ログの検索
    • PDF

    ログの検索

    • PDF

    記事の要約

    Cloud Log Analyticsに保存されているログを検索します。ページング処理できます。

    リクエスト

    リクエスト URL

    POST https://cloudloganalytics.apigw.ntruss.com/api/{regionCode}-v1/logs/search
    

    リクエストヘッダ

    ヘッダ名説明
    x-ncp-apigw-timestamp1970年1月1日 00:00:00 協定世界時(UTC)からの経過時間をミリ秒(Millisecond)で表し、
    API Gatewayサーバとの時間差が5分以上の場合は無効なリクエストとみなす
    x-ncp-apigw-timestamp:{Timestamp}
    x-ncp-apigw-api-keyAPI Gatewayから発行されたキー
    x-ncp-apigw-api-key:{API Gateway API Key}
    x-ncp-iam-access-keyNAVERクラウドプラットフォームポータルで発行された Access Key ID
    x-ncp-iam-access-key:{Account Access Key}
    x-ncp-apigw-signature-v2Access Key IDと Secret Keyで暗号化した署名
    x-ncp-apigw-signature-v2:{API Gateway Signature}
    Content-TypeRequest body content typeは application/jsonに指定
    Content-Type: application/json

    リクエストボディ

    Parameter名Parameterの説明必須の有無Available ValuesData Type
    keyword検索キーワード
    含まれない場合、すべてのログを検索する。
    N例) error, userString
    logTypesログタイプ
    含まれない場合、すべてのタイプのログを検索する。
    N例) SYSLOG, security_log, tomcatString
    timestampFrom検索開始時間N例) 1593848345548(timestamp)String
    timestampTo検索終了時間N例) 1593848345548(timestamp)String
    interval間隔NDefault : 5m
    例) 1d(1日)、1h(1時間)、1m(1分)
    String
    pageNoページ番号NDefault : 1
    例) 1, 2
    Integer
    pageSizeページサイズNDefault : 10
    例) 10, 20
    Integer

    リクエスト例

    POST https://cloudloganalytics.apigw.ntruss.com/api/{regionCode}-v1/classic/servers/collecting-infos
    HOST: cloudloganalytics.apigw.ntruss.com
    Content-Type: application/json
    x-ncp-apigw-signature-v2: FJSBB4K3XnaGAvVe0Hzj3/2hfNWvgLHR1rQHW2Et2Rs=
    x-ncp-apigw-timestamp: 1593848345548
    x-ncp-iam-access-key: 11IKBWgQegM4DwiJL4mo
    
    {
      "keyword" : "account",
      "timestampFrom": "1593848345548",
      "timestampTo": "1593848345548",
      "interval": "4h",
      "pageNo": 1,
      "pageSize": 10
    }
    
    curl -X POST "https://cloudloganalytics.apigw.ntruss.com/api/{regionCode}-v1/logs/search" 
    -H "accept: application/json" 
    -H "Content-Type: application/json" 
    -H "x-ncp-iam-access-key: 11IKBWgQegM4DwiJL4mo" 
    -H "x-ncp-apigw-timestamp: 1594036233769" 
    -H "x-ncp-apigw-signature-v2: fna1XDGxBrUdql0haeWti2UUkI9QePnL08Kdu/JH+rg=" 
    -d "{ \"keyword\" : \"account\",  \"timestampFrom\": \"1593848345548\", \"timestampTo\": \"1593848345548\", \"interval\": \"4h\", \"pageNo\": 1, \"pageSize\": 10}"
    

