更新时间:2024-09-13 GMT+08:00
事件样例
以下提供云审计服务所收集事件的两个页面样例,并对其中常用的观察点进行了描述,以方便用户更直观的理解事件信息。其他服务所产生的事件可参照以下样例理解。
详细的字段解释可参考事件结构章节。
创建云服务器实例
{
"trace_id": "cbdd4480-2e03-11ef-82de-cf140e2a70fb",
"trace_name": "createServer",
"resource_type": "ecs",
"trace_rating": "normal",
"api_version": "1.0",
"source_ip": "124.71.93.243",
"domain_id": "7e0d78c85***d0b9b7cba",
"trace_type": "ConsoleAction",
"service_type": "ECS",
"event_type": "system",
"project_id": "07066c6fc90025a02f6dc01e105b286e",
"read_only": false,
"tracker_name": "system",
"operation_id": "ListSubscriptions",
"resource_account_id": "7e0d78c85***d0b9b7cba",
"time": 1718777931170,
"resource_name": "ecs-test",
"user": {
"access_key_id": "HSTAZVL6WYS0J5MYE2GA",
"account_id": "7e0d78c85***d0b9b7cba",
"user_name": "IAMUserA",
"domain": {
"name": "IAMDomainB",
"id": "7e0d78c85***d0b9b7cba"
},
"name": "IAMUserA",
"principal_is_root_user": "true",
"id": "f36972ced***d619f1214",
"principal_urn": "iam::7e0d78c85***d0b9b7cba:user:IAMUserA",
"type": "User",
"principal_id": "f36972ced***d619f1214"
},
"record_time": 1718777931170,
"request": "{\"server\":{\"adminPass\":\"********\",\"extendparam\":{\"chargingMode\":\"0\",\"regionID\":\"cn-north-4\"},\"count\":1,\"metadata\":{\"op_svc_userid\":\"f36972ced***d619f1214\",\"__support_agent_list\":\"hss,ces\"},\"availability_zone\":\"cn-north-4c\",\"description\":\"\",\"name\":\"ecs-test\",\"imageRef\":\"7d940784-ac0a-425f-b3fa-8478f1a1df70\",\"root_volume\":{\"volumetype\":\"GPSSD\",\"extendparam\":{\"resourceSpecCode\":\"GPSSD\",\"resourceType\":\"3\"},\"size\":40,\"metadata\":null,\"hw:passthrough\":\"false\",\"cluster_type\":null,\"cluster_id\":null,\"iops\":null,\"throughput\":null},\"data_volumes\":[],\"flavorRef\":\"sn3.small.1\",\"personality\":[],\"vpcid\":\"250ad46d-9c89-44ec-a97d-293da771b06b\",\"security_groups\":[{\"id\":\"3bb87748-e387-42e5-ad7a-4331638f1321\"}],\"nics\":[{\"subnet_id\":\"1a02d148-e7f9-4a3c-ba58-18099dfbf752\",\"nictype\":\"\",\"ip_address\":\"\",\"port_id\":null,\"binding:profile\":{\"disable_security_groups\":\"false\"},\"extra_dhcp_opts\":[],\"ipv6_bandwidth\":null,\"ipv6_enable\":false,\"driver_mode\":null,\"allowed_address_pairs\":null,\"efi_enable\":false,\"efi_protocol\":null}],\"publicip\":{\"id\":null,\"eip\":{\"bandwidth\":{\"name\":\"ecs-test-bandwidth\",\"size\":1,\"id\":null,\"sharetype\":\"PER\",\"productid\":\"\",\"chargemode\":\"traffic\"},\"extendparam\":{\"chargingMode\":\"postPaid\"},\"iptype\":\"5_bgp\",\"ipproductid\":\"\"}},\"key_name\":\"KeyPair-ebbe\",\"isAutoRename\":false,\"server_tags\":[],\"batch_create_in_multi_az\":false,\"spod_enable\":false,\"user_data\":\"\"}}",
