云日志服务 LTS
云日志服务 LTS
- 最新动态
- 功能总览
- 产品介绍
- 计费说明
- 快速入门
-
用户指南
- 授权IAM用户使用云日志服务LTS
- 购买LTS资源包
- 日志管理
-
日志接入
- 日志接入概述
- 使用ICAgent插件采集日志
-
使用云服务接入LTS
- 云服务接入LTS概述
- 应用运维管理AOM接入LTS
- API网关APIG接入LTS
- Astro轻应用接入LTS
- 云堡垒机CBH接入LTS
- 内容分发网络CDN接入LTS
- 云防火墙CFW接入LTS
- 云审计服务CTS接入LTS
- 分布式缓存服务DCS接入LTS
- 文档数据库服务DDS接入LTS
- DDoS防护 AAD接入LTS
- 分布式消息服务Kafka版接入LTS
- 数据复制服务DRS接入LTS
- 数据仓库服务GaussDB(DWS)接入LTS
- 弹性负载均衡 ELB接入LTS
- 企业路由器ER接入LTS
- 函数工作流FunctionGraph接入LTS
- 云数据库GaussDB接入LTS
- 图引擎服务GES接入LTS
- 云数据库 TaurusDB接入LTS
- 云数据库GeminiDB接入LTS
- 云数据库GeminiDB Mongo接入LTS
- 云数据库GeminiDB Cassandra接入LTS
- 华为HiLens接入LTS
- 设备接入IoTDA接入LTS
- AI开发平台ModelArts接入LTS
- MapReduce服务MRS接入LTS
- 云数据库RDS for MySQL接入LTS
- 云数据库RDS for PostgreSQL接入LTS
- 云数据库RDS for SQLServer接入LTS
- 应用与数据集成平台ROMA Connect接入LTS
- 视频直播Live接入LTS
- 消息通知服务SMN接入LTS
- 安全云脑SecMaster接入LTS
- 对象存储服务OBS接入LTS(邀测)
- 虚拟私有云VPC接入LTS
- Web应用防火墙WAF接入LTS
- 使用API接入LTS
- 使用SDK接入LTS
- 跨IAM账号接入LTS
- 使用KAFKA协议上报日志到LTS
- 使用Flume采集器上报日志到LTS
- 使用匿名写入采集日志
- 自建中间件
- 日志搜索与分析(默认推荐)
- 日志搜索与分析(管道符方式-邀测)
- 日志可视化
- 日志告警
- 日志转储
- 日志消费与加工
- LTS配置中心管理
- 查看LTS审计事件
- 最佳实践
- 开发指南
- API参考
- SDK参考
- 场景代码示例
- 常见问题
- 视频帮助
- 文档下载
- 通用参考
链接复制成功!
VPC仪表盘模板
虚拟私有云(Virtual Private Cloud,VPC)是隔离的、私密的虚拟网络环境。用户可以自由配置VPC内的IP地址段、子网、安全组等子服务,也可以申请弹性带宽和弹性公网IP搭建业务系统。 VPC日志流中记录了虚拟私有云中的流量信息,可以帮助您检查和优化安全组和网络ACL控制规则、监控网络流量、进行网络攻击分析等。
云日志服务支持日志采集向导一站式采集VPC日志,并为VPC日志配置结构化和仪表盘。该仪表盘主要展示VPC日志的Action总次数,ACCEPT总字节数、ACCEPT总包数、REJECT总字节数、REJECT总包数、源地址的Action次数分布、总分钟Action次数、Action分布、流日志记录状态分布、Action次数的源地址运行商分布、Top5字节数的源地址、Top5字节数的目标地址、Top5包数的目标端口、各协议的每分钟包数、弹性网卡。
前提条件
- 已采集VPC日志,详情请参见虚拟私有云VPC接入LTS。
- 日志配置结构化,详情请参见设置云端结构化解析日志。
查看VPC流日志
- 登录云日志服务控制台,在左侧导航栏中选择“日志管理”。
- 在“日志应用”模块中,单击“VPC日志流中心”,选择“进入仪表盘”。
- 在仪表盘模板下方,选择“VPC仪表盘模板 > VPC流日志”,查看图表详情。
- Action总次数图表所关联的查询分析语句如下所示:
select CASE WHEN total_actions < 1000 THEN concat(cast( total_actions AS VARCHAR), '次') WHEN total_actions < 1000 * 1000 THEN concat(cast(round(total_actions / 1000.0, 2) AS VARCHAR),'千次') WHEN total_actions < 1000000000 THEN concat(cast(round(total_actions / 1000000.0, 2) AS VARCHAR),'百万次') WHEN total_actions / 1000.0 < 1000000000 THEN concat(cast(round(total_actions / 1000 / 1000000.0, 1) AS VARCHAR),'十亿次') ELSE concat(cast(round(total_actions / 1000.0 / 1000 / 1000 / 1000, 1) AS VARCHAR),'万亿次') END AS "total_actions" from (select count(1) as total_actions where log_status='OK' and version=1)
- ACCEPT总字节数图表所关联的查询分析语句如下所示:
select CASE WHEN accept_bytes < 1024 THEN concat(cast( accept_bytes AS VARCHAR), 'B') WHEN accept_bytes < 1024 * 1024 THEN concat(cast(round(accept_bytes / 1024, 2) AS VARCHAR),'KB') WHEN accept_bytes < 1000000000 THEN concat(cast(round(accept_bytes /1024.0 /1024, 2) AS VARCHAR),'MB') WHEN accept_bytes / 1000.0 < 1000000000 THEN concat(cast(round(accept_bytes / 1024 / 1000000.0, 2) AS VARCHAR),'GB') ELSE concat(cast(round(accept_bytes / 1000.0 / 1000 / 1000 / 1000, 1) AS VARCHAR),'TB') END AS "accept_bytes" from (select sum(bytes) as accept_bytes where log_status='OK' and version=1 and action='ACCEPT')
- ACCEPT总包数图表所关联的查询分析语句如下所示:
select CASE WHEN accept_packets < 1024 THEN concat(cast( accept_packets AS VARCHAR), 'B') WHEN accept_packets < 1024 * 1024 THEN concat(cast(round(accept_packets / 1024, 2) AS VARCHAR),'KB') WHEN accept_packets < 1000000000 THEN concat(cast(round(accept_packets /1024.0 /1024, 2) AS VARCHAR),'MB') WHEN accept_packets / 1000.0 < 1000000000 THEN concat(cast(round(accept_packets / 1024 / 1000000.0, 2) AS VARCHAR),'GB') ELSE concat(cast(round(accept_packets / 1000.0 / 1000 / 1000 / 1000, 1) AS VARCHAR),'TB') END AS "accept_packets" from (select sum(packets) as accept_packets where log_status='OK' and version=1 and action='ACCEPT')
