"timestamp":{"$numberLong":"1659687855535"},"deviceTime":{"$numberLong":"1659687855340"},"longitude":"119.35516805555555","latitude":"26.057936388888891","location":"119.35516805555555,26.057936388888891","height":"10.097286797128618","direction":"12","speed":14,"accuracy":"0","h3Address7":"8741b5300ffffff"}},"upsert":true}],"args":{"update":"testCollection","ordered":true,"$db":"test","$clusterTime":{"clusterTime":{"$timestamp":{"t":1659687855,"i":1685}},"signature":{"hash":{"$binary":"CP5bfEf+gBJZdAxCKtF9HiSeqQY=","$type":"00"},"keyId":{"$numberLong":"7102408879899674942"}}},"lsid":{"id":{"$binary":"PXVVrbuvRuGkypCbu/oXXQ==","$type":"04"}}}}}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建DDS错误日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="MONGODB_ERROR" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=True, content="error_log", field_name="log_type", type="string" ), StructFieldInfo( is_analysis=True, content="Error", field_name="severity", type="string" ), StructFieldInfo( is_analysis=True, content="2022-08-22T09:33:15.142+0000", field_name="log_time", type="string" ), StructFieldInfo( is_analysis=True, content="E QUERY [ClusterDisasterBackupChangeJob] Get global setting disasterBackup failed.", field_name="raw_message", type="string" ), StructFieldInfo( is_analysis=True, content="5b67dc63ba824145aae1f12ff51e58b8in02", field_name="instance_id", type="string" ), StructFieldInfo( is_analysis=True, content="686a791e690e4db3af591ec4b6f72916no02", field_name="node_id", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"log_type":"error_log","severity":"Error","log_time":"2022-08-22T09:33:15.142+0000","raw_message":"E QUERY [ClusterDisasterBackupChangeJob] Get global setting disasterBackup failed.","instance_id": "5b67dc63ba824145aae1f12ff51e58b8in02","node_id": "686a791e690e4db3af591ec4b6f72916no02"}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建DDS慢日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="MONGODB_SLOW" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=True, content="slow_log", field_name="log_type", type="string" ), StructFieldInfo( is_analysis=True, content="2022-08-20T10:04:03.204000Z", field_name="log_time", type="string" ), StructFieldInfo( is_analysis=True, content="data0820.table", field_name="namespace", type="string" ), StructFieldInfo( is_analysis=True, content="data0820", field_name="database", type="string" ), StructFieldInfo( is_analysis=True, content="table", field_name="collection", type="string" ), StructFieldInfo( is_analysis=True, content="insert", field_name="operate_type", type="string" ), StructFieldInfo( is_analysis=True, content="0", field_name="docs_scanned", type="long" ), StructFieldInfo( is_analysis=True, content="0", field_name="docs_returned", type="long" ), StructFieldInfo( is_analysis=True, content="0", field_name="n_deleted", type="long" ), StructFieldInfo( is_analysis=True, content="0", field_name="n_matched", type="long" ), StructFieldInfo( is_analysis=True, content="0", field_name="n_modified", type="long" ), StructFieldInfo( is_analysis=True, content="10", field_name="n_inserted", type="long" ), StructFieldInfo( is_analysis=True, content="555", field_name="cost_time", type="long" ), StructFieldInfo( is_analysis=True, content="0", field_name="lock_time", type="long" ), StructFieldInfo( is_analysis=True, content="{"op": "insert", "ns": "data0820.usrtable", "command": "{N}", "ninserted": 1, "keysInserted": 1, "numYield": 0, "locks": {"Global": {"acquireCount": {"r": 5, "w": 5}}, "Database": {"acquireCount": {"w": 4, "W": 1}}, "Collection": {"acquireCount": {"w": 2}}, "oplog": {"acquireCount": {"w": 2}}}, "responseLength": 230, "protocol": "op_msg", "millis": 555, "ts": {"$date": 1660989843204}, "client": "192.168.0.64", "appName": "MongoDB Shell", "allUsers": [{"user": "rwuser", "db": "admin"}], "user": "rwuser@admin"}", field_name="whole_message", type="string" ), StructFieldInfo( is_analysis=True, content="5b67dc63ba824145aae1f12ff51e58b8in02", field_name="instance_id", type="string" ), StructFieldInfo( is_analysis=True, content="686a791e690e4db3af591ec4b6f72916no02", field_name="node_id", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"log_type":"slow_log","log_time":"2022-08-20T10:04:03.204000Z","namespace":"data0820.table","database":"data0820","collection":"table","operate_type":"insert","docs_scanned":0,"docs_returned":0,"n_deleted":0,"n_matched":0,"n_modified":0,"n_inserted":10,"cost_time":555,"lock_time":0,"whole_message":"{"op": "insert", "ns": "data0820.usrtable", "command": "{N}", "ninserted": 1, "keysInserted": 1, "numYield": 0, "locks": {"Global": {"acquireCount": {"r": 5, "w": 5}}, "Database": {"acquireCount": {"w": 4, "W": 1}}, "Collection": {"acquireCount": {"w": 2}}, "oplog": {"acquireCount": {"w": 2}}}, "responseLength": 230, "protocol": "op_msg", "millis": 555, "ts": {"$date": 1660989843204}, "client": "192.168.0.64", "appName": "MongoDBShell", "allUsers": [{"user": "rwuser", "db": "admin"}], "user": "rwuser@admin"}","instance_id": "5b67dc63ba824145aae1f12ff51e58b8in02","node_id":"686a791e690e4db3af591ec4b6f72916no02"}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建CFW访问控制日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="CFW_ACCESS" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=True, content="PING", field_name="app", type="string" ), StructFieldInfo( is_analysis=True, content="in2out", field_name="direction", type="string" ), StructFieldInfo( is_analysis=True, content="3002", field_name="source-zone", type="string" ), StructFieldInfo( is_analysis=True, content="56827792-173e-435a-b22b-229f21d78244", field_name="rule_id", type="string" ), StructFieldInfo( is_analysis=True, content="ICMP: ECHO_REQUEST", field_name="protocol", type="string" ), StructFieldInfo( is_analysis=True, content="100.85.222.23", field_name="dst_ip", type="string" ), StructFieldInfo( is_analysis=True, content="100.85.112.49", field_name="src_ip", type="string" ), StructFieldInfo( is_analysis=True, content="eip", field_name="log_type", type="string" ), StructFieldInfo( is_analysis=True, content="1655882537006", field_name="hit_time", type="long" ), StructFieldInfo( is_analysis=True, content="44243649", field_name="log-id", type="string" ), StructFieldInfo( is_analysis=True, content="45243", field_name="dst_port", type="string" ), StructFieldInfo( is_analysis=True, content="3001", field_name="destination-zone", type="string" ), StructFieldInfo( is_analysis=True, content="2022.06.22", field_name="index_day", type="string" ), StructFieldInfo( is_analysis=True, content="6781", field_name="log_id", type="long" ), StructFieldInfo( is_analysis=True, content="17589", field_name="src_port", type="string" ), StructFieldInfo( is_analysis=True, content="58ead9e7-418d-4166-8df8-f24941d4205c", field_name="fw_instance_id", type="string" ), StructFieldInfo( is_analysis=True, content="permit", field_name="action", type="string" ), StructFieldInfo( is_analysis=True, content="1", field_name="vsys", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"app":"PING","direction":"in2out","source-zone":"3002","rule_id":"56827792-173e-435a-b22b-229f21d78244","protocol":"ICMP: ECHO_REQUEST","dst_ip":"100.85.222.23","src_ip":"100.85.112.49","log_type":"eip","hit_time":1655882537006,"log-id":"44243649","dst_port":"45243","destination-zone":"3001","index_day":"2022.06.22","log_id":6781,"src_port":"17589","fw_instance_id":"58ead9e7-418d-4166-8df8-f24941d4205c","action":"permit","vsys":"1"}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建CFW攻击日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="CFW_ATTACK" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=True, content="0", field_name="source", type="string" ), StructFieldInfo( is_analysis=True, content="HTTP", field_name="app", type="string" ), StructFieldInfo( is_analysis=True, content="out2in", field_name="direction", type="string" ), StructFieldInfo( is_analysis=True, content="100.85.222.23", field_name="dst_ip", type="string" ), StructFieldInfo( is_analysis=True, content="10.108.170.229", field_name="src_ip", type="string" ), StructFieldInfo( is_analysis=True, content="1655974411462", field_name="event_time", type="long" ), StructFieldInfo( is_analysis=True, content="eip", field_name="log_type", type="string" ), StructFieldInfo( is_analysis=True, content="80", field_name="dst_port", type="string" ), StructFieldInfo( is_analysis=True, content="330409", field_name="attack_rule_id", type="string" ), StructFieldInfo( is_analysis=True, content="2022.06.23", field_name="index_day", type="string" ), StructFieldInfo( is_analysis=True, content="462688", field_name="log_id", type="long" ), StructFieldInfo( is_analysis=True, content="51002", field_name="src_port", type="string" ), StructFieldInfo( is_analysis=True, content="TCP", field_name="protocol", type="string" ), StructFieldInfo( is_analysis=True, field_name="packet", type="string" ), StructFieldInfo( is_analysis=True, content="HIGH", field_name="level", type="string" ), StructFieldInfo( is_analysis=True, content="Vulnerability