Tencent Cloud

Recent Pages

Log Field Data Parsing

Last updated: 2024-08-16 17:34:08

Global Specification
Log contents are in JSON format.
Log character encoding is in UTF-8 format.
Logs contain common fields and type-specific fields. Refer to Fields Description for details.
Currently, logs are divided into three types: event logs, asset logs, and client logs
Log Type
The log type is determined by the common field cls_event_type, and currently, the log type values are defined as follows:
Event Logs
cls_event_type
Log Type Values
malware
﻿Malicious File Scan﻿
risk_process
﻿Abnormal Process﻿
hostlogin
﻿Unusual Login﻿
bruteattack
﻿Password Cracking﻿
risk_dns
﻿Malicious Request﻿
bash
﻿High-risk Commands﻿
privilege_escalation
﻿Local Privilege Escalation﻿
reverse_shell
﻿Reverse Shell﻿
emergency_vul
﻿Emergency Vulnerability﻿
linux_app_vul
﻿Linux System Vulnerability﻿
windows_sys_vul
﻿Windows System Vulnerability﻿
Web-CMS_vul
﻿Web-CMS Vulnerability﻿
application_vul
﻿Application Vulnerability﻿
baseline
﻿Baseline﻿
attack_logs
﻿Network Attacks﻿
java_shell
﻿Java Webshell﻿
file_tamper
﻿Core File Monitoring﻿
tamper_protect_logs
﻿Web Tamper Protection Event﻿
tamper_protect_exceptions
﻿Web Tamper Protection Anomaly﻿
client_uninstall
﻿Client Uninstallation﻿
client_offline
﻿Offline Client﻿
Asset Logs
cls_event_type
Log Type Values
machines
﻿Host List﻿
asset_system
﻿Resource Monitoring﻿
asset_account
﻿Account﻿
asset_netstat
﻿Port﻿
asset_process
﻿Process﻿
asset_app
﻿Software Applications﻿
asset_database
﻿Database﻿
asset_web_app
﻿Web Applications﻿
asset_web_service
﻿Web Services﻿
asset_web_frame
﻿Web Frameworks﻿
asset_web_location
﻿Web Site﻿
asset_jar
﻿JAR package﻿
asset_init_service
﻿Start Service﻿
asset_scheduled_task
﻿Scheduled Tasks﻿
asset_env
﻿Environment Variables﻿
asset_core_module
﻿Kernel Modules﻿
asset_package
﻿System Installation Package﻿
Client Report Logs
cls_event_type
Log Type Values
client_log
﻿Original Host Logs﻿
dns_log
﻿DNS Logs﻿
process_snapshot
﻿Process Snapshot Logs﻿
net_log
﻿Network Quintuple Logs﻿
file_log
﻿File Monitoring Logs﻿
login_log
﻿Login to Transaction Logs﻿
Event Log Fields Description
Common Fields Description
Field
Type
Description
id
string
Database Record id
appid
string
User appid
create_time
string
Event Creation Time
modify_time
string
Event Modification Time
cls_event_type
string
Event Type
event_status
string
Event Status (Create, Modify, and Delete)
Malicious File Scan Fields Description
Field
Type
Description
uuid
string
Machine uuid
hostip
string
Host IP
file_path
string
File Path
md5
string
File md5
filesize
string
File Size
file_create_time
string
File Creation Time
file_modify_time
string
File Modification Time
file_access_time
string
File Access Time
status
string
Status (Pending, Trusted, Isolated, Allowlisted File, File Deleted, In Quarantine, In Restoration, and Event Record Deleted)
virus_name
string
Virus Name
bwtype
string
Sample Attributes (10: Allowlisted; 20~29: Blocklisted)
path_md5
string
File Path md5
Abnormal Process Fields Description
Field
Type
Description
uuid
string
Machine uuid
hostip
string
Host IP
pid
int
Process ID
exe_path
string
Process Path
exe_md5
string
Process md5
exe_desc
string
Process Details
exe_argv
string
Process Parameters
exe_create_time
string
Process Creation Time
exe_modify_time
string
Process Modification Time
exe_access_time
string
Process Access Time
status
string
Status (Pending, Trusted, Cleaned Up, and Exited)
start_time
string
Process Start Time
virus_name
string
Virus Name
latest_scan_time
string
Latest Scan Time
pstree
string
Process Tree Details (json Format)
risk_level
string
Risk Level (Advisory, Low, Medium, High, and Critical)
pay_version
string
Machine Version (Basic Edition, Professional Edition, Ultimate Edition, and Universal Edition)
rss
int
Process Memory
permission
string
Process Permissions
Abnormal Log-in Fields Description
Field
Type
Description
uuid
string
Machine uuid
hostip
string
Host IP
username
string
Log-in Username
count
string
Log-in Attempts (Aggregated Once per Minute)
src_ip
string
