admin/geedge-jira
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6a8bfef5778fc7ddd06fa05776bf1ecd0f61d4c4
geedge-jira/attachment/59232/qgw-slowQuery.log
hello 6a8bfef577 add attachments
2025-09-14 22:00:20 +00:00

37 lines
67 KiB
Plaintext
Raw Blame History

[2024-06-19 02:04:26+0000] [INFO] [Thread:http-nio-8183-exec-144] [66723c87ed8dca1b06db089e2a7ba09c] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.get","classMethod":"com.mesalab.qgw.controller.QueryController.get","clientIp":"10.160.12.51","elapsed":34632,"method":"GET","remoteAddr":"10.160.12.51","requestId":"66723c87ed8dca1b06db089e2a7ba09c","requestParam":"[SQLQueryContext(originalSQL=SELECT app AS \"Application\", sum(received_pkts + sent_pkts) AS \"Packets Sent Packets Received\" FROM session_record WHERE recv_time >= UNIX_TIMESTAMP('2024-06-18T00:00:00+06:30') AND recv_time < UNIX_TIMESTAMP('2024-06-19T00:00:00+06:30') AND session_record.vsys_id IN (1) GROUP BY app ORDER BY \"Packets Sent Packets Received\" DESC LIMIT 30, option=long_term, sampled=null, format=null, queryId=null, resultId=null, timeout=null, dbEngine=null, sqlDialect=null, federationSelectStatement=null, dbSelectStatement=null)]","url":"http://qgwService/sql"}
[2024-06-19 03:34:46+0000] [INFO] [Thread:http-nio-8183-exec-162] [66725194b8310b74c745a81eb030edb4] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":65822,"method":"POST","remoteAddr":"10.160.12.51","requestId":"66725194b8310b74c745a81eb030edb4","requestParam":"[SqlQueryRequestParam(statement=SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, processing_time, ingestion_time, insert_time, device_id, out_link_id, in_link_id, data_center, device_group, sled_ip, address_type, direction, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, sc_rule_list, statistics_rule_list, sc_rsp_raw, sc_rsp_decrypted, shaping_rule_list, proxy_rule_list, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_server_side_latency_ms, proxy_client_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, apn, phone_number, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_content, ip_protocol, decoded_path, fqdn_category_list, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, encapsulation, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc, http_url, http_host, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_sequence, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, mail_starttls_flag, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_link_type, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method FROM session_record WHERE recv_time >= UNIX_TIMESTAMP('2024-06-16 17:30:00') AND recv_time < UNIX_TIMESTAMP('2024-06-18 17:29:59') AND ((server_ip = '103.89.48.51' AND server_ip = '103.89.48.145' AND server_ip = '103.89.48.20')) AND session_record.vsys_id IN (1) ORDER BY recv_time DESC LIMIT 0, 50, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 03:34:46+0000] [INFO] [Thread:http-nio-8183-exec-164] [6672519cb655d7246313d2f3e0f255e1] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":58018,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672519cb655d7246313d2f3e0f255e1","requestParam":"[SqlQueryRequestParam(statement=SELECT FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(recv_time, 'PT10M', 'zero')) AS stat_time, decoded_as AS type, COUNT(1) AS sessions, SUM(sent_bytes + received_bytes) AS bytes, SUM(sent_pkts + received_pkts) AS packets FROM session_record WHERE recv_time >= UNIX_TIMESTAMP('2024-06-16 17:30:00') AND recv_time < UNIX_TIMESTAMP('2024-06-18 17:29:59') AND vsys_id IN (1) AND ((server_ip = '103.89.48.51' OR server_ip = '103.89.48.145' OR server_ip = '103.89.48.20')) GROUP BY stat_time, decoded_as, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 03:35:25+0000] [INFO] [Thread:http-nio-8183-exec-144] [667251e2329504803f0ddb42db9ba226] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":26949,"method":"POST","remoteAddr":"10.160.12.51","requestId":"667251e2329504803f0ddb42db9ba226","requestParam":"[SqlQueryRequestParam(statement=SELECT FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(recv_time, 'PT10M', 'zero')) AS stat_time, decoded_as AS type, COUNT(1) AS sessions, SUM(sent_bytes + received_bytes) AS bytes, SUM(sent_pkts + received_pkts) AS packets FROM session_record WHERE recv_time >= UNIX_TIMESTAMP('2024-06-16 