3 réponses
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
I find Athena the best way to query CloudTrail logs. See the AWS Docs for how to set this up from the CloudTrail console: https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html#create-cloudtrail-table-ct
répondu il y a 2 ans
0
If you are also outputting CloudTrail logs to cloudwatch logs, you can use log insights to search in a similar way to grep.
fields @timestamp, @message, @logStream, @log
| filter @message like /AccessDenied/
| sort @timestamp desc
| limit 20
0
Search only errors and output only chosen fields:
aws cloudtrail lookup-events --output text --region eu-central-1 --start-time 2023-03-21T09:00Z --end-time 2023-03-21T10:00Z --query 'Events[].CloudTrailEvent' | jq -r ' . | select(.errorCode != null) | [.eventTime,.eventID,.eventName,.errorCode,.errorMessage] | @csv'
in a fixed time interval.
répondu il y a 2 ans
Contenus pertinents
- demandé il y a 2 ans
- demandé il y a 9 mois
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 4 ans
- AWS OFFICIELA mis à jour il y a 3 ans
I will try but I'm more comfortable with CLI tools, like AWS CLI, jq, grep, etc