Log-in Source IP
dst_port
string
Log-in Port
src_machine_name
string
Log-in Source Machine Name
login_time
string
Log-in Time
status
string
Status (Normal Log-in, Abnormal Log-in, Allowlisted, Deleted, Confirmed Intrusion Log-in, Processed, and Ignored)
location
string
Location
Password Cracking Fields Description
Field
Type
Description
uuid
string
Machine uuid
hostip
string
Host IP
username
string
Username
count
string
Attempt Count
event_type
string
Event Type (Brute Force Failure, Brute Force Success, and Brute Force on Non-existent Account)
src_ip
string
Source IP
dst_port
string
Source Port
src_machine_name
string
Source Machine Name
status
string
Status (Pending, Ignored, False Positive, Deleted, Hit Allowlist, Processed, and Allowlisted)
location
string
Location
banned
string
Blocking Status (Not Blocked, Blocked, Not Blocked (Blocking Not Enabled), Not Blocked (Non-Professional Edition), Not Blocked (Allowlisted), Not Blocked (No Public IP Bound), Blocking Failed (Interface Anomaly), Blocking Failed (Private Network Not Supported), and Blocking Failed (Available Zone Not Supported))
Malicious Request Fields Description
Field
Type
Description
uuid
string
Machine uuid
hostip
string
Host IP
url
string
Domain Name
pid
string
Process ID
process_name
string
Process Name
cmd_line
string
Command Line
status
string
Status (Pending, Deleted, Allowlisted, Trust Revoked by User, Processed, and Ignored)
access_count
string
Request Count
query_time
string
First Request Time
merge_time
string
Recent Request Time
High-risk Command Fields Description
Field
Type
Description
uuid
string
Machine uuid
hostip
string
Host IP
user
string
Executing User
platform
string
Platform
exec_time
string
Command Execution Time
bash_cmd
string
Executed Command
status
string
Status (Pending, Hazardous Command, Normal Command, Ignored, and Deleted)
rule_name
string
Hit Rule Name
rule_level
string
Command Hazard Level (High, Medium, and Low)
Local Privilege Escalation Fields Description
Field
Type
Description
uuid
string
Machine uuid
hostip
string
Host IP
process_name
string
Process Name
full_path
string
File Path
pid
string
Process ID
cmd_line
string
Command Line
user_name
string
Executing User
user_group
string
Group to Which the Executing User Belongs
proc_file_privilege
string
Process File Permission Information
ppid
string
Parent Process ID
parent_proc_name
string
Parent Process Name
parent_proc_user
string
User Executing the Parent Process
parent_proc_group
string
Group to Which the Executing User of Parent Process Belongs
parent_proc_path
string
Parent Process Path
find_time
string
Execution Time
proc_tree
string
Process Tree
sid
string
User sessionid (Currently Default to 0)
uid
string
User ID
gid
string
User Group ID
euid
string
Effective User ID
egid
string
Effective User Group ID
status
string
Status (Pending, Privilege Escalation Event, Allowlisted, Processed, Ignored, and Deleted)
Reverse Shell Fields Description
Field
Type
Description
uuid
string
Machine uuid
hostip
string
Host IP
dst_ip
string
Destination IP
dst_port
string
Destination Port
process_name
string
Executed Process
full_path
string
Process Path
pid
string
Process ID
cmd_line
string
Executed Command
user_name
string
Executing User
user_group
string
Group to Which the Executing User Belongs
ppid
string
Parent Process ID
parent_proc_name
string
Parent Process Name
parent_proc_user
string
User Executing the Parent Process
parent_proc_group
string
Group to Which the Executing User of Parent Process Belongs
parent_proc_path
string
Parent Process Path
find_time
string
Execution Time
proc_tree
string
Process Tree
status
string
Status (Pending, Reverse Shell Event, Allowlisted, Processed, Ignored, and Deleted)
Vulnerability Fields Description
Field
Type
Description
uuid
string
Machine uuid
hostip
string
Host IP
status
string
Vulnerability Status (Pending, Ignored, Fixed, Under Detection, Fix In Progress, Rolling Back, Fix Failed, Expired, and Offline)
vul_category
string
Vulnerability Classification (Web Application Vulnerability, System Component Vulnerability, Linux System Vulnerability, and Windows System Vulnerability)
