CloudWatch Transfer Family 的日志结构 - Amazon Transfer Family
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

CloudWatch Transfer Family 的日志结构

本主题介绍了 Transfer Family 日志中填充的字段:包括 JSON 结构化日志条目和旧日志条目。

Transfer Family 的 JSON 结构化

下表详细介绍了采用新的 JSON 结构化日志格式的 Transfer Family SFTP/FTP/FTPS 操作的日志条目字段。

字段 描述 示例条目
activity-type The action by the user

打开 | 关闭 | 部分关闭 | 已断开连接 | 已连接

bytes-in Number of bytes uploaded by the user 29238420042
bytes-out Number of bytes downloaded by the user 23094032490328
ciphers Specifies the SSH cipher negotiated for the connection (available ciphers are listed in 加密算法) aes256-gcm@openssh.com
client The user's client software SSH-2.0-OpenSSH_7.4
home-dir The directory that the end user lands on when they connect to the endpoint if their home directory type is 路径: if they have a logical home directory, this value is always / /user-home-bucket/test
kex Specifies the negotiated SSH key exchange (KEX) for the connection (available KEX are listed in 加密算法) diffie-hellman-group14-sha256
message Provides more information related to the error <string>
method The authentication method publickey
mode Specifies how a client opens a file CREATE | TRUNCATE | WRITE
operation The client operation on a file OPEN | CLOSE
path Actual file path affected /user-test-bucket/test-file-1.pdf
resource-arn A system-assigned, unique identifier for a specific resource (for example, a server)

arn: aws: transfer: ap-northeast-1:12346789012: server/s-1234567890akeu2js2

role The IAM role of the user

arn: aws: iam:: 0293883675: 角色/测试用户角色

session-id A system-assigned, unique identifier for a single session

9ca9a0e1cec6ad9d

source-ip Client IP address 18.323.0.129
user The end user's username myname192
user-policy The permissions specified for the end user: this field is populated if the user's policy is a session policy. The JSON code for the session policy that is being used

Transfer Family 的旧日志

下表包含各种 Transfer Family 操作的日志条目的详细信息。

注意

这些条目不是采用新的 JSON 结构化日志格式。

下表以新的 JSON 结构化日志格式包含各种 Transfer Family 操作的日志条目的详细信息。

操作 Amazon 日志中的相应 CloudWatch 日志
身份验证失败次数

ERRORS AUTH_FAILURE Method=publickey User=lhr Message="RSA SHA256:Lfz3R2nmLY4raK+b7Rb1rSvUIbAE+a+Hxg0c7l1JIZ0" SourceIP=3.8.172.211

复制/标记/删除/解密工作流程

{“type”:” “,” details”:{“input”:{StepStarted“fileLocation”:{“backingStore”: “EFS”、“Filesystemid”: “fs-12345678”、“path”:” /lhr/regex.py “}”}、“stepType”: “TAG”、“stepName”: “successful_tag_step”}、“workflowID”: “workflowID”: “workflowID”: “workflowID”: “workflowID”: “workF11aaaa2222bbb3"、“executionID”: “81234abcd-1234-efgh-5678-ijklmnopqr90"、“TransferDetails”: {“serverID”: “s-1234abcdef5678efghi”、“用户名”: “lhr”、“sessionID”: “1234567890abcdef0"}}

自定义步骤工作流程

{“type”:” “,” details”:{“输出”:{CustomStepInvoked“token”: “mzm4mjg5ywutyt EzMy 00 YjIz LWI3OG MtYz U4OGI2 ZjQyMz E5"}、“stepType”: “CUSTOM”、“stepName”: “efs-s3_copy_2"}、“workflowID”: “w-9283e49d33297c3f7"、“executionID”: “w-9283e49d33297c3f7”: “1234abcd-1234-efgh-5678-ijklmnopqr90",“TransferDetails”:{“serverID”: “s-zzzz11aaaa222223"、“用户名”: “lhr”、“sessionID”: “1234567890abcdef0"}}

删除

lhr.33a8fb495ffb383b DELETE Path=/bucket/user/123.jpg

Downloads

lhr.33a8fb495ffb383b OPEN Path=/bucket/user/123.jpg Mode=READ

llhr.33a8fb495ffb383b CLOSE path=/bucket/user/123.jpg =3618546 BytesOut

登录/登出

user.914984e553bcddb6 CONNECTED SourceIP=1.22.111.222 user=LOGICAL client=ssh-2.0-openssh_7.4 role=arn: aws:: iam:: 123456789012: role/sftp-s3-access HomeDir

user.914984e553bcddb6 DISCONNECTED

重命名

lhr.33a8fb495ffb383b 重命名路径=/bucket/user/lambo.png =/bucket/user/ferrari.png =/bucket/user/ferrari. NewPath

工作流程错误日志示例

{“type”:” “,” details”:{“errorType”:StepErrored“BAD_REQUEST”,“ErrorMessage”:“无法标记 Efs 文件”,“stepType”:“TAG”,“stepName”:“successful_tag_step”},“w-1234abcd5678efghi”,“executionID”:“81234abcd5678efghi”:“81234abcd5678efghi”:“81234abcd5678efghi”:“8cd-1234-efgh-5678-ijklmnopqr90",“TransferDetails”:{“serverID”: “s-1234abcd5678efghi”、“用户名”: “lhr”、“sessionID”: “1234567890abcdef0"}}

symlinks

lhr.eb49cf7b8651e6d5 CREATE_SYMLINK =/fs-12345678/lhr/pqr.jpg =abc.jpg =abc.jpg LinkPath TargetPath

Uploads

lhr.33a8fb495ffb383b OPEN Path=/bucket/user/123.jpg Mode=CREATE|TRUNCATE|WRITE

lhr.33a8fb495ffb383b CLOSE path=/bucket/user/123.jpg =3618546 BytesIn

工作流

{“type”:” “,” details”:{“input”:{ExecutionStarted“backingStore”: “EFS”、“Filesystemid”: “fs-12345678”、“path”:” /lhr/regex.py “}}}、initialFileLocation “workflowID”: “w-1111aaaa2222bbbb3”、“executionID”: “1234abcd-1234-efbbid”: “w-11aaaa2222bbbb3”、“executionID”: “1234abcd-1234-efbbid”: “w-11aaaa22gh-5678-ijklmnopqr90",“TransferDetails”:{“serverID”: “s-zzzz1111aaaa222223"、“用户名”: “lhr”、“sessionID”: “1234567890abcdef0"}}

{“type”:” “,” details”:{“input”:{StepStarted“fileLocation”:{“backingStore”: “EFS”、“Filesystemid”: “fs-12345678”、“path”:” /lhr/regex.py “}}、“stepType”: “CUSTOM”、“stepName”: “efs-s3_copy_2"}、“workflowID”: “workflowID”: “workflowID”: “workflowID”: “9283e49d33297c3f7"、“executionID”: “1234abcd-1234-efgh-5678-ijklmnopqr90"、“TransferDetails”: {“serverID”: “s-18ca49dce5d842e0b”、“用户名”: “lhr”、“sessionID”: “1234567890abb”、“用户名”: “lhr”、“sessionID”: “1234567890aba” cdef0"}}