You need to enable JavaScript to run this app.
导航
私有网络
  • 文档首页
    • /
  • 私有网络

使用示例

最近更新时间2024.01.17 14:54:53

首次发布时间2024.01.09 07:24:42

我的收藏

本文为您介绍使用流日志的示例。

查看云服务器通过公网IP与公网互访的流量

云服务器绑定公网IP访问公网,以访问特定公网IP(2.XX.XX.2)为例,为ECS配置流日志:

  • ECS(主网卡ID为eni-bp1fgnh68xyz9**** )为访问某特定公网IP(2.XX.XX.2)

    • 流日志字段

      1 210004XXXX eni-bp1fgnh68xyz9**** 192.XX.XX.117 2.XX.XX.2 <srcport> <dstport> <protocol> <packets> <bytes> <start> <end> ACCEPT OK

    • SQL检索分析语句示例

      srcaddr:"192.XX.XX.117" and dstaddr: "2.XX.XX.2" | SELECT DATE_FORMAT(t, '%H:%i:%S') AS time, dstaddr, SUM((bytes * 8) / (`end` - start)) AS bandwidth FROM (SELECT `end`, start, dstaddr, bytes, (__time__ - (__time__ % 3600000)) AS t limit 1000) GROUP BY time, dstaddr ORDER BY time ASC limit 1000

  • 某特定公网IP(2.XX.XX.2)访问ECS(主网卡ID为eni-bp1fgnh68xyz9**** ):

    • 流日志字段

      1 210004XXXX eni-bp1fgnh68xyz9**** 2.XX.XX.2 192.XX.XX.117 <srcport> <dstport> <protocol> <packets> <bytes> <start> <end> ACCEPT OK

    • SQL检索分析语句示例

      srcaddr:"2.XX.XX.2" and dstaddr: "192.XX.XX.117" | SELECT DATE_FORMAT(t, '%H:%i:%S') AS time, dstaddr, SUM((bytes * 8) / (`end` - start)) AS bandwidth FROM (SELECT `end`, start, dstaddr, bytes, (__time__ - (__time__ % 3600000)) AS t limit 1000) GROUP BY time, dstaddr ORDER BY time ASC limit 1000

查看同一私有网络内云服务器之间的互访流量

同一私有网络内云服务器之间私网互访,为ECS-1配置流日志:

  • ECS-1(主网卡ID为eni-bp1fgnh68xyz9**** )访问ECS-2的流量

    • 流日志字段
      1 210004XXXX eni-bp1fgnh68xyz9**** 10.10.XX.XX 10.50.XX.XX <srcport> <dstport> <protocol> <packets> <bytes> <start> <end> ACCEPT OK

    • SQL检索分析语句示例

      srcaddr:"10.10.XX.XX" and dstaddr: "10.50.XX.XX" | SELECT DATE_FORMAT(t, '%H:%i:%S') AS time, dstaddr, SUM((bytes * 8) / (`end` - start)) AS bandwidth FROM (SELECT `end`, start, dstaddr, bytes, (__time__ - (__time__ % 3600000)) AS t limit 1000) GROUP BY time, dstaddr ORDER BY time ASC limit 1000

  • ECS-2访问ECS-1(主网卡ID为eni-bp1fgnh68xyz9**** )的流量

    • 流日志字段

      1 210004XXXX eni-bp1fgnh68xyz9**** 10.50.XX.XX 10.10.XX.XX <srcport> <dstport> <protocol> <packets> <bytes> <start> <end> ACCEPT OK

    • SQL检索分析语句示例

      srcaddr:"10.50.XX.XX" and dstaddr: "10.10.XX.XX" | SELECT DATE_FORMAT(t, '%H:%i:%S') AS time, dstaddr, SUM((bytes * 8) / (`end` - start)) AS bandwidth FROM (SELECT `end`, start, dstaddr, bytes, (__time__ - (__time__ % 3600000)) AS t limit 1000) GROUP BY time, dstaddr ORDER BY time ASC limit 1000

查看云服务器通过公网NAT网关访问公网或被公网访问的流量

云服务器通过公网NAT网关访问公网,为VPC配置流日志:

  • ECS-1(主网卡ID为eni-bp1fgnh68xyz9**** )通过SNAT规则访问某特定公网IP(2.XX.XX.2)

    • 流日志字段
      1 210004XXXX eni-bp1fgnh68xyz9**** 192.XX.XX.117 2.XX.XX.2 <srcport> <dstport> <protocol> <packets> <bytes> <start> <end> ACCEPT OK