Exploit Attack", field_name="attack_type", type="string" ), StructFieldInfo( is_analysis=True, content="58ead9e7-418d-4166-8df8-f24941d4205c", field_name="fw_instance_id", type="string" ), StructFieldInfo( is_analysis=True, content="permit", field_name="action", type="string" ), StructFieldInfo( is_analysis=True, content="1", field_name="vsys", type="string" ), StructFieldInfo( is_analysis=True, content="VMware Spring Cloud Directory Traversal Vulnerability (CVE-2020-5410)", field_name="attack_rule", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"source":"0","app":"HTTP","direction":"out2in","dst_ip":"100.85.222.23","src_ip":"10.108.170.229","event_time":1655974411462,"log_type":"eip","dst_port":"80","attack_rule_id":"330409","index_day":"2022.06.23","log_id":462688,"src_port":"51002","protocol":"TCP","packet":"+hZUZMhT+hY/AaHMCABFAADnicBAAHgGgJIKbKrlZFXeF8c6AFAYCIpDV562+VAYBAILMwAAR0VUIC9qb2JtYW5hZ2VyL2xvZ3MvLi4lMjUyZi4uJTI1MmYuLiUyNTJmLi4lMjUyZi4uJTI1MmYuLiUyNTJmLi4lMjUyZi4uJTI1MmYuLiUyNTJmLi4lMjUyZi4uJTI1MmYuLiUyNTJmZXRjJTI1MmZwYXNzd2QgSFRUUC8xLjENCkhvc3Q6IDEwMC44NS4yMjIuMjMNClVzZXItQWdlbnQ6IGN1cmwvNy42NS4wDQpBY2NlcHQ6ICovKg0KDQo=","level":"HIGH","attack_type":"Vulnerability Exploit Attack","fw_instance_id":"58ead9e7-418d-4166-8df8-f24941d4205c","action":"permit","vsys":"1","attack_rule":"VMware Spring Cloud Directory Traversal Vulnerability (CVE-2020-5410)"}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建CFW流量日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="CFW_FLOW" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=True, content="80", field_name="dst_port", type="string" ), StructFieldInfo( is_analysis=True, content="HTTP", field_name="app", type="string" ), StructFieldInfo( is_analysis=True, content="0.1", field_name="to_c_pkts", type="float" ), StructFieldInfo( is_analysis=True, content="100.85.222.23", field_name="dst_ip", type="string" ), StructFieldInfo( is_analysis=True, content="0.1", field_name="to_c_bytes", type="float" ), StructFieldInfo( is_analysis=True, content="1655436321000", field_name="end_time", type="long" ), StructFieldInfo( is_analysis=True, content="10.108.170.229", field_name="src_ip", type="string" ), StructFieldInfo( is_analysis=True, content="2022.06.17", field_name="index_day", type="string" ), StructFieldInfo( is_analysis=True, content="1232.1", field_name="bytes", type="float" ), StructFieldInfo( is_analysis=True, content="4424364f", field_name="log-id", type="string" ), StructFieldInfo( is_analysis=True, content="1", field_name="vsys", type="string" ), StructFieldInfo( is_analysis=True, content="67", field_name="suffix", type="string" ), StructFieldInfo( is_analysis=True, content="10.1", field_name="packets", type="float" ), StructFieldInfo( is_analysis=True, content="out2in", field_name="direction", type="string" ), StructFieldInfo( is_analysis=True, content="TCP", field_name="protocol", type="string" ), StructFieldInfo( is_analysis=True, content="1232.1", field_name="to_s_bytes", type="float" ), StructFieldInfo( is_analysis=True, content="10.1", field_name="to_s_pkts", type="float" ), StructFieldInfo( is_analysis=True, content="63934", field_name="src_port", type="string" ), StructFieldInfo( is_analysis=True, content="1655436299000", field_name="start_time", type="long" ), StructFieldInfo( is_analysis=True, content="efbeb90c-1108-42ce-b099-f7e035a10b67", field_name="fw_instance_id", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"dst_port":"80","app":"HTTP","to_c_pkts":0.1,"dst_ip":"100.85.222.23","to_c_bytes":0.1,"end_time":1655436321000,"src_ip":"10.108.170.229","index_day":"2022.06.17","bytes":1232.1,"log-id":"4424364f","vsys":"1","suffix":"67","packets":10.1,"direction":"out2in","protocol":"TCP","to_s_bytes":1232.1,"to_s_pkts":10.1,"src_port":"63934","start_time":1655436299000,"fw_instance_id":"efbeb90c-1108-42ce-b099-f7e035a10b67"}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建MYSQL错误日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="MYSQL_ERROR" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=True, content="error_log", field_name="log_type", type="string" ), StructFieldInfo( is_analysis=True, content="WARNING", field_name="severity", type="string" ), StructFieldInfo( is_analysis=True, content="2022-08-22T06:52:08Z", field_name="log_time", type="string" ), StructFieldInfo( is_analysis=True, content="Occur error when reading bytes from a network handler. Client actively closes the connection.", field_name="raw_message", type="string" ), StructFieldInfo( is_analysis=True, content="5d6c61bbd49b4ad3a1572461811e3dacno01", field_name="node_id", type="string" ), StructFieldInfo( is_analysis=True, content="207032924c644f429b74f6fc5d8c97f9in01", field_name="instance_id", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"log_type":"error_log","severity":"WARNING","log_time":"2022-08-22T06:52:08Z","raw_message":"Occur error when reading bytes from a network handler. Client actively closes the connection.","node_id":"5d6c61bbd49b4ad3a1572461811e3dacno01","instance_id":"207032924c644f429b74f6fc5d8c97f9in01"}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建MYSQL慢日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="MYSQL_SLOW" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=True, content="2022-07-27T02:49:19.000", field_name="start_time", type="string" ), StructFieldInfo( is_analysis=True, content="commerce", field_name="user", type="string" ), StructFieldInfo( is_analysis=True, content="100.*.*.222", field_name="host", type="string" ), StructFieldInfo( is_analysis=True, content="1.461583", field_name="query_time", type="string" ), StructFieldInfo( is_analysis=True, content="0.000050", field_name="lock_time", type="string" ), StructFieldInfo( is_analysis=True, content="500", field_name="rows_sent", type="string" ), StructFieldInfo( is_analysis=True, content="581000", field_name="rows_examined", type="string" ), StructFieldInfo( is_analysis=True, content="SELECT DN_N.record_id `a.id`,DN_N.name `a.name`,DN_N.valueN `a.ExternalCode`,DN_N.valueN `a.DeviceName`,DN_N.valueN `a.DeviceDef`,DN_N.created_date `a.createdDate`,DN_N.last_modified_date `a.lastModifiedDate`,DN_N.valueN `a.DeviceProduct`,DN_N.valueN `a.Channel`,DN_N.valueN `a.Status`,CN_N.valueN `a.Remark`,DN_N.valueN `a.NodeId`,DN_N.valueN `a.ConnectStatus`,CAST(DN_N.valueN AS CHAR(N)) `a.GatewayId`,CAST(DN_N.valueN AS CHAR(N)) `a.HMI`,DN_N.valueN `a.SerialNo`,CAST(DN_N.valueN AS DECIMAL(N,N)) `a.TelemetryPeriod`,DN_N.valueN `a.ConnectStatusChgTime`,DN_N.valueN `a.DeviceNumber`,CAST(DN_N.valueN AS CHAR(N)) `a.ControllerType`,CAST(DN_N.valueN AS CHAR(N)) `a.ProjectId`,DN_N.valueN `a.RegisterStatus`,DN_N.created_date ORD_FN FROM dataN DN_N,clobs CN_N WHERE (DN_N.tenant_id= N AND DN_N.obj_id= N AND DN_N.tenant_id= CN_N.tenant_id AND DN_N.obj_id= CN_N.obj_id AND DN_N.record_id= CN_N.record_id) AND ((DN_N.valueN = N)) ORDER BY DN_N.created_date DESC limit N,N;", field_name="command_text", type="string" ), StructFieldInfo( is_analysis=True, content="saas_perf", field_name="database", type="string" ), StructFieldInfo( is_analysis=True, content="slow_log", field_name="log_type", type="string" ), StructFieldInfo( is_analysis=True, content="1658890159", field_name="log_time", type="string" ), StructFieldInfo( is_analysis=True, content="SELECT", field_name="operate_type", type="string" ), StructFieldInfo( is_analysis=True, content="5d6c61bbd49b4ad3a1572461811e3dacno01", field_name="node_id", type="string" ), StructFieldInfo( is_analysis=True, content="207032924c644f429b74f6fc5d8c97f9in01", field_name="instance_id", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"start_time":"2022-07-27T02:49:19.000","user":"commerce","host":"100.