WAF 로그 수집 설정
Security Monitoring의 보안 로그 저장 기능을 활성화 하여 각 서비스별 보안 이벤트 로그를 CLA에 전달하여 저장할 수 있습니다.
https://guide-gov.ncloud-docs.com/docs/securitymonitoring-dashboard-vpc#%EB%B3%B4%EC%95%88-%EB%A1%9C%EA%B7%B8-%EC%A0%80%EC%9E%A5
Column
https://guide-gov.ncloud-docs.com/docs/securitymonitoring-clalog
Cloud Log Analytics → Object Storage
https://api-gov.ncloud-docs.com/docs/analytics-cloudloganalytics-exportlogs
shell 스크립트
#!/bin/bash
nl=$'\\n'
APIKEY="나는 API Key 이다."
TIMESTAMP=$(echo $(($(date +%s%N)/1000000)))
ACCESSKEY="나는 IAM의 Access Key다." # access key id (from portal or sub account)
SECRETKEY="나는 IAM의 Secret Key다." # secret key (from portal or sub account)
METHOD="POST"
URI="/vsecuritymonitoring/v1/getWAFList"
SIG="$METHOD $URI${nl}"
SIG+="$TIMESTAMP${nl}"
SIG+="$ACCESSKEY"
SIGNATURE=$(echo -n -e "$SIG"|iconv -t utf8 |openssl dgst -sha256 -hmac $SECRETKEY -binary|openssl enc -base64)
# 확인
echo $APIKEY $TIMESTAMP $ACCESSKEY $SECRETKEY $SIGNATURE $(expr $TIMESTAMP - 1800000)
result=`curl -X POST -H "Content-Type: application/json"\
-H "x-ncp-apigw-timestamp: $TIMESTAMP"\
-H "x-ncp-iam-access-key: $ACCESSKEY" \
-H "x-ncp-apigw-signature-v2: $SIGNATURE"\
-d "{ \"startDateTime\": $(expr $TIMESTAMP - 1800000), \"endDateTime\": $TIMESTAMP, \"page\": 1, \"countPerPage\": 100 }" https://securitymonitoring.apigw.gov-ntruss.com/vsecuritymonitoring/v1/getWAFList`
echo $result
아 배고파