DescribeTrafficLog

更新时间:
复制 MD 格式

Queries log traffic information.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-cloudfirewall:DescribeTrafficLog

get

*All Resource

*

None None

Request parameters

Parameter

Type

Required

Description

Example

SourceIp

string

No

The IP address of the access source.

139.217.234.XXX

Lang

string

No

The language type of the received message. Valid values:

  • zh (default): Chinese

  • en: English.

Valid values:

  • en :

    English.

  • zh :

    Chinese.

zh

Lang

string

No

接收消息的语言类型。取值:

  • zh(默认):中文

  • en:英文

Valid values:

  • en :

    英文

  • zh :

    中文

zh

StartTime

string

Yes

The start time. Specify a UNIX timestamp in seconds. Only data within the last 7 days can be queried. We recommend that a single query does not exceed one day.

1730946241

EndTime

string

Yes

The end time. Specify a UNIX timestamp in seconds.

1742926322

AppId

string

No

The application ID.

7

CurrentPage

string

No

The page number of the query.

1

PageSize

string

No

The number of entries per page. Maximum value: 20.

10

RuleId

string

No

The rule ID.

8b115ae3-da64-4b80-81c1-1cd2dd42****

SourceCode

string

Yes

The tracing watermark.

yundun

DstIP

string

No

The destination IP address.

182.92.206.XXX

SrcIP

string

No

The source IP address.

10.68.60.XXX

SrcPrivateIP

string

No

The private source IP address.

10.100.134.XX

Direction

string

No

The traffic direction.

Valid values:

  • in :

    inbound.

  • out :

    outbound.

out

AssetRegion

string

No

The region ID.

cn-hangzhou

RuleResult

string

No

The rule action result. Valid values:

Valid values:

  • 0 :

    allow.

  • 1 :

    alert.

  • 2 :

    drop.

0

IpProtocol

string

No

The protocol type.

icmp

SrcPort

string

No

The source port.

8082

DstPort

string

No

The destination port.

9876

AttackType

string

No

The attack type.

Valid values:

  • 1 :

    abnormal connection.

  • 2 :

    command execution.

  • 3 :

    brute-force attack.

  • 4 :

    scan.

  • 5 :

    other.

1

RuleSource

string

No

The rule source.

Valid values:

  • 1 :

    basic protection.

  • 2 :

    virtual patches.

  • 3 :

    basic ACL.

  • 4 :

    threat intelligence.

  • 9 :

    web filtering.

  • 10 :

    application control.

  • 1,2 :

    IPS

1

VulLevel

string

No

The vulnerability level.

Valid values:

  • 1 :

    low.

  • 2 :

    medium.

  • 3 :

    high.

1

Isp

string

No

The Internet service provider (ISP).

telecom

Location

string

No

The region of the source or destination IP address.

Hangzhou

DomainName

string

No

The domain name.

example.com

FlowType

string

No

The flow log type.

Valid values:

  • UnidirectionalFlow :

    unidirectional flow.

  • BidirectionalFlow :

    bidirectional flow.

All

FirewallType

string

No

The firewall type.

Valid values:

  • DnsFirewall :

    DNS firewall.

  • VpcFirewall :

    VPC firewall.

  • NatFirewall :

    NAT firewall.

  • InternetFirewall :

    Internet Border firewall.

VpcFirewall

VpcFirewallId

string

No

The instance ID of the virtual private cloud (VPC) firewall.

vfw-a42bbb7b887148c9****

SrcVpcId

string

No

The source VPC ID.

vpc-wz9309pkwe06lv****tk4

DstVpcId

string

No

The destination VPC ID.

vpc-wz95m1aq9b0h****vk1yb

SrcVpcRegionNo

string

No

The region of the source VPC asset.

cn-beijing

DstVpcRegionNo

string

No

The region of the destination VPC asset.

cn-shenzhen

DomainUrl

string

No

The URL of the flow log.

example.com

IpVersion

string

No

The IP version.

Valid values:

  • 4 :

    IPv4

  • 6 :

    IPv6

4

MemberUid

integer

No

The UID of the member accounts.

128599825273****

NatFirewallId

string

No

The NAT firewall ID.

vfw-tr-7a9c8901ed394****

NatGatewayId

string

No

The NAT gateway ID.

ngw-2zew6yn017hhzbm****

AclPreState

string

No

The ACL pre-match status.

normal

AclPreRuleId

string

No

The ACL pre-match rule ID.

00000000-0000-0000-0000-000000000000

AppDpiState

string

No

The application identification status.

success

TlsScopeId

string

No

The TLS inspection scope ID.

tis-98fd64c5****

RuleSourceFinal

string

No

The final effective module.

Valid values:

  • 1 :

    basic protection.

  • 2 :

    virtual patches.

  • 3 :

    basic ACL.

