Downloading your CloudTrail log files - Amazon CloudTrail
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Downloading your CloudTrail log files

Log files are in JSON format. If you have a JSON viewer add-on installed, you can view the files directly in your browser. Double-click the log file name in the bucket to open a new browser window or tab. The JSON displays in a readable format.

CloudTrail log files are Amazon S3 objects. You can use the Amazon S3 console, the Amazon Command Line Interface (CLI), or the Amazon S3 API to retrieve log files.

For more information, see Amazon S3 objects overview in the Amazon Simple Storage Service User Guide.

The following procedure describes how to download a log file with the Amazon Web Services Management Console.

To download and read a log file
  1. Open the Amazon S3 console at https://console.amazonaws.cn/s3/.

  2. Choose the bucket and choose the log file that you want to download.

  3. Choose Download or Download as and follow the prompts to save the file. This saves the file in compressed format.

    Note

    Some browsers, such as Chrome, automatically extract the log file for you. If your browser does this for you, skip to step 5.

  4. Use a product such as 7-Zip to extract the log file.

  5. Open the log file in a text editor such as Notepad++.

For more information about the event fields that can appear in a log file entry, see CloudTrail record contents.

Amazon partners with third-party specialists in logging and analysis to provide solutions that use CloudTrail output. For more information, see Amazon CloudTrail partners.

Note

You can also use the Event history feature to look up events for create, update, and delete API activity during the last 90 days.

For more information, see Working with CloudTrail Event history.