*.*.222","query_time":"1.461583","lock_time":"0.000050","rows_sent":"500","rows_examined":"581000","command_text":"SELECT DN_N.record_id `a.id`,DN_N.name `a.name`,DN_N.valueN `a.ExternalCode`,DN_N.valueN `a.DeviceName`,DN_N.valueN `a.DeviceDef`,DN_N.created_date `a.createdDate`,DN_N.last_modified_date `a.lastModifiedDate`,DN_N.valueN `a.DeviceProduct`,DN_N.valueN `a.Channel`,DN_N.valueN `a.Status`,CN_N.valueN `a.Remark`,DN_N.valueN `a.NodeId`,DN_N.valueN `a.ConnectStatus`,CAST(DN_N.valueN AS CHAR(N)) `a.GatewayId`,CAST(DN_N.valueN AS CHAR(N)) `a.HMI`,DN_N.valueN `a.SerialNo`,CAST(DN_N.valueN AS DECIMAL(N,N)) `a.TelemetryPeriod`,DN_N.valueN `a.ConnectStatusChgTime`,DN_N.valueN `a.DeviceNumber`,CAST(DN_N.valueN AS CHAR(N)) `a.ControllerType`,CAST(DN_N.valueN AS CHAR(N)) `a.ProjectId`,DN_N.valueN `a.RegisterStatus`,DN_N.created_date ORD_FN FROM dataN DN_N,clobs CN_N WHERE (DN_N.tenant_id= N AND DN_N.obj_id= N AND DN_N.tenant_id= CN_N.tenant_id AND DN_N.obj_id= CN_N.obj_id AND DN_N.record_id= CN_N.record_id) AND ((DN_N.valueN = N)) ORDER BY DN_N.created_date DESC limit N,N;","database":"saas_perf","log_type":"slow_log","log_time":"1658890159","operate_type":"SELECT","node_id":"5d6c61bbd49b4ad3a1572461811e3dacno01","instance_id":"207032924c644f429b74f6fc5d8c97f9in01"}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建POSTGRESQL慢日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="POSTGRESQL_SLOW" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=True, content="slow_log", field_name="log_type", type="string" ), StructFieldInfo( is_analysis=True, content="328.662", field_name="execute_time", type="float" ), StructFieldInfo( is_analysis=True, content="authoring", field_name="user", type="string" ), StructFieldInfo( is_analysis=True, content="2022-07-24T10:06:41.000", field_name="log_time", type="string" ), StructFieldInfo( is_analysis=True, content="authoring-test", field_name="database", type="string" ), StructFieldInfo( is_analysis=True, content="SELECT * FROM ( SELECT n.user_id,n.id AS resource_id,e.create_at AS begin_time,e.create_at AS end_time ,N AS resource_spec_code,COALESCE(cast(e.flavor as varchar), cast(s.volume_size as varchar)) AS billing_unit,c.az_id,-N AS accumulate_factor_value,CONCAT(N, s.id, N) AS bss_params,n.project_id, n.domain_id, e.status , N AS resource_type , w.workspace_id,w.enterprise_project_id FROM t_resource_status_event e INNER JOIN t_notebook_evs_storage s on s.id=e.resource_id LEFT JOIN t_notebook_instance n on s.id=n.storage_id LEFT JOIN t_logic_cluster l on n.resource_cluster_id=l.id LEFT JOIN t_cce_cluster c on c.id=l.cce_id LEFT JOIN t_workspace w on w.workspace_id=n.workspace_id WHERE e.category = N AND s.resource_ownership=N AND e.create_at BETWEEN $N AND $N UNION ALL SELECT n.user_id,n.id AS resource_id,$N AS begin_time,$N AS end_time ,N AS resource_spec_code,COALESCE(cast(e.flavor as varchar), cast(s.volume_size as varchar)) AS billing_unit,c.az_id,-N AS accumulate_factor_value,CONCAT(N, s.id, N) AS bss_params,n.project_id, n.domain_id, e.status , N AS resource_type , w.workspace_id,w.enterprise_project_id FROM t_resource_status_event e INNER JOIN t_notebook_evs_storage s on s.id=e.resource_id LEFT JOIN t_notebook_instance n on s.id=n.storage_id LEFT JOIN t_logic_cluster l on n.resource_cluster_id=l.id LEFT JOIN t_cce_cluster c on c.id=l.cce_id LEFT JOIN t_workspace w on w.workspace_id=n.workspace_id INNER JOIN (SELECT resource_id,max(create_at) as create_at FROM t_resource_status_event WHERE create_at < $N AND category = N GROUP BY resource_id) x ON e.resource_id=x.resource_id AND e.create_at=x.create_at WHERE e.create_at < $N AND e.category = N AND e.status = N AND s.resource_ownership=N) m ORDER BY resource_id,begin_time ASC", field_name="statement", type="string" ), StructFieldInfo( is_analysis=True, content="10.*.*.206", field_name="host", type="string" ), StructFieldInfo( is_analysis=True, content="1658657201", field_name="log_timestamp", type="string" ), StructFieldInfo( is_analysis=True, content="SELECT", field_name="operate_type", type="string" ), StructFieldInfo( is_analysis=True, content="d285609201534696bdcd648519fe2b8dno02", field_name="node_id", type="string" ), StructFieldInfo( is_analysis=True, content="5b67dc63ba824145aae1f12ff51e58b8in02", field_name="instance_id", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"log_type":"slow_log","execute_time":328.662,"user":"authoring","log_time":"2022-07-24T10:06:41.000","database":"authoring-test","statement":"SELECT * FROM ( SELECT n.user_id,n.id AS resource_id,e.create_at AS begin_time,e.create_at AS end_time ,N AS resource_spec_code,COALESCE(cast(e.flavor as varchar), cast(s.volume_size as varchar)) AS billing_unit,c.az_id,-N AS accumulate_factor_value,CONCAT(N, s.id, N) AS bss_params,n.project_id, n.domain_id, e.status , N AS resource_type , w.workspace_id,w.enterprise_project_id FROM t_resource_status_event e INNER JOIN t_notebook_evs_storage s on s.id=e.resource_id LEFT JOIN t_notebook_instance n on s.id=n.storage_id LEFT JOIN t_logic_cluster l on n.resource_cluster_id=l.id LEFT JOIN t_cce_cluster c on c.id=l.cce_id LEFT JOIN t_workspace w on w.workspace_id=n.workspace_id WHERE e.category = N AND s.resource_ownership=N AND e.create_at BETWEEN $N AND $N UNION ALL SELECT n.user_id,n.id AS resource_id,$N AS begin_time,$N AS end_time ,N AS resource_spec_code,COALESCE(cast(e.flavor as varchar), cast(s.volume_size as varchar)) AS billing_unit,c.az_id,-N AS accumulate_factor_value,CONCAT(N, s.id, N) AS bss_params,n.project_id, n.domain_id, e.status , N AS resource_type , w.workspace_id,w.enterprise_project_id FROM t_resource_status_event e INNER JOIN t_notebook_evs_storage s on s.id=e.resource_id LEFT JOIN t_notebook_instance n on s.id=n.storage_id LEFT JOIN t_logic_cluster l on n.resource_cluster_id=l.id LEFT JOIN t_cce_cluster c on c.id=l.cce_id LEFT JOIN t_workspace w on w.workspace_id=n.workspace_id INNER JOIN (SELECT resource_id,max(create_at) as create_at FROM t_resource_status_event WHERE create_at < $N AND category = N GROUP BY resource_id) x ON e.resource_id=x.resource_id AND e.create_at=x.create_at WHERE e.create_at < $N AND e.category = N AND e.status = N AND s.resource_ownership=N) m ORDER BY resource_id,begin_time ASC","host":"10.*.*.206","log_timestamp":"1658657201","operate_type":"SELECT","node_id":"d285609201534696bdcd648519fe2b8dno02","instance_id":"5b67dc63ba824145aae1f12ff51e58b8in02"}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建POSTGRESQL错误日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="POSTGRESQL_ERROR" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=True, content="error_log", field_name="log_type", type="string" ), StructFieldInfo( is_analysis=True, content="WARNING", field_name="severity", type="string" ), StructFieldInfo( is_analysis=True, content="2022-08-22T06:52:08Z", field_name="log_time", type="string" ), StructFieldInfo( is_analysis=True, content="Occur error when reading bytes from a network handler. Client actively closes the connection.", field_name="raw_message", type="string" ), StructFieldInfo( is_analysis=True, content="d285609201534696bdcd648519fe2b8dno02", field_name="node_id", type="string" ), StructFieldInfo( is_analysis=True, content="5b67dc63ba824145aae1f12ff51e58b8in02", field_name="instance_id", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"log_type":"error_log","severity":"WARNING","log_time":"2022-08-22T06:52:08Z","raw_message":"Occur error when reading bytes from a network handler. Client actively closes the