DescribeTrafficLog-阿里云帮助中心

Queries information about log traffic.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-cloudfirewall:DescribeTrafficLog

get

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
SourceIp	string	No	The source IP address.	139.217.234.XXX
Lang	string	No	The language of the response. Valid values: zh (default): Chinese en: English Valid values: en : English zh : Chinese	zh
Lang	string	No	The language of the response. Valid values: zh (default): Chinese en: English Valid values: en : English zh : Chinese	zh
StartTime	string	Yes	The start time. This value is a UNIX timestamp. Unit: seconds. You can query data within the last 7 days. The time range for a single query cannot exceed one day.	1730946241
EndTime	string	Yes	The end time. This value is a UNIX timestamp. Unit: seconds.	1742926322
AppId	string	No	The application ID.	7
CurrentPage	string	No	The page number of the query.	1
PageSize	string	No	The page number to query. The maximum value is 20.	10
RuleId	string	No	The rule ID.	8b115ae3-da64-4b80-81c1-1cd2dd42****
SourceCode	string	Yes	The traceability code.	yundun
DstIP	string	No	The destination IP address.	182.92.206.XXX
SrcIP	string	No	The source IP address.	10.68.60.XXX
SrcPrivateIP	string	No	The private source IP address.	10.100.134.XX
Direction	string	No	The direction. Valid values: in : inbound out : outbound	out
AssetRegion	string	No	The region ID.	cn-hangzhou
RuleResult	string	No	The action of the rule. Valid values: 0 : Allow 1 : Alert 2 : Drop	0
IpProtocol	string	No	The protocol type.	icmp
SrcPort	string	No	The source port.	8082
DstPort	string	No	The destination port.	9876
AttackType	string	No	The attack type. Valid values: 1 : Abnormal connection 2 : Command execution 3 : Brute-force attack 4 : Scan 5 : Other	1
RuleSource	string	No	The source of the rule. Valid values: 1 : Basic protection 2 : Virtual patching 3 : Basic access control list (ACL) 4 : Threat intelligence	1
VulLevel	string	No	The vulnerability level. Valid values: 1 : Low 2 : Medium 3 : High	1
Isp	string	No	The Internet Service Provider (ISP).	telecom
Location	string	No	The region of the source or destination IP address.	Hangzhou
DomainName	string	No	The domain name.	example.com
FlowType	string	No	The flow log type. Valid values: UnidirectionalFlow : Unidirectional stream BidirectionalFlow : Bidirectional stream	All
FirewallType	string	No	The firewall type. Valid values: DnsFirewall : DNS firewall VpcFirewall : VPC border firewall InternetFirewall : Internet firewall	VpcFirewall
VpcFirewallId	string	No	The instance ID of the VPC border firewall.	vfw-a42bbb7b887148c9****
SrcVpcId	string	No	The source VPC ID.	vpc-wz9309pkwe06lv****tk4
DstVpcId	string	No	The destination VPC ID.	vpc-wz95m1aq9b0h****vk1yb
SrcVpcRegionNo	string	No	The region of the source VPC asset.	cn-beijing
DstVpcRegionNo	string	No	The region of the destination VPC asset.	cn-shenzhen
DomainUrl	string	No	The URL in the flow log.	example.com
IpVersion	string	No	The IP version. Valid values: 4 : IPv4 6 : IPv6	4
MemberUid	integer	No	The UID of the member account.	128599825273****
NatFirewallId	string	No	The ID of the NAT firewall.	vfw-tr-7a9c8901ed394****
NatGatewayId	string	No	The ID of the NAT Gateway.	ngw-2zew6yn017hhzbm****
AclPreState	string	No	The pre-matching status of the ACL.	normal
AclPreRuleId	string	No	The ID of the pre-matched ACL rule.	00000000-0000-0000-0000-000000000000
AppDpiState	string	No	The status of deep packet inspection.	success
TlsScopeId	string	No	The ID of the TLS inspection scope.	tis-98fd64c5****
RuleSourceFinal	string	No	The module that takes effect in the end. Valid values: 1 : Basic protection 2 : Virtual patching 3 : Basic ACL 4 : Threat intelligence 9 : Web filtering 10 : Application control 1,2 : Intrusion prevention system (IPS)	1

