Description of Security Monitoring CLA connection log
- Print
- PDF
Description of Security Monitoring CLA connection log
- Print
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Available in VPC
Security Monitoring log list collected in Cloud Log Analysis
IDS
Name of CLA column | Type | Meaning |
---|---|---|
rule_name | String | Detection event name |
severity | String | Severity of risk |
@timestamp | String | Detection time |
protocol | String | Protocol |
source_ip | String | Source IP |
source_port | Integer | Source Port |
source_ip_country | String | Source country information |
destination_ip | String | Destination IP |
destination_port | Integer | Destination Port |
destination_ip_country | String | Destination country information |
direction | String | Network traffic direction |
detect_type | String | Type of attack |
region_name | String | Region name |
product | String | Product code |
platform | String | Platform |
zone | String | Zone name |
vpc | String | VPC name |
subnet | String | Subnet name |
lb_name | String | Load Balancer name |
lb_instance_no | Integer | Load Balancer number |
lb_domain_name | String | Access information of Load Balancer |
server_name | String | Server name |
server_instance_no | Integer | Server number |
WAF
Name of CLA column | Type | Meaning |
---|---|---|
@timestamp | String | Detection time |
action | String | Action status -Detection: detect -Blocking: block -Cloaking: cloaking |
destination_ip | String | Destination IP |
destination_port | Integer | Destination port |
detect_basis | String | Grounds for detection |
detect_type | String | Detection type |
domain | String | Service domain |
lb_name | String | Load Balancer name |
lb_instance_no | Integer | Load Balancer number |
lb_domain_name | String | Access information of Load Balancer |
platform | String | Platform |
product | String | Product code |
protocol | String | Protocol |
region_name | String | Region name |
rule_name | String | Detection event |
severity | String | Severity of risk |
server_name | String | Server name |
server_instance_no | Integer | Server number |
source_ip | String | Source IP |
source_ip_country | String | Source country information |
source_port | Integer | Source port |
subnet | String | Subnet name |
url | String | Path |
vpc | String | VPC name |
xff_ip | String | Source IP (X-Forwarded-For IP) |
xff_ip_country | String | Source country information (X-Forwarded-For) |
zone | String | Zone name |
IPS
Name of CLA column | Type | Meaning |
---|---|---|
@timestamp | String | Detection time |
action | String | Action status Reset: block, IDS:Reset:detection |
agent_version | String | Agent version |
count | Integer | Number of detections |
destination_ip | String | Destination IP |
destination_port | Integer | Destination port |
host | String | Detection server IP |
platform | String | Platform |
product | String | Product code |
protocol | String | Protocol |
region_name | String | Region name |
rule_id | Long | Detection event ID |
rule_name | String | Detection event |
server_name | String | Server name |
server_instance_no | Integer | Server number |
severity | String | Severity of risk |
source_ip | String | Source IP |
source_port | Integer | Source port |
subnet | String | Subnet name |
vpc | String | VPC name |
xff_ip | String | Source IP (X-Forwarded-For IP) |
zone | String | Zone name |
Anti-DDoS
Name of CLA column | Type | Meaning |
---|---|---|
@timestamp | String | Detection time |
action | String | Action status - Auto defense start: automatic defense against DDoS attacks has been started. - Auto defense end: automatic defense against DDoS attacks has been finished. - Detection: detect |
attack_rate | Integer | Attack traffic |
destination_ip | String | Destination IP |
destination_port | Integer | Destination Port |
lb_name | String | Load Balancer name |
lb_instance_no | Integer | Load Balancer number |
lb_domain_name | String | Access information of Load Balancer |
platform | String | Platform |
product | String | Product code |
protocol | String | Protocol |
region_name | String | Region name |
rule_name | String | Detection event name |
server_name | String | Server name |
server_instance_no | Integer | Server number |
slice_seconds | Integer | Detection standard time |
source_ip | String | Source IP |
source_port | String | Source Port |
subnet | String | Subnet name |
threshold_packets | Integer | Detection standard packet |
threshold_bytes | Integer | Detection standard bytes |
vpc | String | VPC name |
zone | String | Zone name |
Note
- Currently, Anti-DDoS logs available through Cloud Log Analytics include attack detection logs and auto defense start/end logs. Attack blocking logs will be provided later.
Anti-Virus
Name of CLA column | Type | Meaning |
---|---|---|
@timestamp | String | Detection time |
action | String | Action status |
agent_version | String | Agent version |
file_path | String | Detection path |
host | String | Detection server IP |
platform | String | Platform |
product | String | Product code |
region_name | String | Region name |
rule_id | Long | Detection event ID |
rule_name | String | Detection event |
scan_type | String | Scan type |
server_name | String | Server name |
server_instance_no | Integer | Server number |
vpc | String | VPC name |
subnet | String | Subnet name |
zone | String | Zone name |
Was this article helpful?