  • 4 :

    threat intelligence.

  • 9 :

    web filtering.

  • 10 :

    application control.

  • 1,2 :

    IPS

1

Response elements

Element

Type

Description

Example

object

RequestId

string

The request ID.

633D92D1-768A-547F-8ADC-2870CF0A99F6

PageInfo

object

The pagination information.

CurrentPage

integer

The current page number.

1

PageSize

integer

The number of entries per page.

10

TotalCount

integer

The total number of entries.

2

DataList

array<object>

The data list.

array<object>

The details of the data list.

Direction

string

The traffic direction. Valid values:

  • in: inbound.

  • out: outbound.

in

AttackType

integer

The attack type of the intrusion prevention event.

Valid values:

  • 1 :

    abnormal connection.

  • 2 :

    command execution.

  • 3 :

    brute-force attack.

  • 4 :

    scan.

  • 5 :

    other.

0

MemberUid

string

The UID of the Cloud Firewall member accounts.

14151892****7022

CountryId

string

The country ID.

US

DstPort

integer

The destination port.

80

SrcPrivateIP

string

The private source IP address.

172.16.101.7

IpProtocol

string

The protocol type.

tcp

DomainName

string

The domain name.

aliyun.com

RuleId

string

The ID of the matched rule.

00000000-0000-0000-0000-000000000000

AppName

string

The application name.

HTTP

AttackApp

string

The name of the attacked application.

WebLogic

PacketCount

integer

The number of traffic packets.

23

AppId

integer

The application ID.

6

RuleResult

integer

The final result of the traffic. Valid values:

  • 0: Allow.

  • 1: Alert.

  • 2: Drop.

pass

Ext

string

The additional extension data.

None

DstIP

string

The destination IP address. Indicates that the intrusion prevention event contains this destination IP address.

2.2.2.2

PacketBytes

integer

The number of bytes in the packet.

355

InBytes

string

The inbound traffic in bytes.

125

IspId

string

The ISP ID.

50075069

Isp

string

The Internet service provider (ISP).

FOP Dmytro Nedilskyi

RegionId

string

The region ID.

cn-hangzhou

SrcPort

integer

The source port.

20206

RuleName

string

The rule name.

test

EndTime

integer

The end time of the data. The value is a UNIX timestamp in seconds.

1751423363

VpcFirewallId

string

The instance ID of the virtual private cloud (VPC) firewall.

vfw-4045ca7***

CityId

string

The city ID.

FI

StartTime

integer

The start time of the data. The value is a UNIX timestamp in seconds.

1751423362

CloseReason

string

The close reason.

tcp_fin

OutBytes

string

The outbound traffic in bytes.

230

VulLevel

integer

The vulnerability level.

0

RuleSource

string

The source of the matched detection rule. Valid values:

  • 0: None.

  • 1: Basic protection.

  • 2: Virtual patches.

  • 3: Access control.

  • 4: Threat intelligence.

0

OutPackets

string

The number of outbound packets.

11

InPackets

string

The number of inbound packets.

12

SrcIP

string

The source IP address.

1.1.1.1

Location

string

The region of the source or destination IP address.

Hangzhou

DomainUrl

string

The URL of the flow log.

xxx.com

CloudInstanceId

string

The cloud service instance ID.

ngw-*

AclPreState

string

The ACL pre-match status. Valid values:

app_unknown: application not identified

domain_unknown: domain name not identified

normal: normal.

normal

AclPreRuleId

string

The policy ID of the ACL pre-match. If this parameter is empty, all policies are included.

2

AclPreRuleName

string

The policy name of the ACL pre-match.

test

AppDpiState

string

The application identification status. Valid values:

none: initial state

policy_discard: connection establishment failed because the connection was blocked by a user ACL or threat intelligence rule

tcp_not_establish: TCP connection establishment failed

no_payload: connection established, but DPI has analyzed 0 payloads

analysing: identification in progress

unknown_loose: loose mode, identification failed, continuing identification

unknown_strict: strict mode, identification failed

success: identification succeeded.

success

Rules

array<object>

The rule list.

object

The rule list.

RuleName

string

The rule name.

sharepoint

RuleId

string

The rule ID.

17

RuleSource

string

The source of the rule.

3

SrcVpc

object

The source VPC information.

VpcId

string

The instance ID of the source VPC.

vpc-8vba1c1em97h0ji71****

VpcName

string

The instance name of the source VPC.

yi-vpc

RegionNo

string

The region ID of the source VPC.

cn-beijing

DstVpc

object

The destination VPC information.

VpcId

string

The VPC instance ID.

vpc-8vba1c1em97h0ji71b****

VpcName

string

The instance name of the VPC.

yi-vpc

RegionNo

string

The region ID.

cn-hangzhou

PrivateIp

string

The private IP address.

