文档首页/ 云日志服务 LTS/ 用户指南/ 日志可视化/ 使用仪表盘将日志可视化/ 日志仪表盘模板/ CFW仪表盘模板
更新时间:2024-07-25 GMT+08:00
查看PDF
分享

CFW仪表盘模板

云防火墙(Cloud Firewall,CFW)是新一代的云原生防火墙,提供云上互联网边界和VPC边界的防护,包括实时入侵检测与防御、全局统一访问控制、全流量分析可视化、日志审计与溯源分析等,同时支持按需弹性扩容、AI提升智能防御能力、灵活扩展满足云上业务的变化和扩张需求,极简应用让用户快速灵活应对威胁。云防火墙可以通过攻击事件日志查看检测到的危险流量的危险等级、受影响的端口、命中的规则、攻击事件类型等信息;通过访问控制日志查看根据访问控制策略放行或阻断的所有流量,以便更好的调整访问控制策略。

CFW仪表盘模板支持查看CFW访问日志中心查看CFW流量日志中心查看CFW攻击日志中心

前提条件

查看CFW访问日志中心

  1. 登录云日志服务控制台,在左侧导航栏中选择“日志管理”。
  2. 在“日志应用”模块中,单击“CFW日志中心”,选择“进入仪表盘”。
  3. 在仪表盘模板下方,选择“CFW仪表盘模板 > CFW访问日志中心”,查看图表详情。

    • 互联网访问-拦截趋势图展示互联网访问-拦截趋势的变化情况,所关联的查询分析语句如下所示: 
      select time_series(MILLIS_TO_TIMESTAMP(hit_time), 'PT1M', 'yyyy-MM-dd HH:mm:ss', '0') as t_time,COUNT(*) as frequency WHERE action='deny' AND direction='out2in' group by t_time order by t_time
    • 主动外联-拦截趋势图展示主动外联-拦截趋势的变化情况,所关联的查询分析语句如下所示: 
      select time_series(MILLIS_TO_TIMESTAMP(hit_time), 'PT1M', 'yyyy-MM-dd HH:mm:ss', '0') as t_time,COUNT(*) as frequency WHERE action='deny' AND direction='in2out' group by t_time order by t_time
    • 互联网阻断应用TOP5图展示互联网阻断应用TOP5的变化情况,所关联的查询分析语句如下所示: 
      SELECT app, COUNT(*) as frequency WHERE action='deny' AND direction='out2in' GROUP BY app ORDER BY frequency DESC LIMIT 5
    • 互联网阻断目的TOP5图展示互联网阻断目的TOP5的变化情况,所关联的查询分析语句如下所示: 
      SELECT dst_ip, COUNT(*) as frequency WHERE action='deny' AND direction='out2in' GROUP BY dst_ip ORDER BY frequency DESC LIMIT 5
    • 互联网阻断来源TOP5图展示互联网阻断来源TOP5的变化情况,所关联的查询分析语句如下所示: 
      SELECT src_ip, COUNT(*) as frequency WHERE action='deny' AND direction='out2in' GROUP BY src_ip ORDER BY frequency DESC LIMIT 5
    • 主动外联阻断应用TOP5图展示主动外联阻断应用TOP5的变化情况,所关联的查询分析语句如下所示: 
      SELECT app, COUNT(*) as frequency WHERE action='deny' AND direction='in2out' GROUP BY app ORDER BY frequency DESC LIMIT 5
    • 主动外联阻断目的TOP5图展示主动外联阻断目的TOP5的变化情况,所关联的查询分析语句如下所示: 
      SELECT dst_ip, COUNT(*) as frequency WHERE action='deny' AND direction='in2out' GROUP BY dst_ip ORDER BY frequency DESC LIMIT 5
    • 主动外联阻断来源TOP5图展示主动外联阻断来源TOP5的变化情况,所关联的查询分析语句如下所示: 
      SELECT src_ip, COUNT(*) as frequency WHERE action='deny' AND direction='in2out' GROUP BY src_ip ORDER BY frequency DESC LIMIT 5

查看CFW流量日志中心

  1. 登录云日志服务控制台,在左侧导航栏中选择“日志管理”。
  2. 在“日志应用”模块中,单击“CFW日志中心”,选择“进入仪表盘”。
  3. 在仪表盘模板下方,选择“CFW仪表盘模板 > CFW流量日志中心”,查看图表详情。