    • SQL检索分析语句示例

      srcaddr:"192.XX.XX.117" and dstaddr: "172.20.1.128" | SELECT DATE_FORMAT(t, '%H:%i:%S') AS time, dstaddr, SUM((bytes * 8) / (`end` - start)) AS bandwidth FROM (SELECT `end`, start, dstaddr, bytes, (__time__ - (__time__ % 3600000)) AS t limit 1000) GROUP BY time, dstaddr ORDER BY time ASC limit 1000

  • 某特定公网IP(2.XX.XX.2)通过DNAT规则访问ECS-4(主网卡ID为eni-bp1fgnh68abc8**** )

    • 流日志字段
      1 210004XXXX eni-bp1fgnh68abc8**** 2.XX.XX.2 192.XX.XX.120 <srcport> <dstport> <protocol> <packets> <bytes> <start> <end> ACCEPT OK
    • SQL检索分析语句示例
      srcaddr:"2.XX.XX.2" and dstaddr: "192.XX.XX.120" | SELECT DATE_FORMAT(t, '%H:%i:%S') AS time, dstaddr, SUM((bytes * 8) / (`end` - start)) AS bandwidth FROM (SELECT `end`, start, dstaddr, bytes, (__time__ - (__time__ % 3600000)) AS t limit 1000) GROUP BY time, dstaddr ORDER BY time ASC limit 1000

查看公网通过负载均衡访问云服务器的流量

特定公网IP(2.XX.XX.2)通过CLB访问后端服务器的服务,为ECS-1(主网卡ID为eni-bp1fgnh68xyz9**** )配置流日志:

  • 流日志字段

    1 210004XXXX eni-bp1fgnh68xyz9**** 2.XX.XX.2 10.XX.XX.5 <srcport> <dstport> <protocol> <packets> <bytes> <start> <end> ACCEPT OK

  • SQL检索分析语句示例

    srcaddr:"2.XX.XX.2" and dstaddr: "10.XX.XX.5" | SELECT DATE_FORMAT(t, '%H:%i:%S') AS time, dstaddr, SUM((bytes * 8) / (`end` - start)) AS bandwidth FROM (SELECT `end`, start, dstaddr, bytes, (__time__ - (__time__ % 3600000)) AS t limit 1000) GROUP BY time, dstaddr ORDER BY time ASC limit 1000

查看通过私网连接终端节点的流量

同账号场景下,终端节点所属VPC中的云服务器访问终端节点服务中服务资源。

  • 为ECS-1(主网卡ID为eni-bp1fgnh68xyz9**** )配置流日志
    源地址为ECS-1私网IP,目的地址为终端节点网卡的IP地址。

    • 流日志字段
      1 210004XXXX eni-bp1fgnh68xyz9**** 10.XX.XX.5 10.XX.XX.6 <srcport> <dstport> <protocol> <packets> <bytes> <start> <end> ACCEPT OK

    • SQL检索分析语句示例

      srcaddr:"10.XX.XX.5" and dstaddr: "10.XX.XX.6" | SELECT DATE_FORMAT(t, '%H:%i:%S') AS time, dstaddr, SUM((bytes * 8) / (`end` - start)) AS bandwidth FROM (SELECT `end`, start, dstaddr, bytes, (__time__ - (__time__ % 3600000)) AS t limit 1000) GROUP BY time, dstaddr ORDER BY time ASC limit 1000

  • 为ECS-2(主网卡ID为eni-bp1fgnh68abc8****)配置流日志

    源地址为100.64.XX.XX,目的地址为ECS2的IP地址。

    • 流日志字段
      1 210004XXXX eni-bp1fgnh68abc8**** 100.64.XX.XX 10.50.XX.XX <srcport> <dstport> <protocol> <packets> <bytes> <start> <end> ACCEPT OK

    • SQL检索分析语句示例

      srcaddr:"100.64.XX.XX" and dstaddr: "10.50.XX.XX" | SELECT DATE_FORMAT(t, '%H:%i:%S') AS time, dstaddr, SUM((bytes * 8) / (`end` - start)) AS bandwidth FROM (SELECT `end`, start, dstaddr, bytes, (__time__ - (__time__ % 3600000)) AS t limit 1000) GROUP BY time, dstaddr ORDER BY time ASC limit 1000

查看私有网络之间互访的流量

VPC1和VPC2中的ECS通过云企业网、中转路由器或VPN进行打通。为ECS-1配置流日志:

  • ECS-1(主网卡ID为eni-bp1fgnh68xyz9**** )访问ECS-2的流量

    • 流日志字段
      1 210004XXXX eni-bp1fgnh68xyz9**** 10.10.XX.XX 10.50.XX.XX <srcport> <dstport> <protocol> <packets> <bytes> <start> <end> ACCEPT OK

    • SQL检索分析语句示例

    srcaddr:"10.10.XX.XX" and dstaddr: "10.50.XX.XX" | SELECT DATE_FORMAT(t, '%H:%i:%S') AS time, dstaddr, SUM((bytes * 8) / (`end` - start)) AS bandwidth FROM (SELECT `end`, start, dstaddr, bytes, (__time__ - (__time__ % 3600000)) AS t limit 1000) GROUP BY time, dstaddr ORDER BY time ASC limit 1000

  • ECS-2访问ECS-1(主网卡ID为eni-bp1fgnh68xyz9**** )的流量

    • 流日志字段

      1 210004XXXX eni-bp1fgnh68xyz9***** 10.50.XX.XX 10.10.XX.XX <srcport> <dstport> <protocol> <packets> <bytes> <start> <end> ACCEPT OK

    • SQL检索分析语句示例

      srcaddr:"10.50.XX.XX" and dstaddr: "10.10.XX.XX" | SELECT DATE_FORMAT(t, '%H:%i:%S') AS time, dstaddr, SUM((bytes * 8) / (`end` - start)) AS bandwidth FROM (SELECT `end`, start, dstaddr, bytes, (__time__ - (__time__ % 3600000)) AS t limit 1000) GROUP BY time, dstaddr ORDER BY time ASC limit 1000

查看云上私有网络与云下数据中心的互访流量

ECS-1和IDC之间通过VPN或云企业网配合专线的方式进行连接。为ECS-1配置流日志:

  • ECS-1((主网卡ID为eni-bp1fgnh68xyz9**** )访问IDC的流量

    • 流日志字段
      1 210004XXXX eni-bp1fgnh68xyz9**** 10.10.XX.XX 10.50.XX.XX <srcport> <dstport> <protocol> <packets> <bytes> <start> <end> ACCEPT OK

    • SQL检索分析语句示例

    srcaddr:"10.10.XX.XX" and dstaddr: "10.50.XX.XX" | SELECT DATE_FORMAT(t, '%H:%i:%S') AS time, dstaddr, SUM((bytes * 8) / (`end` - start)) AS bandwidth FROM (SELECT `end`, start, dstaddr, bytes, (__time__ - (__time__ % 3600000)) AS t limit 1000) GROUP BY time, dstaddr ORDER BY time ASC limit 1000

  • 从IDC发送到ECS-1(主网卡ID为eni-bp1fgnh68xyz9**** )的流量

    • 流日志字段
      1 210004XXXX eni-bp1fgnh68xyz9**** 10.50.XX.XX 10.10.XX.XX <srcport> <dstport> <protocol> <packets> <bytes> <start> <end> ACCEPT OK

    • SQL检索分析语句示例

      srcaddr:"10.50.XX.XX" and dstaddr: "10.10.XX.XX" | SELECT DATE_FORMAT(t, '%H:%i:%S') AS time, dstaddr, SUM((bytes * 8) / (`end` - start)) AS bandwidth FROM (SELECT `end`, start, dstaddr, bytes, (__time__ - (__time__ % 3600000)) AS t limit 1000) GROUP BY time, dstaddr ORDER BY time ASC limit 1000

查看被安全组、网络ACL拒绝的流量

以网卡 eni-bp1fgnh68xyz9**** 拒绝RDP流量(目标端口3389,TCP协议)为例:

  • 流日志字段
    1 210004XXXX eni-bp1fgnh68xyz9**** 10.XX.XX.5 <dstaddr> <srcport> 3389 6 <packets> <bytes> <start> <end> REJECT OK

  • SQL检索分析语句示例

    srcaddr:"10.XX.XX.5" and dstport:"3389" and action: "REJECT"   | SELECT DATE_FORMAT(t, '%H:%i:%S') AS time, dstaddr, SUM((bytes * 8) / (`end` - start)) AS bandwidth FROM (SELECT `end`, start, dstaddr, bytes, (__time__ - (__time__ % 3600000)) AS t limit 1000) GROUP BY time, dstaddr ORDER BY time ASC limit 1000