Response elements

Element	Type	Description	Example
	object
RequestId	string	The ID of the request.	633D92D1-768A-547F-8ADC-2870CF0A99F6
PageInfo	object	The paging information.
CurrentPage	integer	The current page number.	1
PageSize	integer	The number of entries returned per page.	10
TotalCount	integer	The total number of entries.	2
DataList	array<object>	The data list.
	array<object>	The details of the data list.
Direction	string	The traffic direction. Valid values: in: inbound traffic. out: outbound traffic.	in
AttackType	integer	The attack type of the intrusion prevention event. Valid values: 1 : Abnormal connection 2 : Command execution 3 : Brute-force attack 4 : Scan 5 : Other	0
MemberUid	string	The UID of the Cloud Firewall member account.	14151892****7022
CountryId	string	The country ID.	US
DstPort	integer	The destination port.	80
SrcPrivateIP	string	The private source IP address.	172.16.101.7
IpProtocol	string	The protocol type.	tcp
DomainName	string	The domain name.	aliyun.com
RuleId	string	The ID of the matched rule.	00000000-0000-0000-0000-000000000000
AppName	string	The application name.	HTTP
AttackApp	string	The name of the attacked application.	WebLogic
PacketCount	integer	The number of traffic packets.	23
AppId	integer	The application ID.	6
RuleResult	integer	The final result of the traffic. Valid values: pass: The traffic is allowed. alert: An alert is generated. drop: The traffic is dropped.	pass
Ext	string	Other extension data.	None
DstIP	string	The destination IP address found. This indicates that the intrusion prevention event includes this destination IP address.	2.2.2.2
PacketBytes	integer	The number of bytes in the packet.	355
InBytes	string	The inbound traffic.	125
IspId	string	The ISP ID.	50075069
Isp	string	The ISP.	FOP Dmytro Nedilskyi
RegionId	string	The region ID.	cn-hangzhou
SrcPort	integer	The port of the data source.	20206
RuleName	string	The rule name.	test
EndTime	integer	The end time of the data. This value is a UNIX timestamp. Unit: seconds.	1751423363
VpcFirewallId	string	The instance ID of the VPC border firewall.	vfw-4045ca7***
CityId	string	The city ID.	FI
StartTime	integer	The start time of the data. This value is a UNIX timestamp. Unit: seconds.	1751423362
CloseReason	string	The reason for closing.	tcp_fin
OutBytes	string	The outbound traffic.	230
VulLevel	integer	The vulnerability level.	0
RuleSource	string	The source of the detection rule that is matched. Valid values: 0: None. 1: Basic protection. 2: Virtual patching. 3: Access control. 4: Threat intelligence.	0
OutPackets	string	The number of outbound messages.	11
InPackets	string	The number of inbound messages.	12
SrcIP	string	The source IP address.	1.1.1.1
Location	string	The region of the source or destination IP address.	Hangzhou
DomainUrl	string	The URL in the flow log.	xxx.com
CloudInstanceId	string	The ID of the Alibaba Cloud service instance.	ngw-*
AclPreState	string	The pre-matching status of the ACL. Valid values: app_unknown: The application is not detected. domain_unknown: The domain name is not detected. normal: Normal.	normal
AclPreRuleId	string	The ID of the pre-matched ACL policy. If you leave this parameter empty, all policies are matched.	2
AclPreRuleName	string	The name of the pre-matched ACL policy.	test
AppDpiState	string	The API status. Valid values: none: Initial state. policy_discard: The connection failed to be established and was blocked by a user-defined ACL or threat intelligence. tcp_not_establish: TCP connection failed. no_payload: The connection is established, but deep packet inspection has analyzed zero payloads. analysing: Detecting. unknown_loose: Loose mode. Detection failed. The system continues to detect. unknown_strict: Strict mode. Detection failed. success: Detection successful.	success
Rules	array<object>	The list of rules.
	object	The list of rules.
RuleName	string	The rule name.	sharepoint
RuleId	string	The rule ID.	17
RuleSource	string	The source of the rule.	3
SrcVpc	object	The source VPC information.
VpcId	string	The instance ID of the source VPC.	vpc-8vba1c1em97h0ji71****
VpcName	string	The instance name of the source VPC.	yi-vpc
RegionNo	string	The region ID of the source VPC.	cn-beijing
DstVpc	object	The list of destination VPC information.
VpcId	string	The VPC instance ID.	vpc-8vba1c1em97h0ji71b****
VpcName	string	The instance name of the VPC.	yi-vpc
RegionNo	string	The region ID.	cn-hangzhou
PrivateIp	string	The private IP address.	172.21.234.XXX
PrivatePort	integer	The private port.	80
TlsRuleId	string	The ID of the rule that is matched by the TLS inspection.	tir-xxx
TlsRuleName	string	The name of the rule that is matched by the TLS inspection.	test
TlsScopeId	string	The ID of the TLS inspection scope.	tls-xxx

