文档简介:
以下提供云审计服务所收集事件的两个页面样例,并对其中常用的观察点进行了描述,以方便用户更直观的理解事件信息。其他服务所产生的事件可参照以下样例理解。
-
创建云服务器实例
{
"time": "2016/12/01 11:07:28 GMT+08:00",
"user": {
"name": "aaa/op_service",
"id": "f2fe9fac63414a35a7d03108d5f1ea73",
"domain": {
"name": "aaa",
"id": "1f9b9ba51f6b4061bd5c1736b28469f8"
}
},
"request": {
"server": {
"name": "as-config-15f1_XWO68TFC",
"imageRef": "b2b2c7dc-bbb0-4d6b-81dd-f0904023d54f",
"flavorRef": "m1.tiny",
"personality": [],
"vpcid": "e4c374b9-3675-482c-9b81-4acd59745c2b",
"nics": [
{
"subnet_id": "fff89132-88d4-4e5b-9e27-d9001167d24f",
"nictype": null,
"ip_address": null,
"binding:profile": null,
"extra_dhcp_opts": null
}
],
"adminPass": "********",
"count": 1,
"metadata": {
"op_svc_userid": "26e96eda18034ae9a44130bacb967b96"
},
"availability_zone": "az1.dc1",
"root_volume": {
"volumetype": "SATA",
"extendparam": {
"resourceSpecCode": "SATA"
},
"size": 40
},
"data_volumes": [],
"security_groups": [
{
"id": "dd597fd7-d119-4994-a22c-891fcfc54be1"
}
],
"key_name": "KeyPair-3e51"
}
},
"response": {
"status": "SUCCESS",
"entities": {
"server_id": "42d39b4a-19b7-4ee2-b01b-a9f1353b4c54"
},
"job_id": "4010b39d58b855980158b8574b270018",
"job_type": "createSingleServer",
"begin_time": "2016-12-01T03:04:38.437Z",
"end_time": "2016-12-01T03:07:26.871Z",
"error_code": null,
"fail_reason": null
},
"service_type": "ECS",
"resource_type": "ecs",
"resource_name": "as-config-15f1_XWO68TFC",
"resource_id": "42d39b4a-19b7-4ee2-b01b-a9f1353b4c54",
"source_ip": "",
"trace_name": "createSingleServer",
"trace_status": "normal",
"trace_type": "SystemAction",
"api_version": "1.0",
"record_time": "2016/12/01 11:07:28 GMT+08:00",
"trace_id": "4abc3a67-b773-11e6-8412-8f0ed3cc97c6"
}
在以上信息中,可以重点关注如下字段:
-
"time":记录了事件发生的时间,本例中为12月1日上午11点07分28秒。
-
"user":记录了操作用户的信息,本例中操作用户为企业帐户(domain字段)aaa下的用户(name字段)aaa。
-
"request":记录了创建ECS服务器的请求,可以抽取该ECS服务器的简单信息,如name为as-config-15f1_XWO68TFC,资源id为e4c374b9-3675-482c-9b81-4acd59745c2b。
-
"response":记录了创建ECS服务的返回结果,可以抽取其中的关键信息,如创建结果(status字段)为Success,错误码(error_code字段)和失败原因(fail_reason字段)均为空(null)。
-
云硬盘实例
{
"time": "2016/12/01 11:24:04 GMT+08:00",
"user": {
"name": "aaa",
"id": "26e96eda18034ae9a44130bacb967b96",
"domain": {
"name": "aaa",
"id": "1f9b9ba51f6b4061bd5c1736b28469f8"
}
},
"request": "",
"response": "",
"service_type": "EVS",
"resource_type": "evs",
"resource_name": "volume-39bc",
"resource_id": "229142c0-2c2e-4f01-a1b4-2dfdf1c678c7",
"source_ip": "10.146.230.124",
"trace_name": "deleteVolume",
"trace_status": "normal",
"trace_type": "ConsoleAction",
"api_version": "1.0",
"record_time": ""2016/12/01 11:24:04 GMT+08:00",
"trace_id": "c529254f-bcf5-11e6-a89a-7fc778a6c92c"
}
在以上信息中,可以重点关注如下字段:
-
"time":记录了事件发生的时间,本例中为12月1日上午11点24分04秒。
-
"user":记录了操作用户的信息,本例中操作用户为企业帐户(domain字段)aaa下的用户(name字段)aaa。
-
"request":非必选字段,此处为空。
-
"response":非必选字段,此处为空。
-
"trace_status":记录了事件的级别,可代替response字段提示用户操作结果,本例中为normal,按5.1 事件结构章节中约束,即代表操作成功。
