3 回答
- 最新
- 投票最多
- 评论最多
0
I find Athena the best way to query CloudTrail logs. See the AWS Docs for how to set this up from the CloudTrail console: https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html#create-cloudtrail-table-ct
已回答 2 年前
0
If you are also outputting CloudTrail logs to cloudwatch logs, you can use log insights to search in a similar way to grep.
fields @timestamp, @message, @logStream, @log
| filter @message like /AccessDenied/
| sort @timestamp desc
| limit 20
0
Search only errors and output only chosen fields:
aws cloudtrail lookup-events --output text --region eu-central-1 --start-time 2023-03-21T09:00Z --end-time 2023-03-21T10:00Z --query 'Events[].CloudTrailEvent' | jq -r ' . | select(.errorCode != null) | [.eventTime,.eventID,.eventName,.errorCode,.errorMessage] | @csv'
in a fixed time interval.
已回答 2 年前
相关内容
- AWS 官方已更新 3 年前
- AWS 官方已更新 3 年前
- AWS 官方已更新 2 年前
I will try but I'm more comfortable with CLI tools, like AWS CLI, jq, grep, etc