tencent cloud

Tencent Container Security Service

Release Notes
Product Introduction
Overview
Strengths
Use Cases
Features and Versions
Purchase Guide
Applying for Trial
Purchasing Pro Edition
Purchasing Image Scan
Purchasing Log Analysis
Getting Started
Operation Guide
Security Overview
Asset Management
Vulnerability Detection
Image Risk Management
Cluster Risk Management
Baseline Management
Runtime Security
Advanced Defense
Policy Management
Protection Switch
Alarm Settings
Log Analysis
Hybrid Cloud Installation Guide
Compromised Container Isolation
Log Field Data Parsing
Practical Tutorial
Mirror Vulnerability Scanning and Vulnerability Management
Troubleshooting
Offline Linux Client
Troubleshooting for Cluster Access
API Documentation
History
Introduction
API Category
Making API Requests
Network Security APIs
Cluster Security APIs
Security Compliance APIs
Runtime security - High-risk syscalls
Runtime Security - Reverse Shell APIs
Runtime Security APIs
Alert Settings APIs
Advanced prevention - K8s API abnormal requests
Asset Management APIs
Security Operations - Log Analysis APIs
Runtime Security - Trojan Call APIs
Runtime Security - Container Escape APIs
Image Security APIs
Billing APIs
Data Types
Error Codes
FAQs
TCSS Policy
Privacy Policy
Data Processing And Security Agreement
Contact Us
Glossary
DocumentationTencent Container Security ServiceOperation GuideLog Field Data Parsing

Log Field Data Parsing

PDF
Focus Mode
Font Size
Last updated: 2025-04-11 15:59:32

Container Bash Logs

Name
Type
Meaning
image_id
string
Image ID
container_id
string
Container ID
image_name
string
Image Name
container_name
string
Container Name
cmd
string
Command line parameter
{
  "cmd": "exit",
  "container_id": "fcdbbfae",
  "container_name": "/reverseshell",
  "image_id": "sha256:eeb6ee3f",
  "image_name": "centos:7"
}

Container Startup Audit Log

Name
Type
Meaning
image_id
string
Image ID
container_id
string
Container ID
image_name
string
Image Name
container_name
string
Container Name
status
string
Container Status
id
string
Container ID
from
string
Basic image name
Type
string
Event type
Action
string
Operation
scope
string
Deployment Methods
{
  "Action": "exec_start",
  "container_id": "a197708a59b2809",
  "container_name": "-",
  "from": "registry.xxx.com/service/mysql@sha256:xxx",
  "id": "a197708a59b2809",
  "image_id": "-",
  "image_name": "-",
  "scope": "local",
  "status": "exec_start",
  "Type": "container"
}

Kubernetes API Audit Logs

Name
Type
Meaning
image_id
string
Image ID
container_id
string
Container ID
image_name
string
Image Name
container_name
string
Container Name
clusterId
string
The cluster ID.
kind
string
API Event Type
apiVersion
string
API version
level
string
Log Level
auditID
string
Unique Log Index ID
stage
string
K8s API Request Status
requestURI
string
K8s API Request URI
verb
string
Operation Type
sourceIPs
string
Requesting User IP
userAgent
string
Requesting user container/user corresponding client
requestReceivedTimestamp
string
Timestamp of request arrival at Apiserver
stageTimestamp
string
Timestamp for processing requests at the current stage
{
  "apiVersion": "audit.k8s.io/v1",
  "auditID": "xxx-xxx-xxx-9d69-xxx",
  "clusterId": "-",
  "container_id": "-",
  "container_name": "-",
  "image_id": "-",
  "image_name": "-",
  "kind": "Event",
  "level": "Request",
  "requestReceivedTimestamp": "2024-01-01T13:20:48.899288Z",
  "requestURI": "/apis/batch/v1beta1/cronjobs?limit=500",
  "sourceIPs": "127.0.0.0",
  "stage": "ResponseComplete",
  "stageTimestamp": "2024-01-01T13:20:48.900236Z",
  "userAgent": "kube-controller-manager/v1.18.0 (linux/amd64) kubernetes",
  "verb": "list"
}

Previous Topic: Compromised Container IsolationNext Topic: Mirror Vulnerability Scanning and Vulnerability Management

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback