REDConnectionEvents 表的查询
经过身份验证的唯一 Redis 客户端 IP 地址
已成功对缓存进行身份验证的唯一 Redis 客户端 IP 地址。
REDConnectionEvents
// https://docs.redis.com/latest/rs/security/audit-events/#status-result-codes
// EventStatus :
// 0 AUTHENTICATION_FAILED - Invalid username and/or password.
// 1 AUTHENTICATION_FAILED_TOO_LONG - Username or password are too long.
// 2 AUTHENTICATION_NOT_REQUIRED - Client tried to authenticate, but authentication isn’t necessary.
// 3 AUTHENTICATION_DIRECTORY_PENDING - Attempting to receive authentication info from the directory in async mode.
// 4 AUTHENTICATION_DIRECTORY_ERROR - Authentication attempt failed because there was a directory connection error.
// 5 AUTHENTICATION_SYNCER_IN_PROGRESS - Syncer SASL handshake. Return SASL response and wait for the next request.
// 6 AUTHENTICATION_SYNCER_FAILED - Syncer SASL handshake. Returned SASL response and closed the connection.
// 7 AUTHENTICATION_SYNCER_OK - Syncer authenticated. Returned SASL response.
// 8 AUTHENTICATION_OK - Client successfully authenticated.
| where EventType == "auth" and EventStatus == 2 or EventStatus == 8 or EventStatus == 7
| summarize count() by ClientIp
每小时 Redis 客户端身份验证请求数
指定的 IP 地址范围内每小时的 Redis 客户端身份验证请求数。 包括成功和不成功的请求。
REDConnectionEvents
| extend EventTime = unixtime_seconds_todatetime(EventEpochTime)
// For particular datetime filtering, add '| where EventTime between (StartTime .. EndTime)'
// For particular IP range filtering, add '| where ipv4_is_in_range(ClientIp, IpRange)'
// IP range can be defined like this 'let IpRange = "10.1.1.0/24";' at the top of query.
| where EventType == "auth"
| summarize AuthencationRequestsCount = count() by TimeRange = bin(EventTime, 1h)
每小时 Redis 客户端连接数
指定的 IP 地址范围内每小时的 Redis 客户端连接数。
REDConnectionEvents
// For particular datetime filtering, add '| where EventTime between (StartTime .. EndTime)'
// For particular IP range filtering, add '| where ipv4_is_in_range(ClientIp, IpRange)'
// IP range can be defined like this 'let IpRange = "10.1.1.0/24";' at the top of query.
| extend EventTime = unixtime_seconds_todatetime(EventEpochTime)
| where EventType == "new_conn"
| summarize ConnectionCount = count() by TimeRange = bin(EventTime, 1h)
每小时的 Redis 客户端断开连接次数
指定的 IP 地址范围内每小时的 Redis 客户端断开连接次数。
REDConnectionEvents
// For particular datetime filtering, add '| where EventTime between (StartTime .. EndTime)'
// For particular IP range filtering, add '| where ipv4_is_in_range(ClientIp, IpRange)'
// IP range can be defined like this 'let IpRange = "10.1.1.0/24";' at the top of query.
| extend EventTime = unixtime_seconds_todatetime(EventEpochTime)
| where EventType == "close_conn"
| summarize DisconnectionCount = count() by TimeRange = bin(EventTime, 1h)
Redis 缓存上的身份验证尝试失败
Redis 缓存上的身份验证尝试失败。
REDConnectionEvents
// https://docs.redis.com/latest/rs/security/audit-events/#status-result-codes
// EventStatus :
// 0 AUTHENTICATION_FAILED - Invalid username and/or password.
// 1 AUTHENTICATION_FAILED_TOO_LONG - Username or password are too long.
// 2 AUTHENTICATION_NOT_REQUIRED - Client tried to authenticate, but authentication isn’t necessary.
// 3 AUTHENTICATION_DIRECTORY_PENDING - Attempting to receive authentication info from the directory in async mode.
// 4 AUTHENTICATION_DIRECTORY_ERROR - Authentication attempt failed because there was a directory connection error.
// 5 AUTHENTICATION_SYNCER_IN_PROGRESS - Syncer SASL handshake. Return SASL response and wait for the next request.
// 6 AUTHENTICATION_SYNCER_FAILED - Syncer SASL handshake. Returned SASL response and closed the connection.
// 7 AUTHENTICATION_SYNCER_OK - Syncer authenticated. Returned SASL response.
// 8 AUTHENTICATION_OK - Client successfully authenticated.
| where EventType == "auth" and EventStatus != 2 and EventStatus != 8 and EventStatus != 7
| project ClientIp, EventStatus, ConnectionId
反馈
https://aka.ms/ContentUserFeedback。
即将发布:在整个 2024 年,我们将逐步淘汰作为内容反馈机制的“GitHub 问题”,并将其取代为新的反馈系统。 有关详细信息,请参阅:提交和查看相关反馈