descript
string
Vulnerability Event Details
path
string
The File Path of the Vulnerability
remark
string
Vulnerability Remarks
name
string
Vulnerability Name
fix
string
Remediation Description
cve_id
string
cve Number
reference
string
Reference Description
level
string
Vulnerability Severity Level (Low, Medium, High, and Advisory)
is_emergency
string
Urgent or Not
Baseline Fields Description
Field
Type
Description
name
string
Baseline Name
uuid
string
Machine uuid
hostip
string
Host IP
status
string
Status (Failed, Ignored, Passed, Deleted, and Under Detection)
level
string
Severity Level (Low, Medium, High, and Critical)
descript
string
Description
remark
string
Remarks
rule_id
string
Baseline Category ID
category_name
string
Baseline Category Name
item_id
string
Baseline Rule ID
fix
string
Suggestions for Fix
Network Attack Fields Description
Field
Type
Description
uuid
string
Machine uuid
dst_port
int
Destination Port
src_ip
string
Source IP
type
string
Type (Attack Attempt/Successful Attack)
status
string
Event Status (Pending, Processed, Allowlisted, Ignored, Deleted, and Defense Enabled)
count
int
Event Merging Count
svc_ps
string
Service Process Details (json Format)
net_payload
string
Attack Packet (Plaintext Format)
merge_time
string
Event Merging Time (Latest Detection Time)
host_op_type
string
Abnormal Behavior Type (No Compromised Behavior/rce (Command Execution)/dnslog/writefile)
host_op_pstree
string
Abnormal Behavior Process Tree (json Format)
host_op
string
Abnormal Behavior Content
hostip
string
Host IP
Java Webshell Fields Description
Field
Type
Description
uuid
string
Machine uuid
type
string
Trojan Type (Filter, Listener, Servlet, Interceptors, Client, etc.)
exe
string
Java Process Path
argv
string
Java Process Command Line
pid
string
Java Process Process ID
class_name
string
Memory Shellcode class_name
loader_class_name
string
Memory Shellcode loader_class_name
super_class_name
string
Memory Shellcode Parent Class super_class_name
interfaces
string
Memory Shellcode interfaces
recent_found_time
string
Last Detection Time
status
string
Status (Pending, Allowlisted, Deleted, Ignored, and Manually Processed)
file_exist
string
File Exists or Not (File Does Not Exist, File Exists)
class_file
string
The File Path of class
Kernel File Monitoring Fields Description
Field
Type
Description
uuid
string
Machine uuid
hostip
string
Host IP
hostname
string
Host name
process_exe
string
Process Path
process_argv
string
Process Command Line Parameters
target
string
The File Path of the Destination
status
string
Status (Pending, Allowlisted, Deleted, Ignored, and Manually Processed)
event_count
string
Event Occurrence Count
rule_name
string
Rule Name
event_detail
string
Event Details (json Format)
pstree
string
Process Tree
rule
string
Rule Group Details (json Format)
level
string
Severity Level (None, High, Medium, and Low)
Web Tamper Protection Event Fields Description
Field
Type
Description
uuid
string
Machine uuid
path
string
File Path
recover_type
string
Recovery Type (Recovery for Content Modification, Recovery for Permission Modification, Recovery for Ownership Modification, Recovery for Deletion, and Deletion for Addition)
has_recovered
string
Deleted or Not (Not Deleted, Deleted)
recover_time
string
Restoration Time
is_manual_recover
string
Whether Manually Restored by User (No, Yes)
is_deleted
string
Deleted or Not (Not Deleted, Deleted)
status
string
Status (Pending, Confirm Malicious, and Confirm False Positive)
file_type
string
File Type (Regular File, Directory, and Symbolic Link)
Web Tamper Protection Anomaly Fields Description
Field
Type
Description
quuid
string
Machine uuid
exception
string
Exception Type (No Exception, Beyond Limit, Client Offline, Timed Out, Insufficient Disk Space, Machine Destroyed, File Changed During Backup, File Not Found During Backup, Beyond Limit (Monitoring Path is not a Directory), Beyond Limit (File Type not Supported), Beyond Limit (Number of Files Exceeded the Limit), Beyond Limit (Path Too Long), Beyond Limit (File Too Large), Beyond Limit (Failed to Read File), Beyond Limit (Too Many Protected Directories/Subdirectories), etc.)
