Details for Cloud Guard
Logging details for Cloud Guard.
Resources
- Cloud Guard - Raw Logs, produced by Instance Security.
- Cloud Guard - Query Results Logs, produced by scheduled queries.
Availability
Cloud Guard logging is available in all the regions of the commercial realms.
Contents of a Cloud Guard Raw Log
Cloud Guard logs capture detailed information returned from Instance Security rules. Details appear as values in the data field.
| Property | Description |
|---|---|
type |
Shows the type of Cloud Guard log. |
executionTime |
Time the output was generated, in RFC 3339 timestamp format. |
result |
The result of the query. |
Sample Cloud Guard Raw Log
type": "com.oraclecloud.workloadprotection.cloudguardtarget.recipelog"
data.message:
{
"datetime": 1718555493912,
"logContent": {
"data": {
"executionTime": "2024-06-16T16:29:20Z",
"message": "CLAM executed on <unique_ID>, result 1/1",
"result": {
"clamscanexitcode": "",
"dataread": "",
"datascanned": "",
"engineversion": "",
"errormessage": "Cron File doesn't exist.",
"infectedfiles": "0",
"instanceid": "ocid1.instance.oc1.iad.<unique_ID>",
"knownviruses": "0",
"lastupdated": "2024-06-16T15:45:54Z",
"logfilelastmodified": "",
"quarantinefiles": "false",
"scanneddirectories": "0",
"scannedfiles": "0",
"secssincelastrun": "",
"secssincelastsuccess": "",
"submittedmetricscount": "0",
"time": ""
},
"resultGroupId": "<unique_ID>"
},
"id": "<unique_ID>",
"oracle": {
"compartmentid": "ocid1.tenancy.oc1..<unique_ID>",
"ingestedtime": "2024-06-16T16:31:36.200Z",
"logid": "ocid1.log.oc1.iad.<unique_ID>",
"tenantid": "ocid1.tenancy.oc1..<unique_ID>"
},
"source": "<unique_ID>",
"specversion": "1.0",
"subject": "CLAM",
"time": "2024-06-16T16:31:33.912Z",
"type": "com.oraclecloud.workloadprotection.cloudguardtarget.recipelog"
},
"regionId": "us-ashburn-1"
}Contents of a Cloud Guard Query Results Log
Cloud Guard logs capture detailed information returned from Cloud Guard queries. Each log entry contains information such as the time the request was received and the results of the query. Details appear as values in the data field. This value is a JSON-formatted data with the following fields.
| Property | Description |
|---|---|
type |
Shows the type of Cloud Guard log. |
executionTime |
Time the output was generated, in RFC 3339 timestamp format. |
result |
The result of the query. |
Sample Cloud Guard Query Results Log
type: "com.oraclecloud.workloadprotection.cloudguarddatasource.wlp_scheduled_query_logs"
data.message:
{
"datetime": 1717595881112,
"logContent": {
"data": {
"executionTime": "2024-06-05T13:51:43Z",
"message": "ocid1.cloudguarddatasource.oc1.iad.<unique_ID> executed on <source>, result 1/1",
"result": {
"builddistro": "centos7",
"buildplatform": "linux",
"confighash": "<unique_ID>",
"configvalid": "1",
"extensions": "active",
"instanceid": "ocid1.instance.oc1.iad.<unique_ID>",
"pid": "<unique_ID>",
"platformmask": "9",
"starttime": "1716921925",
"uuid": "<unique_ID>",
"version": "5.5.1_66",
"watcher": "3212697"
},
"resultGroupId": "<unique_ID>"
},
"id": "<unique_ID>",
"oracle": {
"compartmentid": "ocid1.compartment.oc1..<unique_ID>",
"ingestedtime": "2024-06-05T13:58:09.343Z",
"logid": "ocid1.log.oc1.iad.<unique_ID>",
"tenantid": "ocid1.tenancy.oc1..<unique_ID>"
},
"source": "<source>",
"specversion": "1.0",
"subject": "ocid1.cloudguarddatasource.oc1.iad.<unique_ID>",
"time": "2024-06-05T13:58:01.112Z",
"type": "com.oraclecloud.workloadprotection.cloudguarddatasource.wlp_scheduled_query_logs"
},
"regionId": "us-ashburn-1"
}