17:30:00') AND recv_time < UNIX_TIMESTAMP('2024-06-18 17:29:59') AND vsys_id IN (1) AND ((server_ip = '103.89.48.51' OR server_ip = '103.89.48.145' OR server_ip = '103.89.48.20')) GROUP BY stat_time, decoded_as, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 03:40:04+0000] [INFO] [Thread:http-nio-8183-exec-167] [667252e7daca500355750b660b599770] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":44427,"method":"POST","remoteAddr":"10.160.12.51","requestId":"667252e7daca500355750b660b599770","requestParam":"[SqlQueryRequestParam(statement=SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, processing_time, ingestion_time, insert_time, device_id, out_link_id, in_link_id, data_center, device_group, sled_ip, address_type, direction, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, sc_rule_list, statistics_rule_list, sc_rsp_raw, sc_rsp_decrypted, shaping_rule_list, proxy_rule_list, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_server_side_latency_ms, proxy_client_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, apn, phone_number, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_content, ip_protocol, decoded_path, fqdn_category_list, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, encapsulation, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc, http_url, http_host, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_sequence, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, mail_starttls_flag, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_link_type, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method FROM session_record WHERE recv_time >= UNIX_TIMESTAMP('2024-06-16 17:30:00') AND recv_time < UNIX_TIMESTAMP('2024-06-18 17:29:59') AND ((server_ip = '103.89.48.51')) AND session_record.vsys_id IN (1) ORDER BY recv_time DESC LIMIT 0, 50, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 03:44:47+0000] [INFO] [Thread:http-nio-8183-exec-162] [667254194ed312f6362d8dcceabb7a76] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":22040,"method":"POST","remoteAddr":"10.160.12.51","requestId":"667254194ed312f6362d8dcceabb7a76","requestParam":"[SqlQueryRequestParam(statement=SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, processing_time, ingestion_time, insert_time, device_id, out_link_id, in_link_id, data_center, device_group, sled_ip, address_type, direction, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, apn, phone_number, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_content, ip_protocol, decoded_path, fqdn_category_list, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, encapsulation, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc, http_url, http_host, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_sequence, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, mail_starttls_flag, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_link_type, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method FROM security_event WHERE recv_time >= UNIX_TIMESTAMP('2024-06-17 08:30:12') AND recv_time < UNIX_TIMESTAMP('2024-06-19 11:41:52') AND ((has(security_rule_list, 1319))) AND security_event.vsys_id IN (1) ORDER BY recv_time DESC LIMIT 0, 20, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 03:45:00+0000] [INFO] [Thread:http-nio-8183-exec-147] [66725419e42ed54bcbe9c88e38a3ed00] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":34736,"method":"POST","remoteAddr":"10.160.12.51","requestId":"66725419e42ed54bcbe9c88e38a3ed00","requestParam":"[SqlQueryRequestParam(statement=SELECT FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(recv_time, 'PT16M', 'zero')) AS stat_time, security_action AS type, COUNT(1) AS sessions, SUM(sent_bytes + received_bytes) AS bytes, SUM(sent_pkts + received_pkts) AS packets FROM security_event WHERE recv_time >= UNIX_TIMESTAMP('2024-06-17 08:30:12') AND recv_time < UNIX_TIMESTAMP('2024-06-19 11:41:52') AND vsys_id IN (1) AND notEmpty(security_action) AND ((has(security_rule_list, 1319))) GROUP BY stat_time, security_action ORDER BY stat_time ASC, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 