2020最新久久久视精品爱,综合图区另类图区卡通动漫,久久狠狠中文字幕2020

操作審計（ActionTrail）幫助您監控阿里云賬號的活動并記錄最近90天的事件。當您需要分析更長時間的事件時，可以通過操作審計創建跟蹤，將事件投遞到日志服務SLS，使用SQL語句對事件進行查詢和分析。本文為您介紹在如何在SLS設置SQL語句。

SQL語句語法

SQL（Structured Query Language）語句格式為：<查詢語句> | <分析語句>。

操作審計支持通過多種方式查詢事件。不同查詢方式對應的查詢語句和分析語句如下表所示：

查詢方式	查詢語句	分析語句
事件查詢	讀寫類型：`* AND "event.eventCategory": Management AND "event.eventRW": Write` 用戶名：`* AND "event.eventCategory": Management AND "event.userIdentity.userName": "xxx"` 事件名稱：`* AND "event.eventCategory": Management AND "event.eventName": "DescribeScalingGroups"` 資源類型：`* AND "event.eventCategory": Management AND "event.resourceType": "ACS::ECS::Instance"` 資源名稱：`* AND "event.eventCategory": Management AND "event.resourceName": "i-xxx"` 服務名稱：`* AND "event.eventCategory": Management AND "event.serviceName": "Ecs"` AccessKey ID：`* AND "event.eventCategory": Management "event.userIdentity.accessKeyId": "STS.xxxx"`	select "event.acsRegion" as acsRegion, "event.apiVersion" as apiVersion, "event.eventId" as eventId, "event.eventName" as eventName, "event.eventRW" as eventRW, "event.eventSource" as eventSource, from_unixtime(__time__) as eventTime, "event.eventType" as eventType, "event.eventVersion" as eventVersion, "event.errorCode" as errorCode, "event.errorMessage" as errorMessage, "event.requestId" as requestId, "event.requestParameterJson" as requestParameterJson, "event.resourceName" as resourceName, "event.resourceType" as resourceType, "event.serviceName" as serviceName, "event.sourceIpAddress" as sourceIpAddress, "event.userAgent" as userAgent, "event.userIdentity.accessKeyId" as accessKeyId, "event.userIdentity.accountId" as accontId, "event.userIdentity.principalId" as principalId, "event.userIdentity.type" as type, "event.userIdentity.userName" as userName
事件聚合查詢	讀寫類型：`* AND "event.eventCategory": Management AND "event.eventRW": Write` 事件名稱：`* AND "event.eventCategory": Management AND "event.eventName": "DescribeScalingGroups"` 服務名稱：`* AND "event.eventCategory": Management AND "event.serviceName": "Ecs"` AccessKey ID：`* AND "event.eventCategory": Management "event.userIdentity.accessKeyId": "STS.xxxx"`	SELECT"event.serviceName"AS servieName,"event.eventName"AS eventName,"event.eventRw"AS eventRw,"event.sourceIpAddress"AS sourceIpAddress,"event.resourceName"AS resourceName,"event.resourceType"AS resourceType,"event.userIdentity.userName"AS userName,"event.userIdentity.type"AS userType,"event.userIdentity.accessKeyId"AS accessKeyId,"event.acsRegion"AS eventRegion,COUNT("event.eventId")AS n, date_trunc('hour', __time__) AS time GROUP BY time, servieName, eventName, eventRw, sourceIpAddress, resourceType, resourceName, accessKeyId, userType, userName, eventRegion ORDER BY time DESC LIMIT 20
Insight事件查詢	IP地址：`* AND "event.eventCategory": Insight AND event.insightDetails.insightType: IpInsight AND "event.insightDetails.sourceIpAddress": "10.12.XX.XX"` Insight事件類型：`* AND "event.eventCategory": Insight AND event.insightDetails.insightType: IpInsight` 事件ID：`* AND "event.eventCategory": Insight AND event.insightDetails.insightType: IpInsight AND "event.eventId": 6CE5DBDE-5D18-4BF9-BD6A-E0D2E1BA****`	`select from_unixtime(__time__) as eventTime, "event.acsRegion" as eventRegion, "event.insightDetails.sourceIpAddress" as sourceIpAddress, "event.insightDetails.insightContext.statistics.insightCount" as count`

SQL語句示例

示例一：查詢管控事件中的所有寫事件
* AND "event.eventCategory": Management AND "event.eventRW": Write | select "event.acsRegion" as acsRegion, "event.apiVersion" as apiVersion, "event.eventId" as eventId, "event.eventName" as eventName, "event.eventRW" as eventRW, "event.eventSource" as eventSource, from_unixtime(__time__) as eventTime, "event.eventType" as eventType, "event.eventVersion" as eventVersion, "event.errorCode" as errorCode, "event.errorMessage" as errorMessage, "event.requestId" as requestId, "event.requestParameterJson" as requestParameterJson, "event.resourceName" as resourceName, "event.resourceType" as resourceType, "event.serviceName" as serviceName, "event.sourceIpAddress" as sourceIpAddress, "event.userAgent" as userAgent, "event.userIdentity.accessKeyId" as accessKeyId, "event.userIdentity.accountId" as accontId, "event.userIdentity.principalId" as principalId, "event.userIdentity.type" as type, "event.userIdentity.userName" as userName
示例二：查詢管控事件中所有寫事件的聚合情況
說明
如果設置的查詢時間段較長，建議設置LIMIT N，返回N條事件。例如：設置LIMIT 20，返回20條事件。
* AND "event.eventCategory": Management AND "event.eventRW": Write | SELECT"event.serviceName"AS servieName,"event.eventName"AS eventName,"event.eventRw"AS eventRw,"event.sourceIpAddress"AS sourceIpAddress,"event.resourceName"AS resourceName,"event.resourceType"AS resourceType,"event.userIdentity.userName"AS userName,"event.userIdentity.type"AS userType,"event.userIdentity.accessKeyId"AS accessKeyId,"event.acsRegion"AS eventRegion,COUNT("event.eventId")AS n, date_trunc('hour', __time__) AS time GROUP BY time, servieName, eventName, eventRw, sourceIpAddress, resourceType, resourceName, accessKeyId, userType, userName, eventRegion ORDER BY time DESC LIMIT 20
示例三：查詢Insight事件中所有IP異常事件
* AND "event.eventCategory": Insight AND event.insightDetails.insightType: IpInsight | select from_unixtime(__time__) as eventTime, "event.acsRegion" as eventRegion, "event.insightDetails.sourceIpAddress" as sourceIpAddress, "event.insightDetails.insightContext.statistics.insightCount" as count

日本熟妇hd丰满老熟妇,中文字幕一区二区三区在线不卡 ,亚洲成片在线观看,免费女同在线一区二区

如何在SLS設置SQL語句查詢操作審計的事件

SQL語句語法

SQL語句示例