Examples

Success response

JSON format

{
  "RequestId": "633D92D1-768A-547F-8ADC-2870CF0A99F6",
  "PageInfo": {
    "CurrentPage": 1,
    "PageSize": 10,
    "TotalCount": 2
  },
  "DataList": [
    {
      "Direction": "in",
      "AttackType": 0,
      "MemberUid": "14151892****7022",
      "CountryId": "US",
      "DstPort": 80,
      "SrcPrivateIP": "172.16.101.7",
      "IpProtocol": "tcp",
      "DomainName": "aliyun.com",
      "RuleId": "00000000-0000-0000-0000-000000000000",
      "AppName": "HTTP",
      "AttackApp": "WebLogic",
      "PacketCount": 23,
      "AppId": 6,
      "RuleResult": 0,
      "Ext": "None",
      "DstIP": "2.2.2.2",
      "PacketBytes": 355,
      "InBytes": "125",
      "IspId": "50075069",
      "Isp": "FOP Dmytro Nedilskyi",
      "RegionId": "cn-hangzhou",
      "SrcPort": 20206,
      "RuleName": "test",
      "EndTime": 1751423363,
      "VpcFirewallId": "vfw-4045ca7***",
      "CityId": "FI",
      "StartTime": 1751423362,
      "CloseReason": "tcp_fin",
      "OutBytes": "230",
      "VulLevel": 0,
      "RuleSource": "0",
      "OutPackets": "11",
      "InPackets": "12",
      "SrcIP": "1.1.1.1",
      "Location": "Hangzhou",
      "DomainUrl": "xxx.com",
      "CloudInstanceId": "ngw-*",
      "AclPreState": "normal",
      "AclPreRuleId": "2",
      "AclPreRuleName": "test",
      "AppDpiState": "success",
      "Rules": [
        {
          "RuleName": "sharepoint",
          "RuleId": "17",
          "RuleSource": "3"
        }
      ],
      "SrcVpc": {
        "VpcId": "vpc-8vba1c1em97h0ji71****",
        "VpcName": "yi-vpc",
        "RegionNo": "cn-beijing"
      },
      "DstVpc": {
        "VpcId": "vpc-8vba1c1em97h0ji71b****",
        "VpcName": "yi-vpc",
        "RegionNo": "cn-hangzhou"
      },
      "PrivateIp": "172.21.234.XXX",
      "PrivatePort": 80,
      "TlsRuleId": "tir-xxx",
      "TlsRuleName": "test",
      "TlsScopeId": "tls-xxx"
    }
  ]
}

Error codes

HTTP status code	Error code	Error message	Description
400	ErrorAliUid	Aliuid invalid.	The aliuid is invalid.
400	ErrorAliUidBlackList	The specified aliUid is invalid.	The specified aliUid is invalid.
400	ErrorSourceCodeError	The source code is invalid.	The source code is invalid.
400	ErrorTrafficSlsFirewallType	The firewall type of traffic log is invalid.	The firewall type of traffic log is invalid.
400	ErrorIpFormat	The IP address is invalid.	The IP address is invalid.
400	ErrorPortError	The port is invalid.	The port is invalid.
400	ErrorIpProtocolError	The protocol is invalid.	The protocol is invalid.
400	ErrorDirectionError	The direction is invalid.	The direction is invalid.
400	ErrorAttackTypeError	The attack type is invalid.	The attack type is invalid.
400	ErrorVulLevelFailed	VulLevel has failed.	VulLevel has failed.
400	ErrorRuleResultError	The rule result is invalid.	The rule result is invalid.
400	ErrorAppIdError	An app ID error occurred.	An app ID error occurred.
400	ErrorFlowType	The flow type is invalid.	The flow type is invalid.
400	ErrorIspError	The ISP name is invalid.	The ISP name is invalid.
400	ErrorLocationError	The location name is invalid.	The location name is invalid.
400	ErrorDomainName	The domain name is invalid.	The domain name is invalid.
400	ErrorTimeError	The time is invalid.	The time is invalid.
400	ErrorPageNo	Either page number or page size is invalid.	Either page number or page size is invalid.
400	ErrorParameters	A parameter error occurred.	A parameter error occurred.
400	ErrorSLSLogStore	Failed to get SLS logstore.	Failed to obtain the Log Service logstore.
400	ErrorDBSelectError	A database select error occurred.	The error message returned because an internal error has occurred in querying the database.
400	ErrorAsyncQueryFailed	The current query has timed out. We suggest shortening the query time range and trying again.	The current query has timed out. We suggest shortening the query time range and trying again.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.