03:45:42+0000] [INFO] [Thread:http-nio-8183-exec-159] [667254514b56a50a2b8d7bcb01704a1d] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":21471,"method":"POST","remoteAddr":"10.160.12.51","requestId":"667254514b56a50a2b8d7bcb01704a1d","requestParam":"[SqlQueryRequestParam(statement=SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, processing_time, ingestion_time, insert_time, device_id, out_link_id, in_link_id, data_center, device_group, sled_ip, address_type, direction, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, apn, phone_number, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_content, ip_protocol, decoded_path, fqdn_category_list, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, encapsulation, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc, http_url, http_host, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_sequence, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, mail_starttls_flag, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_link_type, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method FROM security_event WHERE recv_time >= UNIX_TIMESTAMP('2024-06-16 03:45:38') AND recv_time < UNIX_TIMESTAMP('2024-06-19 03:45:38') AND ((has(security_rule_list, 1335))) AND security_event.vsys_id IN (1) ORDER BY recv_time DESC LIMIT 0, 20, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 03:48:13+0000] [INFO] [Thread:http-nio-8183-exec-166] [667254d61b498efd0c5300b179585ff5] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":39714,"method":"POST","remoteAddr":"10.160.12.51","requestId":"667254d61b498efd0c5300b179585ff5","requestParam":"[SqlQueryRequestParam(statement=SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, processing_time, ingestion_time, insert_time, device_id, out_link_id, in_link_id, data_center, device_group, sled_ip, address_type, direction, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, apn, phone_number, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_content, ip_protocol, decoded_path, fqdn_category_list, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, encapsulation, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc, http_url, http_host, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_sequence, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, mail_starttls_flag, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_link_type, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method FROM security_event WHERE recv_time >= UNIX_TIMESTAMP('2024-06-17 08:30:12') AND recv_time < UNIX_TIMESTAMP('2024-06-19 11:41:52') AND ((has(security_rule_list, 1319))) AND security_event.vsys_id IN (1) ORDER BY recv_time DESC LIMIT 0, 20, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 03:49:02+0000] [INFO] [Thread:http-nio-8183-exec-164] [667255049cd20885550dd99bf2a7a20a] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":41663,"method":"POST","remoteAddr":"10.160.12.51","requestId":"667255049cd20885550dd99bf2a7a20a","requestParam":"[SqlQueryRequestParam(statement=SELECT FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(recv_time, 'PT20M', 'zero')) AS stat_time, security_action AS type, COUNT(1) AS sessions, SUM(sent_bytes + received_bytes) AS bytes, SUM(sent_pkts + received_pkts) AS packets FROM security_event WHERE recv_time >= UNIX_TIMESTAMP('2024-06-16 03:48:38') AND recv_time < UNIX_TIMESTAMP('2024-06-19 03:48:38') AND vsys_id IN (1) AND notEmpty(security_action) AND ((has(security_rule_list, 1335))) GROUP BY stat_time, security_action ORDER BY stat_time ASC, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 03:50:28+0000] [INFO] [Thread:http-nio-8183-exec-164] [66725563d8709fcaf2c46af9bce7eb19] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":32986,"method":"POST","remoteAddr":"10.160.12.51","requestId":"66725563d8709fcaf2c46af9bce7eb19","requestParam":"[SqlQueryRequestParam(statement=SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, processing_time, ingestion_time, insert_time, device_id, out_link_id, in_link_id, data_center, device_group, sled_ip, address_type, direction, vsys_id, t_vsys_id, flags, flags_identify_info, monitor_rule_list, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, apn, phone_number, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_content, ip_protocol, decoded_path, fqdn_category_list, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, encapsulation, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc, http_url, http_host, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_sequence, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, mail_starttls_flag, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_link_type, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method