로그 검색
    • PDF

    로그 검색

    • PDF

    기사 요약


    설명

    Cloud Log Analytics에 저장되어 있는 로그를 검색합니다. 페이징 처리가 가능합니다.

    요청

    요청 URL

    POST https://cloudloganalytics.apigw.gov-ntruss.com/api/{regionCode}-v1/logs/search
    

    요청 헤더

    헤더명설명
    x-ncp-apigw-timestamp1970년 1월 1일 00:00:00 협정 세계시(UTC)부터의 경과 시간을 밀리초(Millisecond)로 나타내며
    API Gateway 서버와 시간 차가 5분 이상 나는 경우 유효하지 않은 요청으로 간주
    x-ncp-apigw-timestamp:{Timestamp}
    x-ncp-apigw-api-keyAPIGW에서 발급받은 키 값
    x-ncp-apigw-api-key:{API Gateway API Key}
    x-ncp-iam-access-key네이버 클라우드 플랫폼 포털에서 발급받은 Access Key ID 값
    x-ncp-iam-access-key:{Account Access Key}
    x-ncp-apigw-signature-v2Access Key ID 값과 Secret Key로 암호화한 서명
    x-ncp-apigw-signature-v2:{API Gateway Signature}
    Content-TypeRequest body content type을 application/json으로 지정
    Content-Type: application/json

    요청 바디

    Parameter 이름Parameter 설명필수 여부Available ValuesData Type
    keyword검색 키워드
    포함하지 않으면 모든 로그를 검색한다.
    Nex) error, userString
    logTypes로그 타입
    포함하지 않으면 모든 타입의 로그를 검색한다.
    Nex) SYSLOG, security_log, tomcatString
    timestampFrom검색 시작 시간Nex) 1593848345548(timestamp)String
    timestampTo검색 종료 시간Nex) 1593848345548(timestamp)String
    interval간격NDefault : 5m
    ex) 1d(1일), 1h(1시간), 1m(1분)
    String
    pageNo페이지 번호NDefault : 1
    ex) 1, 2
    Integer
    pageSize페이지 사이즈NDefatlt : 10
    ex) 10, 20
    Integer

    예시

    요청 예시

    POST https://cloudloganalytics.apigw.gov-ntruss.com/api/{regionCode}-v1/classic/servers/collecting-infos
    HOST: cloudloganalytics.apigw.gov-ntruss.com
    Content-Type: application/json
    x-ncp-apigw-signature-v2: FJSBB4K3XnaGAvVe0Hzj3/2hfNWvgLHR1rQHW2Et2Rs=
    x-ncp-apigw-timestamp: 1593848345548
    x-ncp-iam-access-key: 11IKBWgQegM4DwiJL4mo
    
    {
      "keyword" : "account",
      "timestampFrom": "1593848345548",
      "timestampTo": "1593848345548",
      "interval": "4h",
      "pageNo": 1,
      "pageSize": 10
    }
    
    curl -X POST "https://cloudloganalytics.apigw.gov-ntruss.com/api/{regionCode}-v1/logs/search" 
    -H "accept: application/json" 
    -H "Content-Type: application/json" 
    -H "x-ncp-iam-access-key: 11IKBWgQegM4DwiJL4mo" 
    -H "x-ncp-apigw-timestamp: 1594036233769" 
    -H "x-ncp-apigw-signature-v2: fna1XDGxBrUdql0haeWti2UUkI9QePnL08Kdu/JH+rg=" 
    -d "{ \"keyword\" : \"account\",  \"timestampFrom\": \"1593848345548\", \"timestampTo\": \"1593848345548\", \"interval\": \"4h\", \"pageNo\": 1, \"pageSize\": 10}"
    

