3 Respostas
- Mais recentes
- Mais votos
- Mais comentários
0
I find Athena the best way to query CloudTrail logs. See the AWS Docs for how to set this up from the CloudTrail console: https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html#create-cloudtrail-table-ct
respondido há 2 anos
0
If you are also outputting CloudTrail logs to cloudwatch logs, you can use log insights to search in a similar way to grep.
fields @timestamp, @message, @logStream, @log
| filter @message like /AccessDenied/
| sort @timestamp desc
| limit 20
0
Search only errors and output only chosen fields:
aws cloudtrail lookup-events --output text --region eu-central-1 --start-time 2023-03-21T09:00Z --end-time 2023-03-21T10:00Z --query 'Events[].CloudTrailEvent' | jq -r ' . | select(.errorCode != null) | [.eventTime,.eventID,.eventName,.errorCode,.errorMessage] | @csv'
in a fixed time interval.
respondido há 2 anos
Conteúdo relevante
- AWS OFICIALAtualizada há 3 anos
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há 3 anos
I will try but I'm more comfortable with CLI tools, like AWS CLI, jq, grep, etc