- REJECT总字节数图表所关联的查询分析语句如下所示:
select CASE WHEN reject_bytes < 1024 THEN concat(cast( reject_bytes AS VARCHAR), 'B') WHEN reject_bytes < 1024 * 1024 THEN concat(cast(round(reject_bytes / 1024, 2) AS VARCHAR),'KB') WHEN reject_bytes < 1000000000 THEN concat(cast(round(reject_bytes /1024.0 /1024, 2) AS VARCHAR),'MB') WHEN reject_bytes / 1000.0 < 1000000000 THEN concat(cast(round(reject_bytes / 1024 / 1000000.0, 2) AS VARCHAR),'GB') ELSE concat(cast(round(reject_bytes / 1000.0 / 1000 / 1000 / 1000, 1) AS VARCHAR),'TB') END AS "reject_bytes" from (select sum(bytes) as reject_bytes where log_status='OK' and version=1 and action='REJECT')
- REJECT总包数图表所关联的查询分析语句如下所示:
select CASE WHEN reject_packets < 1024 THEN concat(cast( reject_packets AS VARCHAR), 'B') WHEN reject_packets < 1024 * 1024 THEN concat(cast(round(reject_packets / 1024, 2) AS VARCHAR),'KB') WHEN reject_packets < 1000000000 THEN concat(cast(round(reject_packets /1024.0 /1024, 2) AS VARCHAR),'MB') WHEN reject_packets / 1000.0 < 1000000000 THEN concat(cast(round(reject_packets / 1024 / 1000000.0, 2) AS VARCHAR),'GB') ELSE concat(cast(round(reject_packets / 1000.0 / 1000 / 1000 / 1000, 1) AS VARCHAR),'TB') END AS "reject_packets" from (select sum(packets) as reject_packets where log_status='OK' and version=1 and action='REJECT')
- 源地址的Action次数分布图表所关联的查询分析语句如下所示:
select IP_TO_PROVINCE(srcaddr) as province, count(1) as total_actions where IP_TO_COUNTRY (srcaddr) = '中国' group by province HAVING province not in ('','保留地址','*')
- 每分钟Action次数图表所关联的查询分析语句如下所示:
select TIME_FORMAT(date_trunc('minute', MILLIS_TO_TIMESTAMP("start" * 1000)),'MM-dd HH:mm') as "t", "action", count(1) as "total_actions" where log_status='OK' and version=1 group by "t", "action" order by t asc limit 1000
- Action分布图表所关联的查询分析语句如下所示:
select action, count(1) as total_actions where log_status='OK' and version=1 group by action
- 流日志记录状态分布图表所关联的查询分析语句如下所示:
select log_status, count(1) as total_actions where version=1 group by log_status
- Action次数的源地址运营商分布图表所关联的查询分析语句如下所示:
select ip_to_provider(srcaddr) as src_addr_provider, count(1) as total_actions where log_status='OK' and version=1 group by src_addr_provider order by total_actions desc limit 5
- Top5字节数的源地址图表所关联的查询分析语句如下所示:
select ip_to_provider(srcaddr) as src_addr_provider, count(1) as total_actions where log_status='OK' and version=1 group by src_addr_provider order by total_actions desc limit 5
- Top5字节数的目标地址图表所关联的查询分析语句如下所示:
select dstaddr, sum(bytes) as total_bytes where log_status='OK' and version=1 group by dstaddr order by total_bytes desc limit 5
- Top5包数的目标端口图表所关联的查询分析语句如下所示:
select dstport, sum(packets) as total_packets where log_status='OK' and version=1 group by dstport order by total_packets desc limit 5
- 各协议的每分钟包数图表所关联的查询分析语句如下所示:
select TIME_FORMAT(date_trunc('minute', MILLIS_TO_TIMESTAMP("start" * 1000)),'MM-dd HH:mm') as t, protocol, sum(packets) as total_packets where log_status='OK' and version=1 group by t, protocol order by t asc limit 1000
- 弹性网卡图表所关联的查询分析语句如下所示:
select interface_id as "ID", sum(packets) as '数据包总数量', sum(bytes) as '数据包总大小' where log_status='OK' and version=1 group by "ID"
- Action总次数图表所关联的查询分析语句如下所示:
父主题: 日志仪表盘模板