exception_message
string
Exception Prompt
Client Uninstallation Fields Description
Field
Type
Description
uuid
string
Machine uuid
pstree
string
Process Tree
uninstall_time
string
Uninstallation Time
Offline Client Fields Description
Field
Type
Description
uuid
string
Machine uuid
offline_time
string
Machine Offline Time
Asset Log Fields Description
Common Fields Description
Field
Type
Description
id
string
Database Record ID
appid
string
User appid
host_name
string
Host name
host_ip
string
Host Private IP
wan_ip
string
Host Public IP
instance_id
string
Instance ID
os_name
string
Operating System Name
os_type
string
Operating System Type (Unknow, CentOS, Debian, Gentoo, RedHat, Ubuntu, WindowsServer, TencentOS, CoreOS, FreeBSD, and SUSE)
create_time
int
Creation Time (Timestamp Format)
update_time
int
Asset Update Time (Timestamp Format)
cls_event_type
string
Event Type
event_status
string
Event Status (create, modify, and delete)
Host List Fields Description
Field
Type
Description
quuid
string
Machine quuid
machine_type
string
Machine Type (CVM, LH, Other, and ECM)
region
string
Region
project_id
int
Instance Project ID
instance_id
string
Instance ID
instance_state
string
Instance Status (PENDING, LAUNCH_FAILED, RUNNING, STOPPED, STARTING, STOPPING, REBOOTING, SHUTDOWN, TERMINATING, and TERMINATED)
restrict_state
string
Business Status (NORMAL, EXPIRED, PROTECTIVELY_ISOLATED, and TERMINATED_PRO_VERSION)
instance_name
string
Instance Name
private_ip_addresses
string
Instance Private IP Address
public_ip_addresses
string
Instance Public IP Address
ipv6_addresses
string
Instance IPv6 Address
vpc_id
string
vpc id
os_name
string
Operating System Name
os_type
string
Operating System Type (Unknow, CentOS, Debian, Gentoo, RedHat, Ubuntu, WindowsServer, TencentOS, CoreOS, FreeBSD, and SUSE)
installed_cwp
int
Whether or Not Installed CWPP Client (0: Not Installed; 1: Installed)
latest_sync_time
string
Last Synchronization Time
Resource Monitoring Fields Description
Field
Type
Description
core_version
string
Kernel Version
boot_time
int
System Boot Time (unix Timestamp)
cpu_info
string
CPU Information
cpu_size
int
Number of CPUs
cpu_load
float
CPU Utilization
memory_size
int
Memory Size (MB)
memory_load
float
Memory Utilization
disk_size
int
Disk Size (MB)
disk_load
float
Disk Utilization
Account Fields Description
Field
Type
Description
group_name
string
Account GroupName
status
string
Account Status (Disabled, Enabled)
is_root
string
Whether or Not Have Root Privilege
name
string
Account Name
type
string
Account Type (Guest User, Standard User, and Administrator User)
home_path
string
Home Directory
shell
string
Shell Path
password_change_time
string
Password Change Time
password_due_days
int
Password Due Days (-1 means that it never expires.)
password_lock_days
int
Password Lockout Duration in Days (-1 means that it is infinite.)
password_warn_days
int
Password Expiration Reminder in Days
password_change_type
string
Password Change Settings (Not Modifiable, Modifiable)
password_status
string
Password Status (Normal, Expiring Soon, Expired, and Locked)
login_type
string
Log-in Method (No Log-in Allowed, Key-only Log-in, Password-only Log-in, and Key and Password Allowed)
last_login_time
int
Last Log-in Time
last_login_terminal
string
Last Log-in Terminal
last_login_ip
string
Last Log-in IP
disable_time
string
Account Expiration Time
Port Fields Description
Field
Type
Description
name
string
Process Name
version
string
Process Version
path
string
Process Path
parent_process_name
string
Parent Process Name
pid
string
Process ID
user
string
Running User
group_name
string
Belonging User Group
start_time
int
Start Time (unix Timestamp)
param
string
Startup Parameters
tty
string
Process TTY
port
string
Port
ppid
string
Parent Process ID
proto
string
Port Protocol
Software Application Fields Description
Field
Type
Description
name
string
Application Name