    응답 예시

    {
      "code": 0,
      "message": "요청이 정상적으로 처리되었습니다",
      "result": {
        "pageSize": 10,
        "currentPage": 1,
        "totalPage": 944,
        "totalCount": 9431,
        "isPaged": true,
        "chartData": [
          [
            1593993600000,
            763
          ],
          [
            1594008000000,
            1561
          ],
          [
            1594022400000,
            1587
          ],
          [
            1594036800000,
            1564
          ],
          [
            1594051200000,
            1580
          ],
          [
            1594065600000,
            1566
          ],
          [
            1594080000000,
            810
          ]
        ],
        "searchResult": [
          {
            "logTime": "1594087365153",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "An <span style='background-color: #f39c12;'>account</span> was successfully logged on.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tS172553A3C3F$\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tWORKGROUP\n\tLogon ID:\t\t0x3E7\n\nLogon Type:\t\t\t5\n\nImpersonation Level:\t\tImpersonation\n\nNew Logon:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tSYSTEM\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tNT AUTHORITY\n\tLogon ID:\t\t0x3E7\n\tLogon GUID:\t\t{00000000-0000-0000-0000-000000000000}\n\nProcess Information:\n\tProcess ID:\t\t0x2d0\n\tProcess Name:\t\tC:\\Windows\\System32\\services.exe\n\nNetwork Information:\n\tWorkstation Name:\t-\n\tSource Network Address:\t-\n\tSource Port:\t\t-\n\nDetailed Authentication Information:\n\tLogon Process:\t\tAdvapi  \n\tAuthentication Package:\tNegotiate\n\tTransited Services:\t-\n\tPackage Name (NTLM only):\t-\n\tKey Length:\t\t0\n\nThis event is generated when a logon session is created. It is generated on the computer that was accessed.\n\nThe subject fields indicate the <span style='background-color: #f39c12;'>account</span> on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.\n\nThe logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).\n\nThe New Logon fields indicate the <span style='background-color: #f39c12;'>account</span> for whom the new logon was created, i.e. the <span style='background-color: #f39c12;'>account</span> that was logged on.\n\nThe network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.\n\nThe impersonation level field indicates the extent to which a process in the logon session can impersonate.\n\nThe authentication information fields provide detailed information about this specific logon request.\n\t- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.\n\t- Transited services indicate which intermediate services have participated in this logon request.\n\t- Package name indicates which sub-protocol was used among the NTLM protocols.\n\t- Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
          },
          {
            "logTime": "1594087365153",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "Special privileges assigned to new logon.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tSYSTEM\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tNT AUTHORITY\n\tLogon ID:\t\t0x3E7\n\nPrivileges:\t\tSeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege"
          },
          {
            "logTime": "1594087365153",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "Permissions on an object were changed.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tS172553A3C3F$\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tWORKGROUP\n\tLogon ID:\t\t0x3E7\n\nObject:\n\tObject Server:\tSecurity\n\tObject Type:\tToken\n\tObject Name:\t-\n\tHandle ID:\t0x6fc\n\nProcess:\n\tProcess ID:\t0x2d0\n\tProcess Name:\tC:\\Windows\\System32\\services.exe\n\nPermissions Change:\n\tOriginal Security Descriptor:\tD:(A;;GA;;;SY)(A;;RCGXGR;;;BA)\n\tNew Security Descriptor:\tD:(A;;GA;;;SY)(A;;RC;;;OW)(A;;GA;;;S-1-5-80-1851371743-411767070-3743290205-1090512353-603110601)"
          },
          {
            "logTime": "1594087365058",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "Permissions on an object were changed.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tS172553A3C3F$\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tWORKGROUP\n\tLogon ID:\t\t0x3E7\n\nObject:\n\tObject Server:\tSecurity\n\tObject Type:\tToken\n\tObject Name:\t-\n\tHandle ID:\t0x3340\n\nProcess:\n\tProcess ID:\t0x3fc\n\tProcess Name:\tC:\\Windows\\System32\\svchost.exe\n\nPermissions Change:\n\tOriginal Security Descriptor:\tD:(A;;GA;;;SY)(A;;GA;;;NS)\n\tNew Security Descriptor:\tD:(A;;GA;;;SY)(A;;RC;;;OW)(A;;GA;;;S-1-5-86-615999462-62705297-2911207457-59056572-3668589837)"
          },
          {
            "logTime": "1594087365040",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "An <span style='background-color: #f39c12;'>account</span> was successfully logged on.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tS172553A3C3F$\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tWORKGROUP\n\tLogon ID:\t\t0x3E7\n\nLogon Type:\t\t\t5\n\nImpersonation Level:\t\tImpersonation\n\nNew Logon:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tSYSTEM\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tNT AUTHORITY\n\tLogon ID:\t\t0x3E7\n\tLogon GUID:\t\t{00000000-0000-0000-0000-000000000000}\n\nProcess Information:\n\tProcess ID:\t\t0x2d0\n\tProcess Name:\t\tC:\\Windows\\System32\\services.exe\n\nNetwork Information:\n\tWorkstation Name:\t-\n\tSource Network Address:\t-\n\tSource Port:\t\t-\n\nDetailed Authentication Information:\n\tLogon Process:\t\tAdvapi  \n\tAuthentication Package:\tNegotiate\n\tTransited Services:\t-\n\tPackage Name (NTLM only):\t-\n\tKey Length:\t\t0\n\nThis event is generated when a logon session is created. It is generated on the computer that was accessed.