攻击日志查询
<p class="shortdesc">本文主要介绍如何查看攻击相关的日志信息。</p>
<section class="section prereq" id="dc_waf_cfg_0011__prereq_uqt_rj4_nrb"><div class="tasklabel"><h2 class="doc-tairway">前提条件</h2></div>
<p class="p">您已购买Web应用防火墙服务,并且完成资产接入。</p>
<p class="p">防护站点发生攻击事件。</p>
</section>
<section><div class="tasklabel"><h2 class="doc-tairway">操作步骤</h2></div><ol class="ol steps"><li class="li step stepexpand">
<span class="ph cmd">登录<a class="xref" href="https://www.ocftcloud.com/" target="_blank" rel="external noopener">平安金融云官网</a>。</span>
</li><li class="li step stepexpand">
<span class="ph cmd">单击页面右上角<span class="ph uicontrol">控制台</span>按钮。</span>
</li><li class="li step stepexpand">
<span class="ph cmd">输入账号名和密码,通过验证,单击<span class="ph uicontrol">确定</span>,登录控制台。</span>
</li><li class="li step stepexpand">
<span class="ph cmd">在左侧导航栏中单击<span class="ph menucascade"><span class="ph uicontrol">全部产品</span><abbr> > </abbr><span class="ph uicontrol">Web应用防火墙</span></span> ,进入<span class="keyword wintitle">概览</span>页面。</span>
</li><li class="li step stepexpand">
<span class="ph cmd">单击<span class="ph uicontrol">管理</span>跳转到<span class="keyword wintitle">防护概览</span>页面,单击左侧导航栏<span class="ph menucascade"><span class="ph uicontrol">防护详情</span><abbr> > </abbr><span class="ph uicontrol">日志查询</span></span>,进入<span class="keyword wintitle">日志查询</span>页面,在页面上方选择攻击类型的日志进行查看。</span>
<div class="itemgroup info">
<img class="image" id="dc_waf_cfg_0011__image_plq_v41_zrb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222102104527-1b1fdc4c98df.png" width="830">
</div>
</li><li class="li step stepexpand">
<span class="ph cmd">在查询条件中输入站点信息,并选择时间范围,然后单击<span class="ph uicontrol">搜索</span>,即可查看满足条件的攻击日志。</span>
<div class="itemgroup info">
<ul class="ul" id="dc_waf_cfg_0011__ul_cnm_2qp_vrb">
<li class="li"> 搜索页签:展示查询到的日志信息。单击<img class="image" id="dc_waf_cfg_0011__image_sd4_2rp_vrb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222102104527-17ea29439286.png" width="20">按钮可以选择要显示的日志字段,如显示访问时间、访问源IP、目的IP、域名、类型等。</li>
<li class="li">可视化页签:对查询到的日志做可视化呈现,如攻击数量随时间变化的折线图,各种状态码占比饼状图等。</li>
<li class="li">聚合分析页签:对查询到的日志进行聚合统计,如攻击IP Top10,被访问URL Top10等。</li>
</ul>
</div>
</li><li class="li step stepexpand">
<span class="ph cmd">单击<span class="ph uicontrol">日志下载</span>可下载日志简略信息,包括基本的源目IP端口和响应码信息;单击<span class="ph uicontrol">全量下载</span>可下载完整日志信息,如访问者UA、访问url、动作、触发策略、规则ID等。</span>
</li></ol></section>
提交成功!非常感谢您的反馈,我们会继续努力做到更好!