connection.","node_id":"d285609201534696bdcd648519fe2b8dno02","instance_id":"5b67dc63ba824145aae1f12ff51e58b8in02"}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建SQLSERVER错误日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="SQLSERVER_ERROR" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=True, content="error_log", field_name="log_type", type="string" ), StructFieldInfo( is_analysis=True, content="WARNING", field_name="severity", type="string" ), StructFieldInfo( is_analysis=True, content="2022-08-22T06:52:08Z", field_name="log_time", type="string" ), StructFieldInfo( is_analysis=True, content="Occur error when reading bytes from a network handler. Client actively closes the connection.", field_name="raw_message", type="string" ), StructFieldInfo( is_analysis=True, content="7346b0db609b463e976054928af50e85no01", field_name="node_id", type="string" ), StructFieldInfo( is_analysis=True, content="9c589b9d7a4d45dbaf7deb9f8520611cin01", field_name="instance_id", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"log_type":"error_log","severity":"WARNING","log_time":"2022-08-22T06:52:08Z","raw_message":"Occur error when reading bytes from a network handler. Client actively closes the connection.","node_id":"7346b0db609b463e976054928af50e85no01","instance_id":"9c589b9d7a4d45dbaf7deb9f8520611cin01"}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建GAUSSDB_REDIS慢日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="GAUSSDB_REDIS_SLOW" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=True, content="32eaaf6c5a0142e3a6d80740cd5b3803in12", field_name="instance_id", type="string" ), StructFieldInfo( is_analysis=True, content="597a15b9f2ef4436811c5edcc67c013cno12", field_name="node_id", type="string" ), StructFieldInfo( is_analysis=True, content="0", field_name="database", type="string" ), StructFieldInfo( is_analysis=True, content="slow_log", field_name="log_type", type="string" ), StructFieldInfo( is_analysis=True, content="sismember", field_name="operate_type", type="string" ), StructFieldInfo( is_analysis=True, content="2022-10-12T07:42:21.253484Z", field_name="log_time", type="string" ), StructFieldInfo( is_analysis=True, content="1277.47", field_name="cost_time", type="float" ), StructFieldInfo( is_analysis=True, content="{"command_param":"dc:set:new:follow:uids:monthly:259008728:202210","database":"0"}", field_name="whole_message", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"instance_id":"32eaaf6c5a0142e3a6d80740cd5b3803in12","node_id":"597a15b9f2ef4436811c5edcc67c013cno12","database":"0","log_type":"slow_log","operate_type":"sismember","log_time":"2022-10-12T07:42:21.253484Z","cost_time":1277.47,"whole_message":"{"command_param":"dc:set:new:follow:uids:monthly:259008728:202210","database":0}"}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建GAUSSDB_MYSQL慢日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="GAUSSDB_MYSQL_SLOW" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ), TagField( field_name="hostName", type="string", content="ecs-ictest", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=False, content="2022-07-27T02:49:19.000", field_name="start_time", type="string" ), StructFieldInfo( is_analysis=False, content="commerce", field_name="user", type="string" ), StructFieldInfo( is_analysis=True, content="100.*.*.222", field_name="host", type="string" ), StructFieldInfo( is_analysis=False, content="1.461583", field_name="query_time", type="string" ), StructFieldInfo( is_analysis=False, content="0.000050", field_name="lock_time", type="string" ), StructFieldInfo( is_analysis=True, content="500", field_name="rows_sent", type="string" ), StructFieldInfo( is_analysis=False, content="581000", field_name="rows_examined", type="string" ), StructFieldInfo( is_analysis=False, content="SELECT DN_N.record_id `a.id`,DN_N.name `a.name`,DN_N.valueN `a.ExternalCode`,DN_N.valueN `a.DeviceName`,DN_N.valueN `a.DeviceDef`,DN_N.created_date `a.createdDate`,DN_N.last_modified_date `a.lastModifiedDate`,DN_N.valueN `a.DeviceProduct`,DN_N.valueN `a.Channel`,DN_N.valueN `a.Status`,CN_N.valueN `a.Remark`,DN_N.valueN `a.NodeId`,DN_N.valueN `a.ConnectStatus`,CAST(DN_N.valueN AS CHAR(N)) `a.GatewayId`,CAST(DN_N.valueN AS CHAR(N)) `a.HMI`,DN_N.valueN `a.SerialNo`,CAST(DN_N.valueN AS DECIMAL(N,N)) `a.TelemetryPeriod`,DN_N.valueN `a.ConnectStatusChgTime`,DN_N.valueN `a.DeviceNumber`,CAST(DN_N.valueN AS CHAR(N)) `a.ControllerType`,CAST(DN_N.valueN AS CHAR(N)) `a.ProjectId`,DN_N.valueN `a.RegisterStatus`,DN_N.created_date ORD_FN FROM dataN DN_N,clobs CN_N WHERE (DN_N.tenant_id= N AND DN_N.obj_id= N AND DN_N.tenant_id= CN_N.tenant_id AND DN_N.obj_id= CN_N.obj_id AND DN_N.record_id= CN_N.record_id) AND ((DN_N.valueN = N)) ORDER BY DN_N.created_date DESC limit N,N;", field_name="command_text", type="string" ), StructFieldInfo( is_analysis=True, content="saas_perf", field_name="database", type="string" ), StructFieldInfo( is_analysis=False, content="slow_log", field_name="log_type", type="string" ), StructFieldInfo( is_analysis=False, content="1658890159", field_name="log_time", type="string" ), StructFieldInfo( is_analysis=False, content="SELECT", field_name="operate_type", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"start_time":"2022-07-27T02:49:19.000","user":"commerce","host":"100.*.*.222","query_time":"1.461583","lock_time":"0.000050","rows_sent":"500","rows_examined":"581000","command_text":"SELECT DN_N.record_id `a.id`,DN_N.name `a.name`,DN_N.valueN `a.ExternalCode`,DN_N.valueN `a.DeviceName`,DN_N.valueN `a.DeviceDef`,DN_N.created_date `a.createdDate`,DN_N.last_modified_date `a.lastModifiedDate`,DN_N.valueN `a.DeviceProduct`,DN_N.valueN `a.Channel`,DN_N.valueN `a.Status`,CN_N.valueN `a.Remark`,DN_N.valueN `a.NodeId`,DN_N.valueN `a.ConnectStatus`,CAST(DN_N.valueN AS CHAR(N)) `a.GatewayId`,CAST(DN_N.valueN AS CHAR(N)) `a.HMI`,DN_N.valueN `a.SerialNo`,CAST(DN_N.valueN AS DECIMAL(N,N)) `a.TelemetryPeriod`,DN_N.valueN `a.ConnectStatusChgTime`,DN_N.valueN `a.DeviceNumber`,CAST(DN_N.valueN AS CHAR(N)) `a.ControllerType`,CAST(DN_N.valueN AS CHAR(N)) `a.ProjectId`,DN_N.valueN `a.RegisterStatus`,DN_N.created_date ORD_FN FROM dataN DN_N,clobs CN_N WHERE (DN_N.tenant_id= N AND DN_N.obj_id= N AND DN_N.tenant_id= CN_N.tenant_id AND DN_N.obj_id= CN_N.obj_id AND DN_N.record_id= CN_N.record_id) AND ((DN_N.valueN = N)) ORDER BY DN_N.created_date DESC limit N,N;","database":"saas_perf","log_type":"slow_log","log_time":"1658890159","operate_type":"SELECT"}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建GAUSSDB_MYSQL错误日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="GAUSSDB_MYSQL_ERROR" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=False, content="error_log", field_name="log_type", type="string" ), StructFieldInfo( is_analysis=False, content="WARNING", field_name="severity", type="string" ), StructFieldInfo( is_analysis=False, content="2022-08-22T06:52:08Z", field_name="log_time", type="string" ), StructFieldInfo( is_analysis=False, content="Occur error when reading bytes from a network handler. Client actively closes the connection.", field_name="raw_message", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"log_type":"error_log","severity":"WARNING","log_time":"2022-08-22T06:52:08Z","raw_message":"Occur error when reading bytes from a network handler. Client actively closes the connection."