type
string
Application Type (Ops Tool, Database, Secure Application, Suspicious Application, System Architecture, System Application, WEB Ops, etc.)
bin_path
string
Binary Path
config_path
string
The File Path of the Configuration
process_count
int
Associated Process Count
version
string
Version Number
Process Fields Description
Field
Type
Description
name
string
Process Name
group_name
string
Process User Group
desc
string
Process Description
path
string
Process Path
pid
string
Process ID
ppid
string
Parent Process ID
parent_process_name
string
Parent Process Name
user
string
Running User
start_time
int
Start Time
param
string
Startup Parameters
tty
string
Process TTY
version
string
Process Version
status
string
Process Status (None, Executable, Interruptible, Not Interruptible, Paused or Traced, Zombie, To Be Destroyed, Idle, and Waiting for Memory Allocation)
package_name
string
Software Package Name
Database Fields Description
Field
Type
Description
name
string
Database Name
version
string
Version
port
string
Port
proto
string
Protocol
user
string
Running User
ip
string
Bound IP
config_path
string
The File Path of the Configuration
log_path
string
The File Path of Logs
data_path
string
Data Path
permission
string
Running Permission
error_log_path
string
Error Log Path
plugin_path
string
Plugin Path
bin_path
string
Binary Path
param
string
Startup Parameters
Web Application Fields Description
Field
Type
Description
name
string
Application Name
desc
string
Application Description
version
string
Version
root_path
string
Root Path
service_type
string
Service Type
domain
string
Site Domain Name
virtual_path
string
Virtual Path
plugin_count
int
Plugin Count
Web Servie Fields Description
Field
Type
Description
name
string
Framework Name
version
string
Version
bin_path
string
Binary Path
service_type
string
Service Type
user
string
Starting User
install_path
string
Installation Path
config_path
string
Configuration Path
process_count
int
Associated Process Count
Web Framework Fields Description
Field
Type
Description
name
string
Framework Name
version
string
Version
lang
string
Language
service_type
string
Service Type
path
string
Application Path
Web Site Fields Description
Field
Type
Description
name
string
Domain Name
port
string
Site Port
proto
string
Site Protocol
service_type
string
Service Type
path_count
int
Site Path Count
user
string
Running User
ip
string
Bound IP
command
string
Startup Command
jar File Fields Description
Field
Type
Description
name
string
Name
type
string
Type (Application, System Class Library, Web Service Built-in Library, and Other)
status
string
Executable or Not
version
string
Version
path
string
Path
Startup Service Fields Description
Field
Type
Description
name
string
Name
type
string
Type
status
string
Default Enablement Status (Enabled, Not Enabled)
user
string
Starting User
path
string
Path
Scheduled Task Fields Description
Field
Type
Description
status
string
Default Enablement Status (Enabled, Not Enabled)
cycle
string
Execution Cycle
command
string
Execute Command or Script
user
string
Starting User
config_path
string
The File Path of the Configuration
os_info
string
Operating System
Environment Variable Fields Description
Field
Type
Description
name
string
Name
type
string
Type (User, System)
user
string
Starting User
value
string
Environment Variable Value
Kernel Module Fields Description
Field
Type
Description
name
string
Name
desc
string
Description
path
string
Path
version
string
Version
size
int
Size
System Installation Package Fields Description
Field
Type
Description
name
string
Installation Package Name
desc
string
Description
version
string
Version
install_time
int
Installation Time (unix Timestamp)
type
string
Type
Client Reporting Log Fields Description
Original Log Fields Description
Field
Type
Description
appid
int
User appid
uuid
string
Machine uuid
path
string
The File Path of Logs
tag
string
Tag (To be Defined by User)
time
string
Log Time
log
string
Log Content
DNS Log Fields Description
Field
Type
Description
appid
int
User appid