    • 互联网访问流量趋势图展示互联网访问流量趋势的变化情况,所关联的查询分析语句如下所示: 
      select time_series(MILLIS_TO_TIMESTAMP(start_time), 'PT1M', 'yyyy-MM-dd HH:mm:ss', '0') as t_time, SUM(to_s_bytes) AS '入流量', SUM(to_c_bytes) AS '出流量' WHERE direction='out2in' group by t_time order by t_time
    • 互联网访问流入地域分布(中国)图展示互联网访问流入地域分布(中国)的变化情况,所关联的查询分析语句如下所示: 
      SELECT count(*) AS PV, ip_to_province(src_ip) AS province WHERE direction='out2in' and IP_TO_COUNTRY (src_ip) = '中国' GROUP BY province HAVING province not in ('','保留地址','*') ORDER BY PV DESC
    • 互联网访问流入地域分布(世界)图展示互联网访问流入地域分布(世界)的变化情况,所关联的查询分析语句如下所示: 
      SELECT count(*) AS PV, ip_to_country(src_ip) AS country WHERE direction='out2in' GROUP BY country HAVING country not in ('','保留地址','*') ORDER BY PV DESC
    • 互联网访问应用分布图展示互联网访问应用分布的变化情况,所关联的查询分析语句如下所示: 
      SELECT app, COUNT(*) AS num WHERE direction='out2in' GROUP BY app ORDER BY num DESC
    • 互联网访问源IP TOP5图展示互联网访问源IP TOP5的变化情况,所关联的查询分析语句如下所示: 
      select src_ip, SUM(bytes)/1024 as sum_bytes WHERE direction='out2in' GROUP BY src_ip ORDER BY sum_bytes DESC LIMIT 5
    • 互联网访问目的IP TOP5图展示互联网访问目的IP TOP5的变化情况,所关联的查询分析语句如下所示: 
      select dst_ip, SUM(bytes)/1024 as sum_bytes WHERE direction='out2in' GROUP BY dst_ip ORDER BY sum_bytes DESC LIMIT 5
    • 主动外联流量趋势图展示主动外联流量趋势的变化情况,所关联的查询分析语句如下所示: 
      select time_series(MILLIS_TO_TIMESTAMP(start_time), 'PT1M', 'yyyy-MM-dd HH:mm:ss', '0') as t_time, SUM(to_c_bytes) AS '入流量', SUM(to_s_bytes) AS '出流量' WHERE direction='in2out' group by t_time order by t_time
    • 主动外联目的地域分布(中国)图展示主动外联目的地域分布(中国)的变化情况,所关联的查询分析语句如下所示: 
      SELECT count(*) AS PV, ip_to_province(dst_ip) AS province WHERE direction='in2out' and IP_TO_COUNTRY (dst_ip) = '中国' GROUP BY province HAVING province not in ('','保留地址','*') ORDER BY PV DESC
    • 目的地域分布(世界)图展示目的地域分布(世界)的变化情况,所关联的查询分析语句如下所示: 
      SELECT count(*) AS PV, ip_to_country(dst_ip) AS country WHERE direction='in2out' GROUP BY country HAVING country not in ('','保留地址','*') ORDER BY PV DESC
    • 主动外联-应用分布图展示主动外联-应用分布的变化情况,所关联的查询分析语句如下所示: 
      SELECT app, COUNT(*) AS num WHERE direction='in2out' GROUP BY app ORDER BY num DESC
    • 主动外联源IP TOP5图展示主动外联源IP TOP5的变化情况,所关联的查询分析语句如下所示: 
      select src_ip, SUM(bytes)/1024 as sum_bytes WHERE direction='in2out' GROUP BY src_ip ORDER BY sum_bytes DESC LIMIT 5
    • 主动外联目的IP TOP5图展示主动外联目的IP TOP5的变化情况,所关联的查询分析语句如下所示: 
      select dst_ip, SUM(bytes)/1024 as sum_bytes WHERE direction='in2out' GROUP BY dst_ip ORDER BY sum_bytes DESC LIMIT 5

查看CFW攻击日志中心

  1. 登录云日志服务控制台,在左侧导航栏中选择“日志管理”。
  2. 在“日志应用”模块中,单击“CFW日志中心”,选择“进入仪表盘”。
  3. 在仪表盘模板下方,选择“CFW仪表盘模板 > CFW攻击日志中心”,查看图表详情。

    • 攻击趋势图表所关联的查询分析语句如下所示: 
      select time_series(MILLIS_TO_TIMESTAMP(event_time), 'PT1M', 'yyyy-MM-dd HH:mm:ss', '0') as t_time, count(*) as frequency group by t_time order by t_time
    • 攻击来源分布(中国)图表所关联的查询分析语句如下所示: 
      SELECT count(*) as PV,ip_to_province(src_ip) as province WHERE  IP_TO_COUNTRY (src_ip) = '中国' GROUP BY province HAVING province not in ('','保留地址','*')
    • 攻击来源分布(世界)图表所关联的查询分析语句如下所示: 
      SELECT count(*) AS PV,ip_to_country(src_ip) AS country GROUP BY country HAVING country not in ('','保留地址','*')
    • 攻击类型分布图表所关联的查询分析语句如下所示: 
      SELECT attack_type, COUNT(*) as num GROUP BY attack_type ORDER BY num
    • 攻击目的TOP5图表所关联的查询分析语句如下所示: 
      SELECT dst_ip, COUNT(*) as frequency GROUP BY dst_ip ORDER BY frequency  DESC LIMIT 5
    • 攻击来源TOP5图表所关联的查询分析语句如下所示: 
      SELECT src_ip, COUNT(*) as frequency GROUP BY src_ip ORDER BY frequency DESC LIMIT 5

父主题: 日志仪表盘模板

相关文档