}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建CDN结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="CDN" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=False, content="1666604392000", field_name="request_time", type="string" ), StructFieldInfo( is_analysis=False, content="findercdn.video.qq.com", field_name="domain", type="string" ), StructFieldInfo( is_analysis=False, content="GET", field_name="method", type="string" ), StructFieldInfo( is_analysis=False, content="http", field_name="scheme", type="string" ), StructFieldInfo( is_analysis=False, content="/BcimRg.txt", field_name="uri", type="string" ), StructFieldInfo( is_analysis=False, content="cdnkey=*****&cdntoken=*****&tokenidx=1", field_name="uri_param", type="string" ), StructFieldInfo( is_analysis=False, content="192.168.233.142", field_name="client_ip", type="string" ), StructFieldInfo( is_analysis=False, content="51517", field_name="client_port", type="string" ), StructFieldInfo( is_analysis=False, content="-", field_name="refer_protocol", type="string" ), StructFieldInfo( is_analysis=False, content="-", field_name="refer_domain", type="string" ), StructFieldInfo( is_analysis=False, content="-", field_name="refer_uri", type="string" ), StructFieldInfo( is_analysis=False, content="-", field_name="refer_param", type="string" ), StructFieldInfo( is_analysis=False, content="301", field_name="request_size", type="string" ), StructFieldInfo( is_analysis=False, content="14", field_name="response_time", type="string" ), StructFieldInfo( is_analysis=False, content="588", field_name="response_size", type="string" ), StructFieldInfo( is_analysis=False, content="403", field_name="http_code", type="string" ), StructFieldInfo( is_analysis=False, content="-", field_name="response_range", type="string" ), StructFieldInfo( is_analysis=False, content="-", field_name="request_range", type="string" ), StructFieldInfo( is_analysis=False, content="150", field_name="request_body_bytes", type="string" ), StructFieldInfo( is_analysis=False, content="text/html", field_name="content_type", type="string" ), StructFieldInfo( is_analysis=False, content="HIT", field_name="hit_info", type="string" ), StructFieldInfo( is_analysis=False, content="python-requests/2.21.0", field_name="user_agent", type="string" ), StructFieldInfo( is_analysis=False, content="ce6327e015c1e16f581818b838a6cb0c", field_name="uuid", type="string" ), StructFieldInfo( is_analysis=False, content="edge-cache01[14]", field_name="via_info", type="string" ), StructFieldInfo( is_analysis=False, content="-", field_name="xforwordfor", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"request_time":"1666604392000","domain":"findercdn.video.qq.com","method":"GET","scheme":"http","uri":"/BcimRg.txt","uri_param":"cdnkey=******&cdntoken=******&tokenidx=1","client_ip":"192.168.233.142","client_port":"51517","refer_protocol":"-","refer_domain":"-","refer_uri":"-","refer_param":"-","request_size":"301","response_time":"14","response_size":"588","http_code":"403","response_range":"-","request_range":"-","request_body_bytes":"150","content_type":"text/html","hit_info":"HIT","user_agent":"python-requests/2.21.0","uuid":"ce6327e015c1e16f581818b838a6cb0c","via_info":"edge-cache01[14]","xforwordfor":"-"}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建SMN结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="SMN" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=False, content="1ae49922602a42fc83acb9689a2eb5f4", field_name="message_id", type="string" ), StructFieldInfo( is_analysis=False, content="5a9f32e4f1ec4bbe9695ff9da51c2925", field_name="project_id", type="string" ), StructFieldInfo( is_analysis=False, content="urn:smn:cn-north-1:5a9f32e4f1ec4bbe9695ff9da51c2925:demo", field_name="topic_urn", type="string" ), StructFieldInfo( is_analysis=False, content="urn:smn:cn-north-1:5a9f32e4f1ec4bbe9695ff9da51c2925:demo:b55c3c6fa7cd471b9f24818d530a8740", field_name="subscriber_urn", type="string" ), StructFieldInfo( is_analysis=False, content="https", field_name="protocol_name", type="string" ), StructFieldInfo( is_analysis=False, content="https://127.0.0.1:443/https", field_name="endpoint", type="string" ), StructFieldInfo( is_analysis=False, content="DELIVERED", field_name="status", type="string" ), StructFieldInfo( is_analysis=False, content="200", field_name="http_code", type="long" ), StructFieldInfo( is_analysis=False, content="2022-11-01T00:00:00Z", field_name="create_time", type="string" ), StructFieldInfo( is_analysis=False, content="2022-11-01T00:00:10Z", field_name="send_time", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"message_id":"1ae49922602a42fc83acb9689a2eb5f4","project_id":"5a9f32e4f1ec4bbe9695ff9da51c2925","topic_urn":"urn:smn:cn-north-1:5a9f32e4f1ec4bbe9695ff9da51c2925:demo","subscriber_urn":"urn:smn:cn-north-1:5a9f32e4f1ec4bbe9695ff9da51c2925:demo:b55c3c6fa7cd471b9f24818d530a8740","protocol_name":"https","endpoint":"https://127.0.0.1:443/https","status":"DELIVERED","http_code":200,"create_time":"2022-11-01T00:00:00Z","send_time":"2022-11-01T00:00:10Z"}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建WAF访问日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="WAF_ACCESS" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=False, content="504", field_name="response_code", type="string" ), StructFieldInfo( is_analysis=False, content="http", field_name="scheme", type="string" ), StructFieldInfo( is_analysis=False, content="100.93.2.229:80", field_name="upstream_addr", type="string" ), StructFieldInfo( is_analysis=False, content="163", field_name="body_bytes_sent", type="string" ), StructFieldInfo( is_analysis=False, content="-", field_name="upstream_header_time", type="string" ), StructFieldInfo( is_analysis=False, content="1", field_name="connection_requests", type="string" ), StructFieldInfo( is_analysis=False, content="", field_name="ssl_cipher", type="string" ), StructFieldInfo( is_analysis=False, content="1736cc7331b74b198e2ef07555a970ce", field_name="hostid", type="string" ), StructFieldInfo( is_analysis=False, content="2152", field_name="pid", type="string" ), StructFieldInfo( is_analysis=False, content="", field_name="tls_version", type="string" ), StructFieldInfo( is_analysis=False, content="www.testh.com", field_name="http_host", type="string" ), StructFieldInfo( is_analysis=False, content="0", field_name="process_time", type="string" ), StructFieldInfo( is_analysis=False, content="88003425-d7bc-46ce-8ae7-77a8aa18a814", field_name="access_stream_id", type="string" ), StructFieldInfo( is_analysis=False, content="2022-07-29T19:39:10+08:00", field_name="time_iso8601", type="string" ), StructFieldInfo( is_analysis=False, content="", field_name="intel_crawler", type="string" ), StructFieldInfo( is_analysis=False, content="504", field_name="upstream_status", type="string" ), StructFieldInfo( is_analysis=False, content="10.63.46.110", field_name="remote_ip", type="string" ), StructFieldInfo( is_analysis=False, content="30.008", field_name="request_time", type="string" ), StructFieldInfo( is_analysis=False, content="1d26cc8c86a840e28a4f8d0d07852f1d", field_name="tenantid", type="string" ), StructFieldInfo( is_analysis=False, content="10.63.46.110", field_name="sip", type="string" ), StructFieldInfo( is_analysis=False, content="420", field_name="bytes_send", type="string" ), StructFieldInfo( is_analysis=False, content="2a473356cca5487f8373be891bffc1cf", field_name="projectid", type="string" ), StructFieldInfo( is_analysis=False, content="curl/7.29.0", field_name="user_agent", type="string" ), StructFieldInfo( is_analysis=False, content="", field_name="web_tag", type="string" ), StructFieldInfo( is_analysis=False, content="GET", field_name="method", type="string" ), StructFieldInfo( is_analysis=False, content="10.63.36.208", field_name="bind_ip", type="string" ), StructFieldInfo( is_analysis=False, content="", field_name="region_id", type="string" ), StructFieldInfo( is_analysis=False, content="20582", field_name="remote_port", type="string" ), StructFieldInfo( is_analysis=False, content="", field_name="ssl_ciphers_md5", type="string" ), StructFieldInfo( is_analysis=False, content="", field_name="x_real_ip", type="string" ), StructFieldInfo( is_analysis=False, content="/", field_name="url", type="string" ), StructFieldInfo( is_analysis=False, content="", field_name="x_forwarded_for", type="string" ), StructFieldInfo( is_analysis=False, content="", field_name="sni", type="string" ), StructFieldInfo( is_analysis=False, content="public/../style/general.css=true", field_name="args", type="string" ), StructFieldInfo( is_analysis=False, content="", field_name="cdn_src_ip", type="string" ), StructFieldInfo( is_analysis=False, content="0", field_name="enterprise_project_id", type="string" ), StructFieldInfo( is_analysis=False, content="-", field_name="upstream_connect_time", type="string" ), StructFieldInfo( is_analysis=False, content="", field_name="engine_id", type="string" ), StructFieldInfo( is_analysis=False, content="110", field_name="request_length", type="string" ), StructFieldInfo( is_analysis=False, content="5d574e6a-87da-42bc-bfd4-ff61a1b336a4", field_name="group_id", type="string" ), StructFieldInfo( is_analysis=False, content="36f0a9212b14528ffc090f1811cd87d8", field_name="requestid", type="string" ), StructFieldInfo( is_analysis=False, content="", field_name="ssl_curves", type="string" ), StructFieldInfo( is_analysis=False, content="", field_name="ssl_session_reused", type="string" ), StructFieldInfo( is_analysis=False, content="2022-07-29T11:39:10.000Z", field_name="waf-time", type="string" ), StructFieldInfo( is_analysis=False, content="30.009", field_name="upstream_response_time", type="string" ), StructFieldInfo( is_analysis=False, content="29/Jul/2022:19:39:10 +0800", field_name="time", type="string" ), StructFieldInfo( is_analysis=False, content="access", field_name="waf_category", type="string" ), StructFieldInfo( is_analysis=False, content="10.63.36.208", field_name="eng_ip", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"response_code":"504","scheme":"http","upstream_addr":"100.93.2.229:80","body_bytes_sent":"163","upstream_header_time":"-","connection_requests":"1","ssl_cipher":"","hostid":"1736cc7331b74b198e2ef07555a970ce","pid":"2152","tls_version":"","http_host":"www.testh.com","process_time":"0","access_stream_id":"88003425-d7bc-46ce-8ae7-77a8aa18a814","time_iso8601":"2022-07-29T19:39:10+08:00","intel_crawler":"","upstream_status":"504","remote_ip":"10.63.46.110","request_time":"30.008","tenantid":"1d26cc8c86a840e28a4f8d0d07852f1d","sip":"10.63.46.110","bytes_send":"420","projectid":"2a473356cca5487f8373be891bffc1cf","user_agent":"curl/7.29.0","web_tag":"","method":"GET","bind_ip":"10.63.36.208","region_id":"","remote_port":"20582","ssl_ciphers_md5":"","x_real_ip":"","url":"/","x_forwarded_for":"","sni":"","args":"public/../style/general.css=true","cdn_src_ip":"","enterprise_project_id":"0","upstream_connect_time":"-","engine_id":"","request_length":"110","group_id":"5d574e6a-87da-42bc-bfd4-ff61a1b336a4","requestid":"36f0a9212b14528ffc090f1811cd87d8","ssl_curves":"","ssl_session_reused":"","waf-time":"2022-07-29T11:39:10.000Z","upstream_response_time":"30.008","time":"29/Jul/2022:19:39:10 +0800","category":"access","eng_ip":"10.63.36.208"}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建WAF攻击日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="WAF_ATTACK" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=False, content="cd081ba3d6674000acc37d7e2a4b9140", field_name="policy_id", type="string" ), StructFieldInfo( is_analysis=False, content="80", field_name="hport", type="string" ), StructFieldInfo( is_analysis=False, content="163", field_name="body_bytes_sent", type="string" ), StructFieldInfo( is_analysis=False, content="1736cc7331b74b198e2ef07555a970ce", field_name="hostid", type="string" ), StructFieldInfo( is_analysis=False, content="040002", field_name="rule", type="string" ), StructFieldInfo( is_analysis=False, content="10.63.36.208", field_name="engine_ip", type="string" ), StructFieldInfo( is_analysis=False, content="2152", field_name="pid", type="string" ), StructFieldInfo( is_analysis=False, content="www.testh.com", field_name="http_host", type="string" ), StructFieldInfo( is_analysis=False, content="1", field_name="process_time", type="string" ), StructFieldInfo( is_analysis=False, content="0000-0000-0000-20820220729193940-f34cf25e", field_name="reqid", type="string" ), StructFieldInfo( is_analysis=False, content="2022-07-29T19:39:40+08:00", field_name="time_iso8601", type="string" ), StructFieldInfo( is_analysis=False, content="504", field_name="upstream_status", type="string" ), StructFieldInfo( is_analysis=False, content="public/../style/general.css", field_name="hit_data", type="string" ), StructFieldInfo( is_analysis=False, content="98de5d5a-9f54-4d01-9882-eca7bec99d09", field_name="attack_stream_id", type="string" ), StructFieldInfo( is_analysis=False, content="10.63.46.110", field_name="remote_ip", type="string" ), StructFieldInfo( is_analysis=False, content="lfi", field_name="attack", type="string" ), StructFieldInfo( is_analysis=False, content="1d26cc8c86a840e28a4f8d0d07852f1d", field_name="tenantid", type="string" ), StructFieldInfo( is_analysis=False, content="www.testh.com", field_name="host", type="string" ), StructFieldInfo( is_analysis=False, content="log", field_name="action", type="string" ), StructFieldInfo( is_analysis=False, content="HTTP", field_name="backend.protocol", type="string" ), StructFieldInfo( is_analysis=False, content="true", field_name="backend.alive", type="string" ), StructFieldInfo( is_analysis=False, content="80", field_name="backend.port", type="long" ), StructFieldInfo( is_analysis=False, content="100.93.2.229", field_name="backend.host", type="string" ), StructFieldInfo( is_analysis=False, content="1", field_name="backend.weight", type="long" ), StructFieldInfo( is_analysis=False, content="ip", field_name="backend.type", type="string" ), StructFieldInfo( is_analysis=False, content="04-0000-0000-0000-20820220729193940-f34cf25e", field_name="id", type="string" ), StructFieldInfo( is_analysis=False, content="10.63.46.110", field_name="sip", type="string" ), StructFieldInfo( is_analysis=False, content="2a473356cca5487f8373be891bffc1cf", field_name="projectid", type="string" ), StructFieldInfo( is_analysis=False, content="", field_name="web_tag", type="string" ), StructFieldInfo( is_analysis=False, content="2022-07-29T11:39:40.000Z", field_name="attack-time", type="string" ), StructFieldInfo( is_analysis=False, content="GET", field_name="method", type="string" ), StructFieldInfo( is_analysis=False, content="{"HWWAFSESTIME":"1659094780939","HWWAFSESID":"e2cd0733b4712e4cc4"}", field_name="cookie", type="string" ), StructFieldInfo( is_analysis=False, content="2", field_name="level", type="long" ), StructFieldInfo( is_analysis=False, content="{\"public\\/..\\/style\\/general.css\":\"true\"}", field_name="params", type="string" ), StructFieldInfo( is_analysis=False, content="", field_name="x_real_ip", type="string" ), StructFieldInfo( is_analysis=False, content="/", field_name="url", type="string" ), StructFieldInfo( is_analysis=False, content="", field_name="x_forwarded_for", type="string" ), StructFieldInfo( is_analysis=False, content="", field_name="cdn_src_ip", type="string" ), StructFieldInfo( is_analysis=False, content="0", field_name="enterprise_project_id", type="string" ), StructFieldInfo( is_analysis=False, content="", field_name="req_body", type="string" ), StructFieldInfo( is_analysis=False, content="", field_name="engine_id", type="string" ), StructFieldInfo( is_analysis=False, content="5d574e6a-87da-42bc-bfd4-ff61a1b336a4", field_name="group_id", type="string" ), StructFieldInfo( is_analysis=False, content="f34cf25eb33ed82cd7261a8276a60c39", field_name="requestid", type="string" ), StructFieldInfo( is_analysis=False, content="null", field_name="multipart", type="string" ), StructFieldInfo( is_analysis=False, content="{\"host\":\"www.testh.com\",\"user-agent\":\"curl\\/7.29.0\",\"accept\":\"*\\/*\"}", field_name="header", type="string" ), StructFieldInfo( is_analysis=False, content="params", field_name="location", type="string" ), StructFieldInfo( is_analysis=False, content="30.000", field_name="upstream_response_time", type="string" ), StructFieldInfo( is_analysis=False, content="2022-07-29 19:39:40", field_name="time", type="string" ), StructFieldInfo( is_analysis=False, content="attack", field_name="waf_category", type="string" ), StructFieldInfo( is_analysis=False, content="28408", field_name="sport", type="long" ), StructFieldInfo( is_analysis=False, content="504", field_name="status", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"policy_id":"cd081ba3d6674000acc37d7e2a4b9140","hport":"80","body_bytes_sent":"163","hostid":"1736cc7331b74b198e2ef07555a970ce","rule":"040002","engine_ip":"10.63.36.208","pid":"2152","http_host":"www.testh.com","process_time":"1","reqid":"0000-0000-0000-20820220729193940-f34cf25e","time_iso8601":"2022-07-29T19:39:40+08:00","upstream_status":"504","hit_data":"public/../style/general.css","attack_stream_id":"98de5d5a-9f54-4d01-9882-eca7bec99d09","remote_ip":"10.63.46.110","attack":"lfi","tenantid":"1d26cc8c86a840e28a4f8d0d07852f1d","host":"www.testh.com","action":"log","backend":{"protocol":"HTTP","alive":true,"port":80,"host":"100.93.2.229","weight":1,"type":"ip"},"id":"04-0000-0000-0000-20820220729193940-f34cf25e","sip":"10.63.46.110","projectid":"2a473356cca5487f8373be891bffc1cf","web_tag":"","attack-time":"2022-07-29T11:39:40.000Z","method":"GET","cookie":"{\"HWWAFSESTIME\":\"1659094780939\",\"HWWAFSESID\":\"e2cd0733b4712e4cc4\"}","level":2,"params":"{\"public\\/..\\/style\\/general.css\":\"true\"}","x_real_ip":"","uri":"/","x_forwarded_for":"","cdn_src_ip":"","enterprise_project_id":"0","req_body":"","engine_id":"","group_id":"5d574e6a-87da-42bc-bfd4-ff61a1b336a4","requestid":"f34cf25eb33ed82cd7261a8276a60c39","multipart":"null","header":"{\"host\":\"www.testh.com\",\"user-agent\":\"curl\\/7.29.0\",\"accept\":\"*\\/*\"}","location":"params","upstream_response_time":"30.000","time":"2022-07-29 19:39:40","category":"attack","sport":28408,"status":"504"}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