\n\nThe subject fields indicate the <span style='background-color: #f39c12;'>account</span> on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.\n\nThe logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).\n\nThe New Logon fields indicate the <span style='background-color: #f39c12;'>account</span> for whom the new logon was created, i.e. the <span style='background-color: #f39c12;'>account</span> that was logged on.\n\nThe network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.\n\nThe impersonation level field indicates the extent to which a process in the logon session can impersonate.\n\nThe authentication information fields provide detailed information about this specific logon request.\n\t- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.\n\t- Transited services indicate which intermediate services have participated in this logon request.\n\t- Package name indicates which sub-protocol was used among the NTLM protocols.\n\t- Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
          },
          {
            "logTime": "1594087365040",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "Special privileges assigned to new logon.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tSYSTEM\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tNT AUTHORITY\n\tLogon ID:\t\t0x3E7\n\nPrivileges:\t\tSeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege"
          },
          {
            "logTime": "1594087365040",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "Permissions on an object were changed.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tS172553A3C3F$\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tWORKGROUP\n\tLogon ID:\t\t0x3E7\n\nObject:\n\tObject Server:\tSecurity\n\tObject Type:\tToken\n\tObject Name:\t-\n\tHandle ID:\t0x7d0\n\nProcess:\n\tProcess ID:\t0x2d0\n\tProcess Name:\tC:\\Windows\\System32\\services.exe\n\nPermissions Change:\n\tOriginal Security Descriptor:\tD:(A;;GA;;;SY)(A;;RCGXGR;;;BA)\n\tNew Security Descriptor:\tD:(A;;GA;;;SY)(A;;RC;;;OW)(A;;GA;;;S-1-5-80-1851371743-411767070-3743290205-1090512353-603110601)"
          },
          {
            "logTime": "1594087305101",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "An <span style='background-color: #f39c12;'>account</span> was successfully logged on.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tS172553A3C3F$\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tWORKGROUP\n\tLogon ID:\t\t0x3E7\n\nLogon Type:\t\t\t5\n\nImpersonation Level:\t\tImpersonation\n\nNew Logon:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tSYSTEM\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tNT AUTHORITY\n\tLogon ID:\t\t0x3E7\n\tLogon GUID:\t\t{00000000-0000-0000-0000-000000000000}\n\nProcess Information:\n\tProcess ID:\t\t0x2d0\n\tProcess Name:\t\tC:\\Windows\\System32\\services.exe\n\nNetwork Information:\n\tWorkstation Name:\t-\n\tSource Network Address:\t-\n\tSource Port:\t\t-\n\nDetailed Authentication Information:\n\tLogon Process:\t\tAdvapi  \n\tAuthentication Package:\tNegotiate\n\tTransited Services:\t-\n\tPackage Name (NTLM only):\t-\n\tKey Length:\t\t0\n\nThis event is generated when a logon session is created. It is generated on the computer that was accessed.\n\nThe subject fields indicate the <span style='background-color: #f39c12;'>account</span> on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.\n\nThe logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).\n\nThe New Logon fields indicate the <span style='background-color: #f39c12;'>account</span> for whom the new logon was created, i.e. the <span style='background-color: #f39c12;'>account</span> that was logged on.\n\nThe network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.\n\nThe impersonation level field indicates the extent to which a process in the logon session can impersonate.\n\nThe authentication information fields provide detailed information about this specific logon request.\n\t- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.\n\t- Transited services indicate which intermediate services have participated in this logon request.\n\t- Package name indicates which sub-protocol was used among the NTLM protocols.\n\t- Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
          },
          {
            "logTime": "1594087305101",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "Permissions on an object were changed.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tS172553A3C3F$\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tWORKGROUP\n\tLogon ID:\t\t0x3E7\n\nObject:\n\tObject Server:\tSecurity\n\tObject Type:\tToken\n\tObject Name:\t-\n\tHandle ID:\t0x748\n\nProcess:\n\tProcess ID:\t0x2d0\n\tProcess Name:\tC:\\Windows\\System32\\services.exe\n\nPermissions Change:\n\tOriginal Security Descriptor:\tD:(A;;GA;;;SY)(A;;RCGXGR;;;BA)\n\tNew Security Descriptor:\tD:(A;;GA;;;SY)(A;;RC;;;OW)(A;;GA;;;S-1-5-80-1851371743-411767070-3743290205-1090512353-603110601)"
          },
          {
            "logTime": "1594087305101",
            "logType": "wineventlog",
            "servername": "cla-test",
            "logDetail": "Special privileges assigned to new logon.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\t<span style='background-color: #f39c12;'>Account</span> Name:\t\tSYSTEM\n\t<span style='background-color: #f39c12;'>Account</span> Domain:\t\tNT AUTHORITY\n\tLogon ID:\t\t0x3E7\n\nPrivileges:\t\tSeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege"
          }
        ]
      }
    }
    

    이 문서가 도움이 되었습니까?

    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.