"message": "success",
"response": "{\"job_id\":\"ff8080828fe9028a01902f2542df1b10\",\"job_type\":\"createSingleServer\",\"begin_time\":\"2024-06-19T06:18:09.502Z\",\"end_time\":\"2024-06-19T06:18:51.169Z\",\"status\":\"SUCCESS\",\"error_code\":null,\"fail_reason\":null,\"entities\":{\"server_id\":\"7285ea5d-f15c-4d9c-9e4e-37d37023f2f4\"}}",
"resource_id": "7285ea5d-f15c-4d9c-9e4e-37d37023f2f4",
"request_id": "null"
}
在以上信息中,可以重点关注如下字段:
- "time":标识事件产生的时间戳,本例中为1718777931170。
- "user":记录了操作用户的信息,本例中操作用户为账户(domain字段)IAMDomainB下的用户(name字段)IAMUserA。
- "request":记录了创建ECS服务器的请求,可以抽取该ECS服务器的简单信息,如name为ecs-test-bandwidth,资源id(vpcid字段)为250ad46d-9c89-44ec-a97d-293da771b06b。
- "response":记录了创建ECS服务的返回结果,可以抽取其中的关键信息,如创建结果(status字段)为SUCCESS,错误码(error_code字段)和失败原因(fail_reason字段)均为空(null)。
云硬盘实例
{
"trace_id": "c4ddaa0b-2e05-11ef-bdc6-e1851d8cb7fb",
"trace_name": "deleteVolume",
"resource_type": "evs",
"trace_rating": "normal",
"api_version": "1.0",
"source_ip": "124.71.93.243",
"domain_id": "7e0d78c85***d0b9b7cba",
"trace_type": "ConsoleAction",
"service_type": "EVS",
"event_type": "system",
"project_id": "07066c6fc90025a02f6dc01e105b286e",
"read_only": false,
"resource_id": "bc661a99-3088-4e86-899f-fb4f46c2bb71",
"tracker_name": "system",
"resource_account_id": "7e0d78c85***d0b9b7cba",
"time": 1718778778419,
"user": {
"access_key_id": "HSTAA8960GPIROJGW19L",
"account_id": "7e0d78c85***d0b9b7cba",
"user_name": "IAMUserA",
"domain": {
"name": "IAMDomainB",
"id": "7e0d78c85***d0b9b7cba"
},
"name": "IAMUserA",
"principal_is_root_user": "true",
"id": "f36972ced***d619f1214",
"principal_urn": "iam::7e0d78c85***d0b9b7cba:user:IAMUserA",
"type": "User",
"principal_id": "f36972ced***d619f1214"
},
"record_time": 1718778778419,
"request": "",
"response": "{\"job_id\":\"defe9cf7b5ca4566860edbebb181e17a\",\"job_type\":\"deleteVolume\",\"begin_time\":\"2024-06-19T06:32:53.018Z\",\"end_time\":\"2024-06-19T06:32:58.411Z\",\"status\":\"SUCCESS\",\"error_code\":null,\"fail_reason\":null,\"entities\":{\"volume_type\":\"GPSSD\",\"volume_id\":\"bc661a99-3088-4e86-899f-fb4f46c2bb71\",\"size\":10,\"name\":\"volume-d64d\"}}",
"resource_name": "volume-d64d",
"request_id": "defe9cf7b5ca4566860edbebb181e17a"
}
在以上信息中,可以重点关注如下字段:
- "time":标识事件产生的时间戳,本例中为1718778778419。
- "user":记录了操作用户的信息,本例中操作用户为账户(domain字段)IAMDomainB下的用户(name字段)IAMUserA。
- "request":非必选字段,此处为空。
- "response":记录了删除磁盘的返回结果。
- "trace_rating":记录了事件的级别,可代替response字段提示用户操作结果,本例中为normal,按事件结构章节中约束,即代表操作成功。
父主题: 云审计服务事件参考
