The latest service changes have not yet been reflected in this content. We will update the content as soon as possible. Please refer to the Korean version for information on the latest updates.
Available in VPC
Security Monitoring log list collected in Cloud Log Analysis
IDS
| Name of CLA column | Type | Meaning |
|---|---|---|
| rule_name | String | Detection event name |
| severity | String | Severity of risk |
| @timestamp | String | Detection time |
| protocol | String | Protocol |
| source_ip | String | Source IP |
| source_port | Integer | Source Port |
| source_ip_country | String | Source country information |
| destination_ip | String | Destination IP |
| destination_port | Integer | Destination Port |
| destination_ip_country | String | Destination country information |
| direction | String | Network traffic direction |
| detect_type | String | Type of attack |
| region_name | String | Region name |
| product | String | Product code |
| platform | String | Platform |
| zone | String | Zone name |
| vpc | String | VPC name |
| subnet | String | Subnet name |
| lb_name | String | Load Balancer name |
| lb_instance_no | Integer | Load Balancer number |
| lb_domain_name | String | Access information of Load Balancer |
| server_name | String | Server name |
| server_instance_no | Integer | Server number |
WAF
| Name of CLA column | Type | Meaning |
|---|---|---|
| @timestamp | String | Detection time |
| action | String | Action status -Detection: detect -Blocking: block -Cloaking: cloaking |
| destination_ip | String | Destination IP |
| destination_port | Integer | Destination port |
| detect_basis | String | Grounds for detection |
| detect_type | String | Detection type |
| domain | String | Service domain |
| lb_name | String | Load Balancer name |
| lb_instance_no | Integer | Load Balancer number |
| lb_domain_name | String | Access information of Load Balancer |
| platform | String | Platform |
| product | String | Product code |
| protocol | String | Protocol |
| region_name | String | Region name |
| rule_name | String | Detection event |
| severity | String | Severity of risk |
| server_name | String | Server name |
| server_instance_no | Integer | Server number |
| source_ip | String | Source IP |
| source_ip_country | String | Source country information |
| source_port | Integer | Source port |
| subnet | String | Subnet name |
| url | String | Path |
| vpc | String | VPC name |
| xff_ip | String | Source IP (X-Forwarded-For IP) |
| xff_ip_country | String | Source country information (X-Forwarded-For) |
| zone | String | Zone name |
IPS
| Name of CLA column | Type | Meaning |
|---|---|---|
| @timestamp | String | Detection time |
| action | String | Action status Reset: block, IDS:Reset:detection |
| agent_version | String | Agent version |
| count | Integer | Number of detections |
| destination_ip | String | Destination IP |
| destination_port | Integer | Destination port |
| host | String | Detection server IP |
| platform | String | Platform |
| product | String | Product code |
| protocol | String | Protocol |
| region_name | String | Region name |
| rule_id | Long | Detection event ID |
| rule_name | String | Detection event |
| server_name | String | Server name |
| server_instance_no | Integer | Server number |
| severity | String | Severity of risk |
| source_ip | String | Source IP |
| source_port | Integer | Source port |
| subnet | String | Subnet name |
| vpc | String | VPC name |
| xff_ip | String | Source IP (X-Forwarded-For IP) |
| zone | String | Zone name |
Anti-DDoS
| Name of CLA column | Type | Meaning |
|---|---|---|
| @timestamp | String | Detection time |
| action | String | Action status - Auto defense start: automatic defense against DDoS attacks has been started. - Auto defense end: automatic defense against DDoS attacks has been finished. - Detection: detect |
| attack_rate | Integer | Attack traffic |
| destination_ip | String | Destination IP |
| destination_port | Integer | Destination Port |
| lb_name | String | Load Balancer name |
| lb_instance_no | Integer | Load Balancer number |
| lb_domain_name | String | Access information of Load Balancer |
| platform | String | Platform |
| product | String | Product code |
| protocol | String | Protocol |
| region_name | String | Region name |
| rule_name | String | Detection event name |
| server_name | String | Server name |
| server_instance_no | Integer | Server number |
| slice_seconds | Integer | Detection standard time |
| source_ip | String | Source IP |
| source_port | String | Source Port |
| subnet | String | Subnet name |
| threshold_packets | Integer | Detection standard packet |
| threshold_bytes | Integer | Detection standard bytes |
| vpc | String | VPC name |
| zone | String | Zone name |
Note
- Currently, Anti-DDoS logs available through Cloud Log Analytics include attack detection logs and auto defense start/end logs. Attack blocking logs will be provided later.
Anti-Virus
| Name of CLA column | Type | Meaning |
|---|---|---|
| @timestamp | String | Detection time |
| action | String | Action status |
| agent_version | String | Agent version |
| file_path | String | Detection path |
| host | String | Detection server IP |
| platform | String | Platform |
| product | String | Product code |
| region_name | String | Region name |
| rule_id | Long | Detection event ID |
| rule_name | String | Detection event |
| scan_type | String | Scan type |
| server_name | String | Server name |
| server_instance_no | Integer | Server number |
| vpc | String | VPC name |
| subnet | String | Subnet name |
| zone | String | Zone name |