FROM monitor_event WHERE recv_time >= UNIX_TIMESTAMP('2024-06-18 23:48:37') AND recv_time < UNIX_TIMESTAMP('2024-06-19 11:48:37') AND ((has(monitor_rule_list, 1287))) AND monitor_event.vsys_id IN (1) ORDER BY recv_time DESC LIMIT 0, 20, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 03:51:04+0000] [INFO] [Thread:http-nio-8183-exec-138] [6672548d6b59f42cba6591e8db190e9a] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":282698,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672548d6b59f42cba6591e8db190e9a","requestParam":"[SqlQueryRequestParam(statement=SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, processing_time, ingestion_time, insert_time, device_id, out_link_id, in_link_id, data_center, device_group, sled_ip, address_type, direction, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, sc_rule_list, statistics_rule_list, sc_rsp_raw, sc_rsp_decrypted, shaping_rule_list, proxy_rule_list, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_server_side_latency_ms, proxy_client_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, apn, phone_number, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_content, ip_protocol, decoded_path, fqdn_category_list, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, encapsulation, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc, http_url, http_host, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_sequence, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, mail_starttls_flag, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_link_type, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method FROM session_record WHERE recv_time >= UNIX_TIMESTAMP('2024-06-16 17:30:00') AND recv_time < UNIX_TIMESTAMP('2024-06-18 17:29:59') AND ((server_ip = '103.89.48.51')) AND session_record.vsys_id IN (1) ORDER BY recv_time DESC LIMIT 0, 50, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 03:53:36+0000] [INFO] [Thread:http-nio-8183-exec-165] [667255f73e704fe42d7f842b7973e374] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":72935,"method":"POST","remoteAddr":"10.160.12.51","requestId":"667255f73e704fe42d7f842b7973e374","requestParam":"[SqlQueryRequestParam(statement=SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, processing_time, ingestion_time, insert_time, device_id, out_link_id, in_link_id, data_center, device_group, sled_ip, address_type, direction, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, apn, phone_number, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_content, ip_protocol, decoded_path, fqdn_category_list, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, encapsulation, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc, http_url, http_host, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_sequence, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, mail_starttls_flag, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_link_type, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method FROM security_event WHERE recv_time >= UNIX_TIMESTAMP('2024-06-17 03:03:59') AND recv_time < UNIX_TIMESTAMP('2024-06-19 03:44:19') AND ((has(security_rule_list, 1305) AND server_fqdn = 'github.com')) AND security_event.vsys_id IN (1) ORDER BY recv_time DESC LIMIT 0, 20, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 03:55:17+0000] [INFO] [Thread:http-nio-8183-exec-164] [667256616b4d4e0dffc996d2feb7b9de] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":67917,"method":"POST","remoteAddr":"10.160.12.51","requestId":"667256616b4d4e0dffc996d2feb7b9de","requestParam":"[SqlQueryRequestParam(statement=SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, processing_time, ingestion_time, insert_time, device_id, out_link_id, in_link_id, data_center, device_group, sled_ip, address_type, direction, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, sc_rule_list, statistics_rule_list, sc_rsp_raw, sc_rsp_decrypted, shaping_rule_list, proxy_rule_list, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_server_side_latency_ms, proxy_client_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, apn, phone_number, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_content, ip_protocol, decoded_path, fqdn_category_list, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, encapsulation, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc, http_url, http_host, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_sequence, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, mail_starttls_flag, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_link_type, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method