quuid
string
Machine quuid
uuid
string
Machine uuid
recv_time
int
Timestamp
domain
string
Domain Name
hostip
string
Host IP
platform
string
Platform:　Linux, Windows
pid
int
Process ID
process_path
string
Process Path
cmdline
string
Process Command Line Parameters
count
int
Number of Accesses during Reporting Period
Process Snapshot Fields Description
Field
Type
Filed Description
appid
string
Account appid
quuid
string
Host quuid (Corresponding cvm uuid)
uuid
string
Host uuid
hostip
string
Host ip (ip Connected with the Backend)
instance_id
string
Instance id
event_name
string
Event Type: process - Process Event
pid
int
Process ID
ppid
int
Parent Process ID
sid
int
Process Session ID (Linux Only)
uid
int
Process uid (Linux Only)
gid
int
Process gid (Linux Only)
euid
int
Process euid (Linux Only)
egid
int
Process egid (Linux Only)
report_type
int
Report Type: 0: - Real-time Process; 1: - Process Snapshot
parent_proc_name
string
Parent Process Name
process_name
string
Process Name
process_path
string
Process Path
cmdline
string
Process Command Line
user_name
string
Process Starting User
process_md5
string
Process md5
platform
string
Platform: Linux and Windows
time
int
Event Collection Timestamp
timestamp
string
Event Storage Date and Time
insert_time
int
Event Storage Timestamp
Network Quintuple Log Fields Description
Field
Type
Filed Description
appid
string
Account appid
quuid
string
Host quuid (Corresponding cvm uuid)
uuid
string
Host uuid
hostip
string
Host ip (ip Connected with the Backend)
instance_id
string
Instance id
event_name
string
Event Type: net - Network Quintuple Logs
pid
int
Process pid
proc_path
string
Process Path
argv
string
Process Execution Parameters
username
string
User to Which the Process Belongs: User Group
src_ip
string
Source ip
src_port
int
Source Port
dst_ip
string
Destination ip
dst_port
int
Destination Port
first_time
int
First Trigger Time during Reporting Period
last_time
int
Last Trigger Time during Reporting Period
count
int
Number of Triggers during Reporting Period
time
int
Event Collection Timestamp
timestamp
string
Event Storage Date and Time
insert_time
int
Event Storage Timestamp
File Monitoring Log Fields Description
Field
Type
Filed Description
appid
string
Account appid
quuid
string
Host quuid (Corresponding cvm uuid)
uuid
string
Host uuid
hostip
string
Host ip (ip Connected with the Backend)
instance_id
string
Instance id
event_name
string
Event Type: file - File Operation Event
pid
int
Process ID
ppid
int
Parent Process ID
session_id
int
Process Session ID (Linux Only)
uid
int
Process uid (Linux Only)
gid
int
Process gid (Linux Only)
file_path
string
Operation File Path
cwd
string
Current Execution Path of the Process
proc_path
string
Process Path
argv
string
Process Command Line
username
string
File Operation User
parent_proc_name
string
Parent Process Name
proc_name
string
Process Name
proc_md5
string
Process md5
proc_perm
string
Process File Execution Permissions
proc_mtime
int
Process File modify time
proc_ctime
int
Process File change time
proc_atime
int
Process File access time
operation
string
File Operation Type: write; rename
file_size
int
File Size
file_mtime
int
Operation File modify time
file_ctime
int
Operation File change time
file_atime
int
Operation File access time
file_perm
string
Operation File Permissions
file_owner
string
Operation File Owner
time
int
Event Collection Timestamp
timestamp
string
Event Storage Date and Time
insert_time
int
Event Storage Timestamp
Log-in Activity Log Fields Description
Field
Type
Filed Description
appid
string
Account appid
quuid
string
Host quuid (Corresponding cvm uuid)
uuid
string
Host uuid
hostip
string
Host ip (ip Connected with the Backend)
instance_id
string
Instance id
event_name
string
Event Type: login - Log-in Event
src_ip
string
Log-in Source ip
dst_port
int
Log-in Target Port
protocol
string
Log-in Protocol
count
int
Log-in Count
event_type
string
Event Status: success: Log-in succeeded; fail: Log-in failed.
time
int
Event Collection Timestamp
insert_time
int
Event Storage Timestamp

