CloudWatch 日志条目示例 - Amazon Transfer Family
传输会话日志条目示例SFTP 连接器的日志条目示例密钥交换算法失败的日志条目示例
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

CloudWatch 日志条目示例

本主题介绍示例日志条目。

传输会话日志条目示例

在此示例中,SFTP 用户连接到 Transfer Family 服务器,上传文件,然后断开与会话的连接。

以下日志条目反映了连接到 Transfer Family 服务器的 SFTP 用户。

{
   "role": "arn:aws:iam::500655546075:role/transfer-s3",
   "activity-type": "CONNECTED",
   "ciphers": "chacha20-poly1305@openssh.com,chacha20-poly1305@openssh.com",
   "client": "SSH-2.0-OpenSSH_7.4",
   "source-ip": "52.94.133.133",
   "resource-arn": "arn:aws:transfer:us-east-1:500655546075:server/s-3fe215d89f074ed2a",
   "home-dir": "/test/log-me",
   "ssh-public-key": "AAAAC3NzaC1lZDI1NTE5AAAAIA9OY0qV6XYVHaaOiWAcj2spDJVbgjrqDPY4pxd6GnHl",
   "ssh-public-key-fingerprint": "SHA256:BY3gNMHwTfjd4n2VuT4pTyLOk82zWZj4KEYEu7y4r/0",
   "ssh-public-key-type": "ssh-ed25519",
   "user": "log-me",
   "kex": "ecdh-sha2-nistp256",
   "session-id": "9ca9a0e1cec6ad9d"
}

以下日志条目反映了 SFTP 用户将文件上传到其 Amazon S3 存储桶的情况。

{
   "mode": "CREATE|TRUNCATE|WRITE",
   "path": "/test/log-me/config-file",
   "activity-type": "OPEN",
   "resource-arn": "arn:aws:transfer:us-east-1:500655546075:server/s-3fe215d89f074ed2a",
   "session-id": "9ca9a0e1cec6ad9d"
}

以下日志条目反映了 SFTP 用户与其 SFTP 会话断开连接的情况。首先,客户端关闭与存储桶的连接,然后断开 SFTP 会话。

{
   "path": "/test/log-me/config-file",
   "activity-type": "CLOSE",
   "resource-arn": "arn:aws:transfer:us-east-1:500655546075:server/s-3fe215d89f074ed2a",
   "bytes-in": "121",
   "session-id": "9ca9a0e1cec6ad9d"
}

{
   "activity-type": "DISCONNECTED",
   "resource-arn": "arn:aws:transfer:us-east-1:500655546075:server/s-3fe215d89f074ed2a",
   "session-id": "9ca9a0e1cec6ad9d"
}
注意

可用的活动类型如下:AUTH_FAILURE、、、、、CONNECTEDDISCONNECTEDERROREXIT_REASONCLOSE、、CREATE_SYMLINKDELETEMKDIROPENPARTIAL_CLOSERENAME、、RMDIRSETSTATTLS_RESUME_FAILURE

SFTP 连接器的日志条目示例

本节包含成功和不成功传输的示例日志。日志生成到名为的日志组/aws/transfer/connector-id,其中connector-id是 SFTP 连接器的标识符。SFTP 连接器的日志条目是在您运行StartFileTransferStartDirectoryListing命令时生成的。

此日志条目适用于成功完成的传输。

{
    "operation": "RETRIEVE",
    "timestamp": "2023-10-25T16:33:27.373720Z",
    "connector-id": "connector-id",
    "transfer-id": "transfer-id",
    "file-transfer-id": "transfer-id/file-transfer-id",
    "url": "sftp://192.0.2.0",
    "file-path": "/remotebucket/remotefilepath",
    "status-code": "COMPLETED",
    "start-time": "2023-10-25T16:33:26.945481Z",
    "end-time": "2023-10-25T16:33:27.159823Z",
    "account-id": "480351544584",
    "connector-arn": "arn:aws:transfer:us-east-1:account-id:connector/connector-id",
    "local-directory-path": "/connectors-localbucket"
    "bytes": 514
}

此日志条目适用于超时但未成功完成的传输。

{
    "operation": "RETRIEVE",
    "timestamp": "2023-10-25T22:33:47.625703Z",
    "connector-id": "connector-id",
    "transfer-id": "transfer-id",
    "file-transfer-id": "transfer-id/file-transfer-id",
    "url": "sftp://192.0.2.0",
    "file-path": "/remotebucket/remotefilepath",
    "status-code": "FAILED",
    "failure-code": "TIMEOUT_ERROR",
    "failure-message": "Transfer request timeout.",
    "account-id": "480351544584",
    "connector-arn": "arn:aws:transfer:us-east-1:account-id:connector/connector-id",
    "local-directory-path": "/connectors-localbucket"
}

此日志条目用于成功执行的 SEND 操作。

{
    "operation": "SEND",
    "timestamp": "2024-04-24T18:16:12.513207284Z",
    "connector-id": "connector-id",
    "transfer-id": "transfer-id",
    "file-transfer-id": "transfer-id/file-transfer-id",
    "url": "sftp://server-id.server.transfer.us-east-1.amazonaws.com",
    "file-path": "/amzn-s3-demo-bucket/my-test-folder/connector-metrics-us-east-1-2024-01-02.csv",
    "status-code": "COMPLETED",
    "start-time": "2024-04-24T18:16:12.295235884Z",
    "end-time": "2024-04-24T18:16:12.461840732Z",
    "account-id": "255443218509",
    "connector-arn": "arn:aws:transfer:us-east-1:account-id:connector/connector-id",
    "bytes": 275
}

前面日志示例中一些关键字段的描述。

  • timestamp表示何时将日志添加到 CloudWatch。 start-timeend-time对应于连接器实际开始和完成传输的时间。

  • transfer-id是为每个start-file-transfer请求分配的唯一标识符。如果用户在单个 start-file-transfer API 操作中传递多个文件路径,则所有文件共享相同的路径transfer-id

  • file-transfer-id是为每个传输的文件生成的唯一值。请注意,的初始file-transfer-id部分与相同transfer-id

密钥交换算法失败的日志条目示例

本节包含密钥交换算法 (KEX) 失败的示例日志。这些是结构化日志的 ER RO RS 日志流中的示例。

此日志条目是存在主机密钥类型错误的示例。

{
    "activity-type": "KEX_FAILURE",
    "source-ip": "999.999.999.999",
    "resource-arn": "arn:aws:transfer:us-east-1:999999999999:server/s-999999999999999999",
    "message": "no matching host key type found",
    "kex": "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss"
}

此日志条目是 KEX 不匹配的示例。

{
    "activity-type": "KEX_FAILURE",
    "source-ip": "999.999.999.999",
    "resource-arn": "arn:aws:transfer:us-east-1:999999999999:server/s-999999999999999999",
    "message": "no matching key exchange method found",
    "kex": "diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256"
}