    レスポンス例

    {
      "code": 0,
      "message": "リクエストが正常に処理されました。",
      "result": {
        "pageSize": 10,
        "currentPage": 1,
        "totalPage": 944,
        "totalCount": 9431,
        "isPaged": true,
        "chartData": [
          [
            1593993600000,
            763
          ],
          [
            1594008000000,
            1561
          ],
          [
            1594022400000,
            1587
          ],
          [
            1594036800000,
            1564
          ],
          [
            1594051200000,
            1580
          ],
          [
            1594065600000,
            1566
          ],
          [
            1594080000000,
            810
          ]
        ],
        "searchResult": [
          {
            "logTime": "1594087365153",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "An <span style='background-color: #f39c12;'>account</span> was successfully logged on.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tS172553A3C3F$\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tWORKGROUP\n\tLogon ID:\t\t0x3E7\n\nLogon Type:\t\t\t5\n\nImpersonation Level:\t\tImpersonation\n\nNew Logon:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tSYSTEM\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tNT AUTHORITY\n\tLogon ID:\t\t0x3E7\n\tLogon GUID:\t\t{00000000-0000-0000-0000-000000000000}\n\nProcess Information:\n\tProcess ID:\t\t0x2d0\n\tProcess Name:\t\tC:\\Windows\\System32\\services.exe\n\nNetwork Information:\n\tWorkstation Name:\t-\n\tSource Network Address:\t-\n\tSource Port:\t\t-\n\nDetailed Authentication Information:\n\tLogon Process:\t\tAdvapi  \n\tAuthentication Package:\tNegotiate\n\tTransited Services:\t-\n\tPackage Name (NTLM only):\t-\n\tKey Length:\t\t0\n\nThis event is generated when a logon session is created. It is generated on the computer that was accessed.\n\nThe subject fields indicate the <span style='background-color: #f39c12;'>account</span> on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.\n\nThe logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).\n\nThe New Logon fields indicate the <span style='background-color: #f39c12;'>account</span> for whom the new logon was created, i.e. the <span style='background-color: #f39c12;'>account</span> that was logged on.\n\nThe network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.\n\nThe impersonation level field indicates the extent to which a process in the logon session can impersonate.\n\nThe authentication information fields provide detailed information about this specific logon request.\n\t- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.\n\t- Transited services indicate which intermediate services have participated in this logon request.\n\t- Package name indicates which sub-protocol was used among the NTLM protocols.\n\t- Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
          },
          {
            "logTime": "1594087365153",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "Special privileges assigned to new logon.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tSYSTEM\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tNT AUTHORITY\n\tLogon ID:\t\t0x3E7\n\nPrivileges:\t\tSeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege"
          },
          {
            "logTime": "1594087365153",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "Permissions on an object were changed.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tS172553A3C3F$\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tWORKGROUP\n\tLogon ID:\t\t0x3E7\n\nObject:\n\tObject Server:\tSecurity\n\tObject Type:\tToken\n\tObject Name:\t-\n\tHandle ID:\t0x6fc\n\nProcess:\n\tProcess ID:\t0x2d0\n\tProcess Name:\tC:\\Windows\\System32\\services.exe\n\nPermissions Change:\n\tOriginal Security Descriptor:\tD:(A;;GA;;;SY)(A;;RCGXGR;;;BA)\n\tNew Security Descriptor:\tD:(A;;GA;;;SY)(A;;RC;;;OW)(A;;GA;;;S-1-5-80-1851371743-411767070-3743290205-1090512353-603110601)"
          },
          {
            "logTime": "1594087365058",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "Permissions on an object were changed.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tS172553A3C3F$\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tWORKGROUP\n\tLogon ID:\t\t0x3E7\n\nObject:\n\tObject Server:\tSecurity\n\tObject Type:\tToken\n\tObject Name:\t-\n\tHandle ID:\t0x3340\n\nProcess:\n\tProcess ID:\t0x3fc\n\tProcess Name:\tC:\\Windows\\System32\\svchost.exe\n\nPermissions Change:\n\tOriginal Security Descriptor:\tD:(A;;GA;;;SY)(A;;GA;;;NS)\n\tNew Security Descriptor:\tD:(A;;GA;;;SY)(A;;RC;;;OW)(A;;GA;;;S-1-5-86-615999462-62705297-2911207457-59056572-3668589837)"
          },
          {
            "logTime": "1594087365040",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "An <span style='background-color: #f39c12;'>account</span> was successfully logged on.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tS172553A3C3F$\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tWORKGROUP\n\tLogon ID:\t\t0x3E7\n\nLogon Type:\t\t\t5\n\nImpersonation Level:\t\tImpersonation\n\nNew Logon:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tSYSTEM\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tNT AUTHORITY\n\tLogon ID:\t\t0x3E7\n\tLogon GUID:\t\t{00000000-0000-0000-0000-000000000000}\n\nProcess Information:\n\tProcess ID:\t\t0x2d0\n\tProcess Name:\t\tC:\\Windows\\System32\\services.exe\n\nNetwork Information:\n\tWorkstation Name:\t-\n\tSource Network Address:\t-\n\tSource Port:\t\t-\n\nDetailed Authentication Information:\n\tLogon Process:\t\tAdvapi  \n\tAuthentication Package:\tNegotiate\n\tTransited Services:\t-\n\tPackage Name (NTLM only):\t-\n\tKey Length:\t\t0\n\nThis event is generated when a logon session is created. It is generated on the computer that was accessed.