172.21.234.XXX

PrivatePort

integer

The private port.

80

TlsRuleId

string

The ID of the matched TLS inspection rule.

tir-xxx

TlsRuleName

string

The name of the matched TLS inspection rule.

test

TlsScopeId

string

The TLS inspection scope ID.

tls-xxx

Examples

Success response

JSON format

{
  "RequestId": "633D92D1-768A-547F-8ADC-2870CF0A99F6",
  "PageInfo": {
    "CurrentPage": 1,
    "PageSize": 10,
    "TotalCount": 2
  },
  "DataList": [
    {
      "Direction": "in",
      "AttackType": 0,
      "MemberUid": "14151892****7022",
      "CountryId": "US",
      "DstPort": 80,
      "SrcPrivateIP": "172.16.101.7",
      "IpProtocol": "tcp",
      "DomainName": "aliyun.com",
      "RuleId": "00000000-0000-0000-0000-000000000000",
      "AppName": "HTTP",
      "AttackApp": "WebLogic",
      "PacketCount": 23,
      "AppId": 6,
      "RuleResult": 0,
      "Ext": "None",
      "DstIP": "2.2.2.2",
      "PacketBytes": 355,
      "InBytes": "125",
      "IspId": "50075069",
      "Isp": "FOP Dmytro Nedilskyi",
      "RegionId": "cn-hangzhou",
      "SrcPort": 20206,
      "RuleName": "test",
      "EndTime": 1751423363,
      "VpcFirewallId": "vfw-4045ca7***",
      "CityId": "FI",
      "StartTime": 1751423362,
      "CloseReason": "tcp_fin",
      "OutBytes": "230",
      "VulLevel": 0,
      "RuleSource": "0",
      "OutPackets": "11",
      "InPackets": "12",
      "SrcIP": "1.1.1.1",
      "Location": "Hangzhou",
      "DomainUrl": "xxx.com",
      "CloudInstanceId": "ngw-*",
      "AclPreState": "normal",
      "AclPreRuleId": "2",
      "AclPreRuleName": "test",
      "AppDpiState": "success",
      "Rules": [
        {
          "RuleName": "sharepoint",
          "RuleId": "17",
          "RuleSource": "3"
        }
      ],
      "SrcVpc": {
        "VpcId": "vpc-8vba1c1em97h0ji71****",
        "VpcName": "yi-vpc",
        "RegionNo": "cn-beijing"
      },
      "DstVpc": {
        "VpcId": "vpc-8vba1c1em97h0ji71b****",
        "VpcName": "yi-vpc",
        "RegionNo": "cn-hangzhou"
      },
      "PrivateIp": "172.21.234.XXX",
      "PrivatePort": 80,
      "TlsRuleId": "tir-xxx",
      "TlsRuleName": "test",
      "TlsScopeId": "tls-xxx"
    }
  ]
}

Error codes

HTTP status code

Error code

Error message

Description

400 ErrorAliUid Aliuid invalid. The aliuid is invalid.
400 ErrorAliUidBlackList The specified aliUid is invalid. The specified aliUid is invalid.
400 ErrorSourceCodeError The source code is invalid. The source code is invalid.
400 ErrorTrafficSlsFirewallType The firewall type of traffic log is invalid. The firewall type of traffic log is invalid.
400 ErrorIpFormat The IP address is invalid. The IP address is invalid.
400 ErrorPortError The port is invalid. The port is invalid.
400 ErrorIpProtocolError The protocol is invalid. The protocol is invalid.
400 ErrorDirectionError The direction is invalid. The direction is invalid.
400 ErrorAttackTypeError The attack type is invalid. The attack type is invalid.
400 ErrorVulLevelFailed VulLevel has failed. VulLevel has failed.
400 ErrorRuleResultError The rule result is invalid. The rule result is invalid.
400 ErrorAppIdError An app ID error occurred. An app ID error occurred.
400 ErrorFlowType The flow type is invalid. The flow type is invalid.
400 ErrorIspError The ISP name is invalid. The ISP name is invalid.
400 ErrorLocationError The location name is invalid. The location name is invalid.
400 ErrorDomainName The domain name is invalid. The domain name is invalid.
400 ErrorTimeError The time is invalid. The time is invalid.
400 ErrorPageNo Either page number or page size is invalid. Either page number or page size is invalid.
400 ErrorParameters A parameter error occurred. A parameter error occurred.
400 ErrorSLSLogStore Failed to get SLS logstore. Failed to obtain the Log Service logstore.
400 ErrorDBSelectError A database select error occurred. The error message returned because an internal error has occurred in querying the database.
400 ErrorAsyncQueryFailed The current query has timed out. We suggest shortening the query time range and trying again. The current query has timed out. We suggest shortening the query time range and trying again.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.