vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/cfw/api-ref/ListFlowLogs.html
qiaoli 152fbef519 First version of CFW API
2024-04-11 14:16:27 +08:00

24 KiB
Raw Blame History

Querying Flow Logs

Function

This API is used to query flow logs.

URI

GET /v1/{project_id}/cfw/logs/flow

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID
Table 2 Query Parameters

Parameter

Mandatory

Type

Description

fw_instance_id

Yes

String

Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.

direction

No

String

Direction

log_type

No

String

Log type

Enumeration values:

  • internet

  • vpc

  • nat

start_time

Yes

Long

Start time

end_time

Yes

Long

End time

src_ip

No

String

Source IP address

src_port

No

Integer

Source port

Minimum: 0

Maximum: 65535

dst_ip

No

String

Destination IP address

dst_port

No

Integer

Destination port

Minimum: 0

Maximum: 65535

protocol

No

String

Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added.

Enumeration values:

  • 6

  • 17

  • 1

  • 58

app

No

String

Application protocol

log_id

No

String

Document ID. The value is null for the first page and not null for the rest of the pages.

next_date

No

Long

Date. The value is null for the first page and not null for the rest of the pages.

offset

No

Integer

Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0.

limit

Yes

Integer

Number of records displayed on each page, in the range 1-1024

Minimum: 1

Maximum: 1024

enterprise_project_id

No

String

Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project.

dst_host

No

String

destination host

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

data

data object

Value returned for flow log query
Table 5 data

Parameter

Type

Description

total

Integer

Returned quantity

limit

Integer

Number of records displayed on each page, in the range 1-1024

records

Array of records objects

Record
Table 6 records

Parameter

Type

Description

bytes

Integer

Byte

direction

String

Direction, which can be inbound or outbound

Enumeration values:

  • out2in

  • in2out

packets

Integer

Packet

start_time

Long

Start time

end_time

Long

End time

log_id

String

Document ID

src_ip

String

Source IP address

src_port

Integer

Source port

dst_ip

String

Destination IP address

app

String

Application protocol

dst_port

Integer

Destination port

protocol

String

Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added.

dst_host

String

destination host

Status code: 400

Table 7 Response body parameters

Parameter

Type

Description

error_code

String

Error code

Minimum: 8

Maximum: 36

error_msg

String

Description

Minimum: 2

Maximum: 512

Example Requests

Query the flow logs on the first page of the firewall with the ID 2af58b7c-893c-4453-a984-bdd9b1bd6318 in the project 9d80d070b6d44942af73c9c3d38e0429. The query time range is 1663555012000 to 1664159798000.

https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/cfw/logs/flow?fw_instance_id=2af58b7c-893c-4453-a984-bdd9b1bd6318&start_time=1663555012000&end_time=1664159798000&limit=10

Example Responses

Status code: 200

OK

{
  "data" : {
    "limit" : 10,
    "records" : [ {
      "app" : "SSH",
      "bytes" : 34.5,
      "direction" : "out2in",
      "dst_ip" : "100.95.148.49",
      "dst_port" : 22,
      "end_time" : 1664155493000,
      "log_id" : "76354",
      "packets" : 25,
      "protocol" : "TCP",
      "src_ip" : "100.93.27.17",
      "src_port" : 49634,
      "start_time" : 1664155428000
    } ],
    "total" : 1
  }
}

Status code: 400

Bad Request

{
  "error_code" : "CFW.00500002",
  "error_msg" : "time range error"
}

Status Codes

Status Code

Description

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

500

Internal Server Error

Error Codes

See Error Codes.

Parent topic: Log Management