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support

cls_event_type	Log Type Values
malware	Malicious File Scan
risk_process	Abnormal Process
hostlogin	Unusual Login
bruteattack	Password Cracking
risk_dns	Malicious Request
bash	High-risk Commands
privilege_escalation	Local Privilege Escalation
reverse_shell	Reverse Shell
emergency_vul	Emergency Vulnerability
linux_app_vul	Linux System Vulnerability
windows_sys_vul	Windows System Vulnerability
Web-CMS_vul	Web-CMS Vulnerability
application_vul	Application Vulnerability
baseline	Baseline
attack_logs	Network Attacks
java_shell	Java Webshell
file_tamper	Core File Monitoring
tamper_protect_logs	Web Tamper Protection Event
tamper_protect_exceptions	Web Tamper Protection Anomaly
client_uninstall	Client Uninstallation
client_offline	Offline Client

cls_event_type	Log Type Values
machines	Host List
asset_system	Resource Monitoring
asset_account	Account
asset_netstat	Port
asset_process	Process
asset_app	Software Applications
asset_database	Database
asset_web_app	Web Applications
asset_web_service	Web Services
asset_web_frame	Web Frameworks
asset_web_location	Web Site
asset_jar	JAR package
asset_init_service	Start Service
asset_scheduled_task	Scheduled Tasks
asset_env	Environment Variables
asset_core_module	Kernel Modules
asset_package	System Installation Package

cls_event_type	Log Type Values
client_log	Original Host Logs
dns_log	DNS Logs
process_snapshot	Process Snapshot Logs
net_log	Network Quintuple Logs
file_log	File Monitoring Logs
login_log	Login to Transaction Logs

Field	Type	Description
id	string	Database Record id
appid	string	User appid
create_time	string	Event Creation Time
modify_time	string	Event Modification Time
cls_event_type	string	Event Type
event_status	string	Event Status (Create, Modify, and Delete)

Field	Type	Filed Description
appid	string	Account appid
quuid	string	Host quuid (Corresponding cvm uuid)
uuid	string	Host uuid
hostip	string	Host ip (ip Connected with the Backend)
instance_id	string	Instance id
event_name	string	Event Type: process - Process Event
pid	int	Process ID
ppid	int	Parent Process ID
sid	int	Process Session ID (Linux Only)
uid	int	Process uid (Linux Only)
gid	int	Process gid (Linux Only)
euid	int	Process euid (Linux Only)
egid	int	Process egid (Linux Only)
report_type	int	Report Type: 0: - Real-time Process; 1: - Process Snapshot
parent_proc_name	string	Parent Process Name
process_name	string	Process Name
process_path	string	Process Path
cmdline	string	Process Command Line
user_name	string	Process Starting User
process_md5	string	Process md5
platform	string	Platform: Linux and Windows
time	int	Event Collection Timestamp
timestamp	string	Event Storage Date and Time
insert_time	int	Event Storage Timestamp

tencent cloud

Sign Up

Log in

Recent Pages

Log Field Data Parsing

Global Specification

Log Type

Event Logs

Asset Logs

Client Report Logs

Event Log Fields Description

Common Fields Description

Malicious File Scan Fields Description

Abnormal Process Fields Description

Abnormal Log-in Fields Description

Password Cracking Fields Description

Malicious Request Fields Description

High-risk Command Fields Description

Local Privilege Escalation Fields Description

Reverse Shell Fields Description

Vulnerability Fields Description

Baseline Fields Description

Network Attack Fields Description

Java Webshell Fields Description

Kernel File Monitoring Fields Description

Web Tamper Protection Event Fields Description

Web Tamper Protection Anomaly Fields Description

Client Uninstallation Fields Description

Offline Client Fields Description

Asset Log Fields Description

Common Fields Description

Host List Fields Description

Resource Monitoring Fields Description

Account Fields Description

Port Fields Description

Software Application Fields Description

Process Fields Description

Database Fields Description

Web Application Fields Description

Web Servie Fields Description

Web Framework Fields Description

Web Site Fields Description

jar File Fields Description

Startup Service Fields Description

Scheduled Task Fields Description

Environment Variable Fields Description

Kernel Module Fields Description

System Installation Package Fields Description

Client Reporting Log Fields Description

Original Log Fields Description

DNS Log Fields Description

Process Snapshot Fields Description

Network Quintuple Log Fields Description

File Monitoring Log Fields Description

Log-in Activity Log Fields Description

Was this page helpful?

Was this page helpful?