\n\nThe subject fields indicate the <span style='background-color: #f39c12;'>account</span> on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.\n\nThe logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).\n\nThe New Logon fields indicate the <span style='background-color: #f39c12;'>account</span> for whom the new logon was created, i.e. the <span style='background-color: #f39c12;'>account</span> that was logged on.\n\nThe network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.\n\nThe impersonation level field indicates the extent to which a process in the logon session can impersonate.\n\nThe authentication information fields provide detailed information about this specific logon request.\n\t- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.\n\t- Transited services indicate which intermediate services have participated in this logon request.\n\t- Package name indicates which sub-protocol was used among the NTLM protocols.\n\t- Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
          },
          {
            "logTime": "1594087365040",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "Special privileges assigned to new logon.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tSYSTEM\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tNT AUTHORITY\n\tLogon ID:\t\t0x3E7\n\nPrivileges:\t\tSeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege"
          },
          {
            "logTime": "1594087365040",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "Permissions on an object were changed.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tS172553A3C3F$\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tWORKGROUP\n\tLogon ID:\t\t0x3E7\n\nObject:\n\tObject Server:\tSecurity\n\tObject Type:\tToken\n\tObject Name:\t-\n\tHandle ID:\t0x7d0\n\nProcess:\n\tProcess ID:\t0x2d0\n\tProcess Name:\tC:\\Windows\\System32\\services.exe\n\nPermissions Change:\n\tOriginal Security Descriptor:\tD:(A;;GA;;;SY)(A;;RCGXGR;;;BA)\n\tNew Security Descriptor:\tD:(A;;GA;;;SY)(A;;RC;;;OW)(A;;GA;;;S-1-5-80-1851371743-411767070-3743290205-1090512353-603110601)"
          },
          {
            "logTime": "1594087305101",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "An <span style='background-color: #f39c12;'>account</span> was successfully logged on.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tS172553A3C3F$\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tWORKGROUP\n\tLogon ID:\t\t0x3E7\n\nLogon Type:\t\t\t5\n\nImpersonation Level:\t\tImpersonation\n\nNew Logon:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tSYSTEM\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tNT AUTHORITY\n\tLogon ID:\t\t0x3E7\n\tLogon GUID:\t\t{00000000-0000-0000-0000-000000000000}\n\nProcess Information:\n\tProcess ID:\t\t0x2d0\n\tProcess Name:\t\tC:\\Windows\\System32\\services.exe\n\nNetwork Information:\n\tWorkstation Name:\t-\n\tSource Network Address:\t-\n\tSource Port:\t\t-\n\nDetailed Authentication Information:\n\tLogon Process:\t\tAdvapi  \n\tAuthentication Package:\tNegotiate\n\tTransited Services:\t-\n\tPackage Name (NTLM only):\t-\n\tKey Length:\t\t0\n\nThis event is generated when a logon session is created. It is generated on the computer that was accessed.\n\nThe subject fields indicate the <span style='background-color: #f39c12;'>account</span> on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.\n\nThe logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).\n\nThe New Logon fields indicate the <span style='background-color: #f39c12;'>account</span> for whom the new logon was created, i.e. the <span style='background-color: #f39c12;'>account</span> that was logged on.\n\nThe network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.\n\nThe impersonation level field indicates the extent to which a process in the logon session can impersonate.\n\nThe authentication information fields provide detailed information about this specific logon request.\n\t- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.\n\t- Transited services indicate which intermediate services have participated in this logon request.\n\t- Package name indicates which sub-protocol was used among the NTLM protocols.\n\t- Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
          },
          {
            "logTime": "1594087305101",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "Permissions on an object were changed.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tS172553A3C3F$\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tWORKGROUP\n\tLogon ID:\t\t0x3E7\n\nObject:\n\tObject Server:\tSecurity\n\tObject Type:\tToken\n\tObject Name:\t-\n\tHandle ID:\t0x748\n\nProcess:\n\tProcess ID:\t0x2d0\n\tProcess Name:\tC:\\Windows\\System32\\services.exe\n\nPermissions Change:\n\tOriginal Security Descriptor:\tD:(A;;GA;;;SY)(A;;RCGXGR;;;BA)\n\tNew Security Descriptor:\tD:(A;;GA;;;SY)(A;;RC;;;OW)(A;;GA;;;S-1-5-80-1851371743-411767070-3743290205-1090512353-603110601)"
          },
          {
            "logTime": "1594087305101",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "Special privileges assigned to new logon.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tSYSTEM\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tNT AUTHORITY\n\tLogon ID:\t\t0x3E7\n\nPrivileges:\t\tSeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege"
          }
        ]
      }
    }
    

    この記事は役に立ちましたか?

    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.