FROM session_record WHERE recv_time >= UNIX_TIMESTAMP('2024-06-16 17:30:00') AND recv_time < UNIX_TIMESTAMP('2024-06-18 17:29:59') AND ((server_ip = '103.89.48.51')) AND session_record.vsys_id IN (1) ORDER BY recv_time DESC LIMIT 0, 50, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 03:59:21+0000] [INFO] [Thread:http-nio-8183-exec-165] [6672573de7166305e39995123f18e0e0] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":92496,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672573de7166305e39995123f18e0e0","requestParam":"[SqlQueryRequestParam(statement=SELECT server_fqdn AS \"Server FQDN\", sum(bytes) AS \"Bytes\" FROM statistics_rule WHERE __time >= '2024-06-16 23:00:00' AND __time < '2024-06-19 22:59:59' AND rule_id = 1341 AND template_id = 5 AND chart_id = 2003 AND version = 1 AND statistics_rule.vsys_id IN (1) GROUP BY server_fqdn ORDER BY \"Bytes\" DESC LIMIT 1024, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 03:59:23+0000] [INFO] [Thread:http-nio-8183-exec-155] [6672573dc49fa2b30bd58a566706b8af] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":94342,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672573dc49fa2b30bd58a566706b8af","requestParam":"[SqlQueryRequestParam(statement=SELECT server_ip AS \"Server IP\", sum(bytes) AS \"Bytes\" FROM statistics_rule WHERE __time >= '2024-06-16 23:00:00' AND __time < '2024-06-19 22:59:59' AND rule_id = 1341 AND template_id = 5 AND chart_id = 13 AND version = 1 AND statistics_rule.vsys_id IN (1) GROUP BY server_ip ORDER BY \"Bytes\" DESC LIMIT 64, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 04:04:43+0000] [INFO] [Thread:http-nio-8183-exec-144] [667258a2371e85a6d28dfaec34037248] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":56844,"method":"POST","remoteAddr":"10.160.12.51","requestId":"667258a2371e85a6d28dfaec34037248","requestParam":"[SqlQueryRequestParam(statement=SELECT FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(recv_time, 'PT10M', 'zero')) AS stat_time, decoded_as AS type, COUNT(1) AS sessions, SUM(sent_bytes + received_bytes) AS bytes, SUM(sent_pkts + received_pkts) AS packets FROM session_record WHERE recv_time >= UNIX_TIMESTAMP('2024-06-16 17:30:00') AND recv_time < UNIX_TIMESTAMP('2024-06-18 17:29:59') AND vsys_id IN (1) AND ((server_ip = '103.89.48.145')) GROUP BY stat_time, decoded_as, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 04:06:26+0000] [INFO] [Thread:http-nio-8183-exec-162] [6672592ca22d87554576d5083a190ffd] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":21198,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672592ca22d87554576d5083a190ffd","requestParam":"[SqlQueryRequestParam(statement=SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, processing_time, ingestion_time, insert_time, device_id, out_link_id, in_link_id, data_center, device_group, sled_ip, address_type, direction, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, sc_rule_list, statistics_rule_list, sc_rsp_raw, sc_rsp_decrypted, shaping_rule_list, proxy_rule_list, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_server_side_latency_ms, proxy_client_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_asn, subscriber_id, imei, imsi, apn, phone_number, server_ip, server_port, server_os_desc, server_geolocation, server_asn, server_fqdn, server_domain, app_transition, app, app_content, ip_protocol, decoded_path, fqdn_category_list, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, encapsulation, dup_traffic_flag, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc, http_url, http_host, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_sequence, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_eml_file, mail_starttls_flag, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_link_type, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method FROM session_record