本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
CloudWatch Transfer Family 的日志结构
本主题介绍了 Transfer Family 日志中填充的字段:包括 JSON 结构化日志条目和旧日志条目。
Transfer Family 的 JSON 结构化
下表详细介绍了采用新的 JSON 结构化日志格式的 Transfer Family SFTP/FTP/FTPS 操作的日志条目字段。
| 字段 | 描述 | 示例条目 |
|---|---|---|
| activity-type | The action by the user |
打开 | 关闭 | 部分关闭 | 已断开连接 | 已连接 |
| bytes-in | Number of bytes uploaded by the user | 29238420042 |
| bytes-out | Number of bytes downloaded by the user | 23094032490328 |
| ciphers | Specifies the SSH cipher negotiated for the connection (available ciphers are listed in 加密算法) | aes256-gcm@openssh.com |
| client | The user's client software | SSH-2.0-OpenSSH_7.4 |
| home-dir | The directory that the end user lands on when they connect to the
endpoint if their home directory type is 路径: if they have a
logical home directory, this value is always / |
/user-home-bucket/test |
| kex | Specifies the negotiated SSH key exchange (KEX) for the connection (available KEX are listed in 加密算法) | diffie-hellman-group14-sha256 |
| message | Provides more information related to the error | <string> |
| method | The authentication method | publickey |
| mode | Specifies how a client opens a file | CREATE | TRUNCATE | WRITE |
| operation | The client operation on a file | OPEN | CLOSE |
| path | Actual file path affected | /user-test-bucket/test-file-1.pdf |
| resource-arn | A system-assigned, unique identifier for a specific resource (for example, a server) |
arn: aws: transfer: ap-northeast-1:12346789012: server/s-1234567890akeu2js2 |
| role | The IAM role of the user |
arn: aws: iam:: 0293883675: 角色/测试用户角色 |
| session-id | A system-assigned, unique identifier for a single session |
9ca9a0e1cec6ad9d |
| source-ip | Client IP address | 18.323.0.129 |
| user | The end user's username | myname192 |
| user-policy | The permissions specified for the end user: this field is populated if the user's policy is a session policy. | The JSON code for the session policy that is being used |
Transfer Family 的旧日志
下表包含各种 Transfer Family 操作的日志条目的详细信息。
注意
这些条目不是采用新的 JSON 结构化日志格式。
下表以新的 JSON 结构化日志格式包含各种 Transfer Family 操作的日志条目的详细信息。
| 操作 | Amazon 日志中的相应 CloudWatch 日志 |
|---|---|
| 身份验证失败次数 |
ERRORS AUTH_FAILURE Method=publickey User=lhr Message="RSA SHA256:Lfz3R2nmLY4raK+b7Rb1rSvUIbAE+a+Hxg0c7l1JIZ0" SourceIP=3.8.172.211 |
| 复制/标记/删除/解密工作流程 |
{“type”:” “,” details”:{“input”:{StepStarted“fileLocation”:{“backingStore”: “EFS”、“Filesystemid”: “fs-12345678”、“path”:” /lhr/regex.py “}”}、“stepType”: “TAG”、“stepName”: “successful_tag_step”}、“workflowID”: “workflowID”: “workflowID”: “workflowID”: “workflowID”: “workF11aaaa2222bbb3"、“executionID”: “81234abcd-1234-efgh-5678-ijklmnopqr90"、“TransferDetails”: {“serverID”: “s-1234abcdef5678efghi”、“用户名”: “lhr”、“sessionID”: “1234567890abcdef0"}} |
| 自定义步骤工作流程 |
{“type”:” “,” details”:{“输出”:{CustomStepInvoked“token”: “mzm4mjg5ywutyt EzMy 00 YjIz LWI3OG MtYz U4OGI2 ZjQyMz E5"}、“stepType”: “CUSTOM”、“stepName”: “efs-s3_copy_2"}、“workflowID”: “w-9283e49d33297c3f7"、“executionID”: “w-9283e49d33297c3f7”: “1234abcd-1234-efgh-5678-ijklmnopqr90",“TransferDetails”:{“serverID”: “s-zzzz11aaaa222223"、“用户名”: “lhr”、“sessionID”: “1234567890abcdef0"}} |
| 删除 |
lhr.33a8fb495ffb383b DELETE Path=/bucket/user/123.jpg |
| Downloads |
lhr.33a8fb495ffb383b OPEN Path=/bucket/user/123.jpg Mode=READ llhr.33a8fb495ffb383b CLOSE path=/bucket/user/123.jpg =3618546 BytesOut |
| 登录/登出 |
user.914984e553bcddb6 CONNECTED SourceIP=1.22.111.222 user=LOGICAL client=ssh-2.0-openssh_7.4 role=arn: aws:: iam:: 123456789012: role/sftp-s3-access HomeDir user.914984e553bcddb6 DISCONNECTED |
| 重命名 |
lhr.33a8fb495ffb383b 重命名路径=/bucket/user/lambo.png =/bucket/user/ferrari.png =/bucket/user/ferrari. NewPath |
| 工作流程错误日志示例 |
{“type”:” “,” details”:{“errorType”:StepErrored“BAD_REQUEST”,“ErrorMessage”:“无法标记 Efs 文件”,“stepType”:“TAG”,“stepName”:“successful_tag_step”},“w-1234abcd5678efghi”,“executionID”:“81234abcd5678efghi”:“81234abcd5678efghi”:“81234abcd5678efghi”:“8cd-1234-efgh-5678-ijklmnopqr90",“TransferDetails”:{“serverID”: “s-1234abcd5678efghi”、“用户名”: “lhr”、“sessionID”: “1234567890abcdef0"}} |
| symlinks |
lhr.eb49cf7b8651e6d5 CREATE_SYMLINK =/fs-12345678/lhr/pqr.jpg =abc.jpg =abc.jpg LinkPath TargetPath |
| Uploads |
lhr.33a8fb495ffb383b OPEN Path=/bucket/user/123.jpg Mode=CREATE|TRUNCATE|WRITE lhr.33a8fb495ffb383b CLOSE path=/bucket/user/123.jpg =3618546 BytesIn |
| 工作流 |
{“type”:” “,” details”:{“input”:{ExecutionStarted“backingStore”: “EFS”、“Filesystemid”: “fs-12345678”、“path”:” /lhr/regex.py “}}}、initialFileLocation “workflowID”: “w-1111aaaa2222bbbb3”、“executionID”: “1234abcd-1234-efbbid”: “w-11aaaa2222bbbb3”、“executionID”: “1234abcd-1234-efbbid”: “w-11aaaa22gh-5678-ijklmnopqr90",“TransferDetails”:{“serverID”: “s-zzzz1111aaaa222223"、“用户名”: “lhr”、“sessionID”: “1234567890abcdef0"}} {“type”:” “,” details”:{“input”:{StepStarted“fileLocation”:{“backingStore”: “EFS”、“Filesystemid”: “fs-12345678”、“path”:” /lhr/regex.py “}}、“stepType”: “CUSTOM”、“stepName”: “efs-s3_copy_2"}、“workflowID”: “workflowID”: “workflowID”: “workflowID”: “9283e49d33297c3f7"、“executionID”: “1234abcd-1234-efgh-5678-ijklmnopqr90"、“TransferDetails”: {“serverID”: “s-18ca49dce5d842e0b”、“用户名”: “lhr”、“sessionID”: “1234567890abb”、“用户名”: “lhr”、“sessionID”: “1234567890aba” cdef0"}} |