创建DMS重平衡日志的结构化配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdklts.v2.region.lts_region import LtsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdklts.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = LtsClient.new_builder() \ .with_credentials(credentials) \ .with_region(LtsRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateStructTemplateRequest() rulebody = Rule( type="built_in", param="DMS_REBALANCED" ) listTagFieldsbody = [ TagField( field_name="hostIP", type="string", content="192.168.2.134", is_analysis=True ) ] listDemoFieldsbody = [ StructFieldInfo( is_analysis=False, content="INFO", field_name="level", type="string" ), StructFieldInfo( is_analysis=False, content="2023-03-23 17:23:22,906", field_name="timestamp", type="string" ), StructFieldInfo( is_analysis=False, content="consumer-1-177817b6-1f29-4717-8a83-dda8eaab1635", field_name="message.leaderId", type="string" ), StructFieldInfo( is_analysis=False, content="1", field_name="message.generationId", type="string" ), StructFieldInfo( is_analysis=False, content="Assignment received from leader for group KMOffsetCache-dms-vm-fa3cf9d6-manager-shared-server-0 for generation 1", field_name="message.reason", type="string" ), StructFieldInfo( is_analysis=False, content="KMOffsetCache-dms-vm-fa3cf9d6-manager-shared-server-0", field_name="message.groupId", type="string" ), StructFieldInfo( is_analysis=False, content="0", field_name="message.coordinatorId", type="string" ), StructFieldInfo( is_analysis=False, content="END_REBALANCE", field_name="message.type", type="string" ), StructFieldInfo( is_analysis=False, content="GroupMetadata(groupId=KMOffsetCache-dms-vm-fa3cf9d6-manager-shared-server-0, generation=1, protocolType=Some(consumer), currentState=CompletingRebalance, members=Map(consumer-1-177817b6-1f29-4717-8a83-dda8eaab1635 -> MemberMetadata(memberId=consumer-1-177817b6-1f29-4717-8a83-dda8eaab1635, clientId=consumer-1, clientHost=/172.31.2.168, sessionTimeoutMs=10000, rebalanceTimeoutMs=300000, supportedProtocols=List(range), )))", field_name="message.group", type="string" ) ] request.body = LtsStructTemplateInfo( rule=rulebody, project_id="2a473356cca5487f8373be891bffxxxx", log_stream_id="7e432db8-9dad-4723-a4b1-fdabf712xxxx", parse_type=" ", log_group_id="925a750-e0f3-4fe9-a046-a04af676xxxx", content="{"level":"INFO","timestamp":"2023-03-23 17:23:22,906","message":{"leaderId":"consumer-1-177817b6-1f29-4717-8a83-dda8eaab1635","generationId":"1","reason":"Assignment received from leader for group KMOffsetCache-dms-vm-fa3cf9d6-manager-shared-server-0 for generation 1","groupId":"KMOffsetCache-dms-vm-fa3cf9d6-manager-shared-server-0","coordinatorId":"0","type":"END_REBALANCE","group":"GroupMetadata(groupId=KMOffsetCache-dms-vm-fa3cf9d6-manager-shared-server-0, generation=1, protocolType=Some(consumer), currentState=CompletingRebalance, members=Map(consumer-1-177817b6-1f29-4717-8a83-dda8eaab1635 -> MemberMetadata(memberId=consumer-1-177817b6-1f29-4717-8a83-dda8eaab1635, clientId=consumer-1, clientHost=/172.31.2.168, sessionTimeoutMs=10000, rebalanceTimeoutMs=300000, supportedProtocols=List(range), )))"}}", tag_fields=listTagFieldsbody, demo_fields=listDemoFieldsbody ) response = client.create_struct_template(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
正则方式:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" lts "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/lts/v2" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/lts/v2/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/lts/v2/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). Build() client := lts.NewLtsClient( lts.LtsClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.CreateStructTemplateRequest{} contentTagFields:= "192.168.2.134" isAnalysisTagFields:= true contentTagFields1:= "ecs-ictest" isAnalysisTagFields1:= true var listTagFieldsbody = []model.TagField{ { FieldName: "hostIP", Type: "string", Content: &contentTagFields, IsAnalysis: &isAnalysisTagFields, }, { FieldName: "hostName", Type: "string", Content: &contentTagFields1, IsAnalysis: &isAnalysisTagFields1, }, } isAnalysisDemoFields:= true fieldNameDemoFields:= "a01" isAnalysisDemoFields1:= true fieldNameDemoFields1:= "a02" isAnalysisDemoFields2:= true fieldNameDemoFields2:= "a03" isAnalysisDemoFields3:= true fieldNameDemoFields3:= "a04" isAnalysisDemoFields4:= true fieldNameDemoFields4:= "a05" isAnalysisDemoFields5:= true fieldNameDemoFields5:= "a06" isAnalysisDemoFields6:= true fieldNameDemoFields6:= "a07" var listDemoFieldsbody = []model.StructFieldInfo{ { IsAnalysis: &isAnalysisDemoFields, FieldName: &fieldNameDemoFields, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields1, FieldName: &fieldNameDemoFields1, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields2, FieldName: &fieldNameDemoFields2, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields3, FieldName: &fieldNameDemoFields3, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields4, FieldName: &fieldNameDemoFields4, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields5, FieldName: &fieldNameDemoFields5, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields6, FieldName: &fieldNameDemoFields6, Type: "long", }, } regexRulesLtsStructTemplateInfo:= "^(?<a01>[^ ]+)(?:[^ ]* ){1}(?<a02>\w+)(?:[^ ]* ){1}(?<a03>\w+)(?:[^ ]* ){1}(?<a04>\w+)(?:[^ ]* ){1}(?<a05>\w+)(?:[^ ]* ){1}(?<a06>\w+)(?:[^ ]* ){1}(?<a07>\d+)" request.Body = &model.LtsStructTemplateInfo{ RegexRules: ®exRulesLtsStructTemplateInfo, ProjectId: " ", LogStreamId: "ff8bd110-dc44-4692-af74-d3b1f6197887", ParseType: model.GetLtsStructTemplateInfoParseTypeEnum().CUSTOM_REGEX, LogGroupId: "ada6ce6b-17ba-43f3-a27f-aa563b4ab14e", Content: "2021-09-09/18:15:41 this log is Error NO 6323", TagFields: listTagFieldsbody, DemoFields: listDemoFieldsbody, } response, err := client.CreateStructTemplate(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } }
JSON方式:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" lts "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/lts/v2" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/lts/v2/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/lts/v2/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). Build() client := lts.NewLtsClient( lts.LtsClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.CreateStructTemplateRequest{} contentTagFields:= "192.168.2.134" isAnalysisTagFields:= true contentTagFields1:= "ecs-ictest" isAnalysisTagFields1:= true var listTagFieldsbody = []model.TagField{ { FieldName: "hostIP", Type: "string", Content: &contentTagFields, IsAnalysis: &isAnalysisTagFields, }, { FieldName: "hostName", Type: "string", Content: &contentTagFields1, IsAnalysis: &isAnalysisTagFields1, }, } isAnalysisDemoFields:= true fieldNameDemoFields:= "code" userDefinedNameDemoFields:= "jl" isAnalysisDemoFields1:= true fieldNameDemoFields1:= "record_time" isAnalysisDemoFields2:= true fieldNameDemoFields2:= "tracker_name" isAnalysisDemoFields3:= true fieldNameDemoFields3:= "user.id" isAnalysisDemoFields4:= true fieldNameDemoFields4:= "user.name" var listDemoFieldsbody = []model.StructFieldInfo{ { IsAnalysis: &isAnalysisDemoFields, FieldName: &fieldNameDemoFields, Type: "long", UserDefinedName: &userDefinedNameDemoFields, }, { IsAnalysis: &isAnalysisDemoFields1, FieldName: &fieldNameDemoFields1, Type: "long", }, { IsAnalysis: &isAnalysisDemoFields2, FieldName: &fieldNameDemoFields2, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields3, FieldName: &fieldNameDemoFields3, Type: "long", }, { IsAnalysis: &isAnalysisDemoFields4, FieldName: &fieldNameDemoFields4, Type: "string", }, } layersLtsStructTemplateInfo:= int32(3) request.Body = &model.LtsStructTemplateInfo{ Layers: &layersLtsStructTemplateInfo, ProjectId: " ", LogStreamId: "ff8bd110-dc44-4692-af74-d3b1f6197887", ParseType: model.GetLtsStructTemplateInfoParseTypeEnum().JSON, LogGroupId: "ada6ce6b-17ba-43f3-a27f-aa563b4ab14e", Content: "{'code':38,'tracker_name':'global','record_time':'1597042370464','user':{'name':'testdemo','id':'123456789'}}", TagFields: listTagFieldsbody, DemoFields: listDemoFieldsbody, } response, err := client.CreateStructTemplate(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } }
分隔符:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" lts "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/lts/v2" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/lts/v2/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/lts/v2/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). Build() client := lts.NewLtsClient( lts.LtsClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.CreateStructTemplateRequest{} contentTagFields:= "192.168.2.134" isAnalysisTagFields:= true contentTagFields1:= "ecs-ictest" isAnalysisTagFields1:= true var listTagFieldsbody = []model.TagField{ { FieldName: "hostIP", Type: "string", Content: &contentTagFields, IsAnalysis: &isAnalysisTagFields, }, { FieldName: "hostName", Type: "string", Content: &contentTagFields1, IsAnalysis: &isAnalysisTagFields1, }, } isAnalysisDemoFields:= true fieldNameDemoFields:= "b1" isAnalysisDemoFields1:= true fieldNameDemoFields1:= "b2" isAnalysisDemoFields2:= true fieldNameDemoFields2:= "b3" isAnalysisDemoFields3:= true fieldNameDemoFields3:= "b4" isAnalysisDemoFields4:= true fieldNameDemoFields4:= "b5" isAnalysisDemoFields5:= true fieldNameDemoFields5:= "b6" isAnalysisDemoFields6:= true fieldNameDemoFields6:= "b7" var listDemoFieldsbody = []model.StructFieldInfo{ { IsAnalysis: &isAnalysisDemoFields, FieldName: &fieldNameDemoFields, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields1, FieldName: &fieldNameDemoFields1, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields2, FieldName: &fieldNameDemoFields2, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields3, FieldName: &fieldNameDemoFields3, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields4, FieldName: &fieldNameDemoFields4, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields5, FieldName: &fieldNameDemoFields5, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields6, FieldName: &fieldNameDemoFields6, Type: "long", }, } tokenizerLtsStructTemplateInfo:= " " request.Body = &model.LtsStructTemplateInfo{ Tokenizer: &tokenizerLtsStructTemplateInfo, ProjectId: "", LogStreamId: "ff8bd110-dc44-4692-af74-d3b1f6197887", ParseType: model.GetLtsStructTemplateInfoParseTypeEnum().SPLIT, LogGroupId: "ada6ce6b-17ba-43f3-a27f-aa563b4ab14e", Content: "2021-09-09/18:50:51 this log is Error NO 37", TagFields: listTagFieldsbody, DemoFields: listDemoFieldsbody, } response, err := client.CreateStructTemplate(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } }
Nginx:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" lts "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/lts/v2" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/lts/v2/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/lts/v2/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). Build() client := lts.NewLtsClient( lts.LtsClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.CreateStructTemplateRequest{} contentTagFields:= "192.168.2.134" isAnalysisTagFields:= true contentTagFields1:= "ecs-ictest" isAnalysisTagFields1:= true var listTagFieldsbody = []model.TagField{ { FieldName: "hostIP", Type: "string", Content: &contentTagFields, IsAnalysis: &isAnalysisTagFields, }, { FieldName: "hostName", Type: "string", Content: &contentTagFields1, IsAnalysis: &isAnalysisTagFields1, }, } isAnalysisDemoFields:= false contentDemoFields:= "0" fieldNameDemoFields:= "body_bytes_sent" isAnalysisDemoFields1:= false contentDemoFields1:= "-" fieldNameDemoFields1:= "http_referer" isAnalysisDemoFields2:= false contentDemoFields2:= "Mozilla/5.0" fieldNameDemoFields2:= "http_user_agent" isAnalysisDemoFields3:= false contentDemoFields3:= "-" fieldNameDemoFields3:= "http_x_forwarded_for" isAnalysisDemoFields4:= false contentDemoFields4:= "192.168.0.0" fieldNameDemoFields4:= "remote_addr" isAnalysisDemoFields5:= false contentDemoFields5:= "sgq" fieldNameDemoFields5:= "remote_user" isAnalysisDemoFields6:= false contentDemoFields6:= "GET" fieldNameDemoFields6:= "request_method" isAnalysisDemoFields7:= false contentDemoFields7:= "/" fieldNameDemoFields7:= "request_uri" isAnalysisDemoFields8:= false contentDemoFields8:= "304" fieldNameDemoFields8:= "status" isAnalysisDemoFields9:= false contentDemoFields9:= "12/Mar/2020:12:24:02" fieldNameDemoFields9:= "time_local" var listDemoFieldsbody = []model.StructFieldInfo{ { IsAnalysis: &isAnalysisDemoFields, Content: &contentDemoFields, FieldName: &fieldNameDemoFields, Type: "long", }, { IsAnalysis: &isAnalysisDemoFields1, Content: &contentDemoFields1, FieldName: &fieldNameDemoFields1, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields2, Content: &contentDemoFields2, FieldName: &fieldNameDemoFields2, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields3, Content: &contentDemoFields3, FieldName: &fieldNameDemoFields3, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields4, Content: &contentDemoFields4, FieldName: &fieldNameDemoFields4, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields5, Content: &contentDemoFields5, FieldName: &fieldNameDemoFields5, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields6, Content: &contentDemoFields6, FieldName: &fieldNameDemoFields6, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields7, Content: &contentDemoFields7, FieldName: &fieldNameDemoFields7, Type: "string", }, { IsAnalysis: &isAnalysisDemoFields8, Content: &contentDemoFields8, FieldName: &fieldNameDemoFields8, Type: "long", }, { IsAnalysis: &isAnalysisDemoFields9, Content: &contentDemoFields9, FieldName: &fieldNameDemoFields9, Type: "string", }, } logFormatLtsStructTemplateInfo:= "log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';" request.Body = &model.LtsStructTemplateInfo{ LogFormat: &logFormatLtsStructTemplateInfo, ProjectId: "2a473356cca5487f8373be891bffc1cf", LogStreamId: "60906859-e91e-4d4a-9a21-ae319f544567", ParseType: model.GetLtsStructTemplateInfoParseTypeEnum().NGINX, LogGroupId: "d1f4240d-5ee2-4e0b-9e2c-e25c7978c001", Content: "192.168.0.0 - sgq [12/Mar/2020:12:24:02 +0800] "GET / 127/query" 304 0 "-" "Mozilla/5.0" "-"", TagFields: listTagFieldsbody, DemoFields: listDemoFieldsbody, } response, err := client.CreateStructTemplate(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } }
CTS:
ELB:
VPC:
APIG:
创建DDS审计日志的结构化配置
创建NGINX方式的结构化配置
创建GAUSSDB_OPENGAUSS_AUDIT方式的结构化配置
创建TOMCAT方式的结构化配置
创建DCS审计日志的结构化配置
创建DDS错误日志的结构化配置
创建DDS慢日志的结构化配置
创建CFW访问控制日志的结构化配置
创建CFW攻击日志的结构化配置
创建CFW流量日志的结构化配置
创建MYSQL错误日志的结构化配置
创建MYSQL慢日志的结构化配置
创建POSTGRESQL慢日志的结构化配置
创建POSTGRESQL错误日志的结构化配置
创建SQLSERVER错误日志的结构化配置
创建GAUSSDB_REDIS慢日志的结构化配置
创建GAUSSDB_MYSQL慢日志的结构化配置
创建GAUSSDB_MYSQL错误日志的结构化配置
创建CDN结构化配置
创建SMN结构化配置
创建WAF访问日志的结构化配置
创建WAF攻击日志的结构化配置
创建DMS重平衡日志的结构化配置
更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。
状态码
状态码 |
描述 |
---|---|
200 |
请求响应成功, 成功创建结构化配置。 |
400 |
BadRequest。非法请求。 建议根据error_msg直接修改该请求,不要重试该请求。 |
401 |
AuthFailed。鉴权失败, 请确认token后再次请求 。 |
403 |
Forbidden。请求被拒绝访问。返回该状态码,表明请求能够到达服务端,且服务端能够理解用户请求,但是拒绝做更多的事情,因为该请求被设置为拒绝访问,建议直接修改该请求,不要重试该请求。 |
500 |
InternalServerError。 表明服务端能被请求访问到,但是服务内部出错。 |
503 |
ServiceUnavailable。 被请求的服务无效,服务不可用。 |
错误码
请参见错误码。