WHERE recv_time >= UNIX_TIMESTAMP('2024-06-16 17:30:00') AND recv_time < UNIX_TIMESTAMP('2024-06-18 17:29:59') AND ((server_ip = '103.89.48.51')) AND session_record.vsys_id IN (1) ORDER BY recv_time DESC LIMIT 0, 50, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 09:29:34+0000] [INFO] [Thread:http-nio-8183-exec-171] [6672a422768672827f3bfd51e99f5761] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":220123,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672a422768672827f3bfd51e99f5761","requestParam":"[SqlQueryRequestParam(statement=SELECT FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(recv_time, 'PT10M', 'zero')) AS stat_time, decoded_as AS type, COUNT(1) AS sessions, SUM(sent_bytes + received_bytes) AS bytes, SUM(sent_pkts + received_pkts) AS packets FROM session_record WHERE recv_time >= UNIX_TIMESTAMP('2024-06-16 17:30:00') AND recv_time < UNIX_TIMESTAMP('2024-06-18 17:29:59') AND vsys_id IN (1) AND ((server_ip = '103.89.48.51' OR server_ip = '103.89.48.145' OR server_ip = '103.89.48.20')) GROUP BY stat_time, decoded_as, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 10:10:54+0000] [INFO] [Thread:http-nio-8183-exec-138] [6672ae6c32e0e2fc740faa3ff24f517e] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":66787,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672ae6c32e0e2fc740faa3ff24f517e","requestParam":"[SqlQueryRequestParam(statement=SELECT SUM(in_bytes) * 8 / 5 AS in_bps, SUM(out_bytes) * 8 / 5 AS out_bps, SUM(in_bytes + out_bytes) * 8 / 5 AS total_bps FROM security_rule_hits WHERE __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now()) - 15) AND __time < FROM_UNIXTIME(UNIX_TIMESTAMP(now()) - 10) AND vsys_id IN (1) AND rule_id IN (759), customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 10:10:54+0000] [INFO] [Thread:http-nio-8183-exec-170] [6672ae6c0d0db77f8bdcea95d1614116] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":66781,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672ae6c0d0db77f8bdcea95d1614116","requestParam":"[SqlQueryRequestParam(statement=SELECT FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S', 'zero')) AS stat_time, SUM(hit_count) AS hits FROM security_rule_hits WHERE __time >= '2024-06-19 10:09:40' AND __time < '2024-06-19 10:09:42' AND rule_id IN (759) AND vsys_id IN (1) GROUP BY FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S', 'zero')), customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 10:10:54+0000] [INFO] [Thread:http-nio-8183-exec-164] [6672ae6c5778afaaf7750101b3137f09] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":66587,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672ae6c5778afaaf7750101b3137f09","requestParam":"[SqlQueryRequestParam(statement=SELECT FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S', 'zero')) AS stat_time, SUM(hit_count) AS hits FROM security_rule_hits WHERE __time >= '2024-06-19 10:08:36' AND __time < '2024-06-19 10:08:39' AND rule_id IN (1431) AND vsys_id IN (1) GROUP BY FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S', 'zero')), customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 10:10:55+0000] [INFO] [Thread:http-nio-8183-exec-166] [6672ae6ccfc5a1a151c0d935b85cddc2] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":66682,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672ae6ccfc5a1a151c0d935b85cddc2","requestParam":"[SqlQueryRequestParam(statement=SELECT rule_id, SUM(hit_count) AS hits, SUM(in_bytes + out_bytes) AS bytes FROM security_rule_hits WHERE __time >= '2024-06-16 10:09:47' AND __time < '2024-06-19 10:09:47' AND rule_id IN (759) AND vsys_id IN (1) GROUP BY rule_id, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 10:10:55+0000] [INFO] [Thread:http-nio-8183-exec-165] [6672ae6c1dde6769c455ef2ecbf852ba] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":66201,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672ae6c1dde6769c455ef2ecbf852ba","requestParam":"[SqlQueryRequestParam(statement=SELECT FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S', 'zero')) AS stat_time, SUM(hit_count) AS hits FROM security_rule_hits WHERE __time >= '2024-06-19 10:09:58' AND __time < '2024-06-19 10:10:01' AND rule_id IN (1383) AND vsys_id IN (1) GROUP BY FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S', 'zero')), customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 