Description of Security Monitoring CLA connection log
- Print
- PDF
Description of Security Monitoring CLA connection log
- Print
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Available in VPC
Security Monitoring log list collected in Cloud Log Analysis
IDS
| Name of CLA column | Type | Meaning |
|---|---|---|
| rule_name | String | Detection event name |
| severity | String | Severity of risk |
| @timestamp | String | Detection time |
| protocol | String | Protocol |
| source_ip | String | Source IP |
| source_port | Integer | Source Port |
| source_ip_country | String | Source country information |
| destination_ip | String | Destination IP |
| destination_port | Integer | Destination Port |
| destination_ip_country | String | Destination country information |
| direction | String | Network traffic direction |
| detect_type | String | Type of attack |
| region_name | String | Region name |
| product | String | Product code |
| platform | String | Platform |
| zone | String | Zone name |
| vpc | String | VPC name |
| subnet | String | Subnet name |
| lb_name | String | Load Balancer name |
| lb_instance_no | Integer | Load Balancer number |
| lb_domain_name | String | Access information of Load Balancer |
| server_name | String | Server name |
| server_instance_no | Integer | Server number |
WAF
| Name of CLA column | Type | Meaning |
|---|---|---|
| @timestamp | String | Detection time |
| action | String | Action status -Detection: detect -Blocking: block -Cloaking: cloaking |
| destination_ip | String | Destination IP |
| destination_port | Integer | Destination port |
| detect_basis | String | Grounds for detection |
| detect_type | String | Detection type |
| domain | String | Service domain |
| lb_name | String | Load Balancer name |
| lb_instance_no | Integer | Load Balancer number |
| lb_domain_name | String | Access information of Load Balancer |
| platform | String | Platform |
| product | String | Product code |
| protocol | String | Protocol |
| region_name | String | Region name |
| rule_name | String | Detection event |
| severity | String | Severity of risk |
| server_name | String | Server name |
| server_instance_no | Integer | Server number |
| source_ip | String | Source IP |
| source_ip_country | String | Source country information |
| source_port | Integer | Source port |
| subnet | String | Subnet name |
| url | String | Path |
| vpc | String | VPC name |
| xff_ip | String | Source IP (X-Forwarded-For IP) |
| xff_ip_country | String | Source country information (X-Forwarded-For) |
| zone | String | Zone name |
IPS
| Name of CLA column | Type | Meaning |
|---|---|---|
| @timestamp | String | Detection time |
| action | String | Action status Reset: block, IDS:Reset:detection |
| agent_version | String | Agent version |
| count | Integer | Number of detections |
| destination_ip | String | Destination IP |
| destination_port | Integer | Destination port |
| host | String | Detection server IP |
| platform | String | Platform |
| product | String | Product code |
| protocol | String | Protocol |
| region_name | String | Region name |
| rule_id | Long | Detection event ID |
| rule_name | String | Detection event |
| server_name | String | Server name |
| server_instance_no | Integer | Server number |
| severity | String | Severity of risk |
| source_ip | String | Source IP |
| source_port | Integer | Source port |
| subnet | String | Subnet name |
| vpc | String | VPC name |
| xff_ip | String | Source IP (X-Forwarded-For IP) |
| zone | String | Zone name |
Anti-DDoS
| Name of CLA column | Type | Meaning |
|---|---|---|
| @timestamp | String | Detection time |
| action | String | Action status - Auto defense start: automatic defense against DDoS attacks has been started. - Auto defense end: automatic defense against DDoS attacks has been finished. - Detection: detect |
| attack_rate | Integer | Attack traffic |
| destination_ip | String | Destination IP |
| destination_port | Integer | Destination Port |
| lb_name | String | Load Balancer name |
| lb_instance_no | Integer | Load Balancer number |
| lb_domain_name | String | Access information of Load Balancer |
| platform | String | Platform |
| product | String | Product code |
| protocol | String | Protocol |
| region_name | String | Region name |
| rule_name | String | Detection event name |
| server_name | String | Server name |
| server_instance_no | Integer | Server number |
| slice_seconds | Integer | Detection standard time |
| source_ip | String | Source IP |
| source_port | String | Source Port |
| subnet | String | Subnet name |
| threshold_packets | Integer | Detection standard packet |
| threshold_bytes | Integer | Detection standard bytes |
| vpc | String | VPC name |
| zone | String | Zone name |
Note
- Currently, Anti-DDoS logs available through Cloud Log Analytics include attack detection logs and auto defense start/end logs. Attack blocking logs will be provided later.
Anti-Virus
| Name of CLA column | Type | Meaning |
|---|---|---|
| @timestamp | String | Detection time |
| action | String | Action status |
| agent_version | String | Agent version |
| file_path | String | Detection path |
| host | String | Detection server IP |
| platform | String | Platform |
| product | String | Product code |
| region_name | String | Region name |
| rule_id | Long | Detection event ID |
| rule_name | String | Detection event |
| scan_type | String | Scan type |
| server_name | String | Server name |
| server_instance_no | Integer | Server number |
| vpc | String | VPC name |
| subnet | String | Subnet name |
| zone | String | Zone name |
Was this article helpful?