10:10:55+0000] [INFO] [Thread:http-nio-8183-exec-147] [6672ae6c3df5fec97f5120a54f371701] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":66413,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672ae6c3df5fec97f5120a54f371701","requestParam":"[SqlQueryRequestParam(statement=SELECT server_ip AS \"Server IP\", sum(bytes) AS \"Bytes\" FROM statistics_rule WHERE __time >= '2024-06-19 10:04:37' AND __time < '2024-06-19 10:09:37' AND rule_id = 1285 AND template_id = 4037 AND chart_id = 4057 AND version = 1 AND statistics_rule.vsys_id IN (1) GROUP BY server_ip ORDER BY \"Bytes\" DESC LIMIT 100, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 10:10:55+0000] [INFO] [Thread:http-nio-8183-exec-162] [6672ae6c6dbc2c41ec9fe3c0ced76fb4] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":66452,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672ae6c6dbc2c41ec9fe3c0ced76fb4","requestParam":"[SqlQueryRequestParam(statement=SELECT application AS \"Application\", sum(bytes) AS \"Bytes\", sum(sessions) AS \"Sessions\" FROM statistics_rule WHERE __time >= '2024-06-19 10:04:37' AND __time < '2024-06-19 10:09:37' AND rule_id = 1285 AND template_id = 4037 AND chart_id = 4065 AND version = 1 AND statistics_rule.vsys_id IN (1) GROUP BY application ORDER BY \"Bytes\" DESC LIMIT 1024, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 10:10:55+0000] [INFO] [Thread:http-nio-8183-exec-171] [6672ae6c73d3cba008ce6c59058221e9] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":66458,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672ae6c73d3cba008ce6c59058221e9","requestParam":"[SqlQueryRequestParam(statement=SELECT server_fqdn AS \"Server FQDN\", sum(sessions) AS \"Sessions\", sum(bytes) AS \"Bytes\" FROM statistics_rule WHERE __time >= '2024-06-19 10:04:37' AND __time < '2024-06-19 10:09:37' AND rule_id = 1285 AND template_id = 4037 AND chart_id = 4061 AND version = 3 AND statistics_rule.vsys_id IN (1) GROUP BY server_fqdn ORDER BY \"Sessions\" DESC LIMIT 8192, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 10:10:55+0000] [INFO] [Thread:http-nio-8183-exec-173] [6672ae6d0ff77eaf2826199db5e478fa] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":65263,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672ae6d0ff77eaf2826199db5e478fa","requestParam":"[SqlQueryRequestParam(statement=SELECT rule_id, SUM(hit_count) AS hits, SUM(in_bytes + out_bytes) AS bytes FROM security_rule_hits WHERE __time >= '2024-06-16 10:10:07' AND __time < '2024-06-19 10:10:07' AND rule_id IN (1383) AND vsys_id IN (1) GROUP BY rule_id, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 10:10:55+0000] [INFO] [Thread:http-nio-8183-exec-176] [6672ae787e254616d2b7acade60d0137] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":54828,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672ae787e254616d2b7acade60d0137","requestParam":"[SqlQueryRequestParam(statement=SELECT rule_id, action, SUM(hit_count) AS hit_count, SUM(in_bytes + out_bytes) AS bytes FROM security_rule_hits WHERE __time >= '2024-06-18 22:10:00' AND __time < '2024-06-19 10:10:00' AND vsys_id IN (1) GROUP BY rule_id, action ORDER BY hit_count DESC LIMIT 10, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 10:10:55+0000] [INFO] [Thread:http-nio-8183-exec-178] [6672ae8f8f31ee9801037e19237714a3] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":32079,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672ae8f8f31ee9801037e19237714a3","requestParam":"[SqlQueryRequestParam(statement=SELECT rule_id, SUM(hit_count) AS hits, SUM(in_bytes + out_bytes) AS bytes FROM security_rule_hits WHERE __time >= '2024-06-19 09:48:40' AND __time < '2024-06-19 10:09:19' AND rule_id IN (1431) AND vsys_id IN (1) GROUP BY rule_id, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 10:10:55+0000] [INFO] [Thread:http-nio-8183-exec-159] [6672ae6d11911b67486f7d0cf5fef1ef] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":65693,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672ae6d11911b67486f7d0cf5fef1ef","requestParam":"[SqlQueryRequestParam(statement=SELECT rule_id, SUM(hit_count) AS hits, SUM(in_bytes + out_bytes) AS bytes FROM security_rule_hits WHERE rule_id IN (1383) AND vsys_id IN (1) GROUP BY rule_id, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 10:10:55+0000] [INFO] [Thread:http-nio-8183-exec-177] [6672ae8ffd91f298e73f6f8caef96cd2] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":32106,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672ae8ffd91f298e73f6f8caef96cd2","requestParam":"[SqlQueryRequestParam(statement=SELECT rule_id, DATE_FORMAT(MIN(__time), '%Y-%m-%d %H:%i:%s') AS first_hit, DATE_FORMAT(MAX(__time), '%Y-%m-%d %H:%i:%s') AS last_hit FROM security_rule_hits WHERE __time >= '2024-06-19 09:48:40' AND __time < '2024-06-19 10:09:19' AND rule_id IN (1431) AND vsys_id IN (1) GROUP BY rule_id, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 10:10:55+0000] [INFO] [Thread:http-nio-8183-exec-175] [6672ae7827b58e003c1d8b7bf7822990] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":55002,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672ae7827b58e003c1d8b7bf7822990","requestParam":"[SqlQueryRequestParam(statement=SELECT FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT180S', 'zero')) AS stat_time, AVG(sum_in_bytes) * 8 / 1 AS avg_in_bits_per_sec, AVG(sum_out_bytes) * 8 / 1 AS avg_out_bits_per_sec, AVG(sum_bytes) * 8 / 1 AS avg_bits_per_sec, MAX(sum_in_bytes) * 8 / 1 AS max_in_bits_per_sec, MAX(sum_out_bytes) * 8 / 1 AS max_out_bits_per_sec, MAX(sum_bytes) * 8 / 1 AS max_bits_per_sec, MIN(sum_in_bytes) * 8 / 1 AS min_in_bits_per_sec, MIN(sum_out_bytes) * 8 / 1 AS min_out_bits_per_sec, MIN(sum_bytes) * 8 / 1 AS min_bits_per_sec FROM (SELECT TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S') AS stat_time, SUM(in_bytes) AS sum_in_bytes, SUM(out_bytes) AS sum_out_bytes, SUM(in_bytes + out_bytes) AS sum_bytes FROM traffic_general_stat WHERE __time >= '2024-06-18 10:10:00' AND __time < '2024-06-19 10:10:00' AND vsys_id IN (1) GROUP BY TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT1S')) GROUP BY FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(stat_time, 'PT180S', 'zero')) ORDER BY stat_time ASC, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 10:10:56+0000] [INFO] [Thread:http-nio-8183-exec-174] [6672ae7826c9a61eee6277ad53478929] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createSQLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createSQLQuery","clientIp":"10.160.12.51","elapsed":56642,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672ae7826c9a61eee6277ad53478929","requestParam":"[SqlQueryRequestParam(statement=SELECT app_name, SUM(sessions) AS sessions, SUM(in_bytes) AS in_bytes, SUM(out_bytes) AS out_bytes, SUM(in_bytes + out_bytes) AS bytes, SUM(in_pkts) AS in_packets, SUM(out_pkts) AS out_packets, SUM(in_pkts + out_pkts) AS packets FROM application_protocol_stat WHERE __time >= '2024-06-18 22:10:00' AND __time < '2024-06-19 10:10:00' AND vsys_id IN (1) AND app_name IS NOT NULL GROUP BY app_name ORDER BY sessions DESC LIMIT 10, customRequestParam={})]","url":"http://qgwService/v1/query/sql"}
[2024-06-19 10:11:16+0000] [INFO] [Thread:http-nio-8183-exec-144] [6672ae6b6b7d7613dd56aef5610ecb23] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createDSLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createDSLQuery","clientIp":"10.160.12.51","elapsed":88364,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672ae6b6b7d7613dd56aef5610ecb23","requestParam":"[DSLQueryRequestParam(name=application-and-protocol-tree-composition, dataSource=null, granularity=null, filter= vsys_id IN (1), orderBy=null, intervals=[2024-06-17 17:30:00/2024-06-18 17:29:59], limit=null, customRequestParam={})]","url":"http://qgwService/v1/query/dsl"}
[2024-06-19 10:16:08+0000] [INFO] [Thread:http-nio-8183-exec-178] [6672afcecfea94d7cd01bf5b4a2f94fd] com.mesalab.qgw.aspect.AuditLogAspect.doAfterReturning(AuditLogAspect.java:97) [] - Audit Log [success]: {"annotation":"QueryController.createDSLQuery","classMethod":"com.mesalab.qgw.controller.QueryController.createDSLQuery","clientIp":"10.160.12.51","elapsed":25724,"method":"POST","remoteAddr":"10.160.12.51","requestId":"6672afcecfea94d7cd01bf5b4a2f94fd","requestParam":"[DSLQueryRequestParam(name=application-and-protocol-app-related-internal-ips, dataSource=null, granularity=null, filter= vsys_id IN (1) AND app IN ('telegram'), orderBy=null, intervals=[2024-06-17 17:30:00/2024-06-18 17:29:59], limit=0, 100, customRequestParam={})]","url":"http://qgwService/v1/query/dsl"}
Reference in New Issue View Git Blame Copy Permalink