将 DescribeFlowLogs 与 CLI 配合使用 - Amazon Elastic Compute Cloud

DescribeFlowLogs 与 CLI 配合使用

以下代码示例演示如何使用 DescribeFlowLogs

CLI
AWS CLI

示例 1:描述所有流日志

以下 describe-flow-logs 示例显示了所有流日志的详细信息。

aws ec2 describe-flow-logs

输出:

{
    "FlowLogs": [
        {
            "CreationTime": "2018-02-21T13:22:12.644Z",
            "DeliverLogsPermissionArn": "arn:aws:iam::123456789012:role/flow-logs-role",
            "DeliverLogsStatus": "SUCCESS",
            "FlowLogId": "fl-aabbccdd112233445",
            "MaxAggregationInterval": 600,
            "FlowLogStatus": "ACTIVE",
            "LogGroupName": "FlowLogGroup",
            "ResourceId": "subnet-12345678901234567",
            "TrafficType": "ALL",
            "LogDestinationType": "cloud-watch-logs",
            "LogFormat": "${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status}"
        },
        {
            "CreationTime": "2020-02-04T15:22:29.986Z",
            "DeliverLogsStatus": "SUCCESS",
            "FlowLogId": "fl-01234567890123456",
            "MaxAggregationInterval": 60,
            "FlowLogStatus": "ACTIVE",
            "ResourceId": "vpc-00112233445566778",
            "TrafficType": "ACCEPT",
            "LogDestinationType": "s3",
            "LogDestination": "arn:aws:s3:::my-flow-log-bucket/custom",
            "LogFormat": "${version} ${vpc-id} ${subnet-id} ${instance-id} ${interface-id} ${account-id} ${type} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${pkt-srcaddr} ${pkt-dstaddr} ${protocol} ${bytes} ${packets} ${start} ${end} ${action} ${tcp-flags} ${log-status}"
        }
    ]
}

示例 2:描述流日志的子集

以下 describe-flow-logs 示例使用筛选条件仅显示 Amazon CloudWatch Logs 中指定日志组中流日志的详细信息。

aws ec2 describe-flow-logs \
    --filter "Name=log-group-name,Values=MyFlowLogs"

  • 有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 DescribeFlowLogs

PowerShell
Tools for PowerShell V4

示例 1:此示例描述日志目标类型为“s3”的一个或多个流日志

Get-EC2FlowLog -Filter @{Name="log-destination-type";Values="s3"}

输出:

CreationTime             : 2/25/2019 9:07:36 PM
DeliverLogsErrorMessage  :
DeliverLogsPermissionArn :
DeliverLogsStatus        : SUCCESS
FlowLogId                : fl-01b2e3d45f67f8901
FlowLogStatus            : ACTIVE
LogDestination           : arn:aws:s3:::amzn-s3-demo-bucket-dd-tata
LogDestinationType       : s3
LogGroupName             :
ResourceId               : eni-01d2dda3456b7e890
TrafficType              : ALL

  • 有关 API 详细信息,请参阅《AWS Tools for PowerShell Cmdlet 参考(V4)》中的 DescribeFlowLogs

Tools for PowerShell V5

示例 1:此示例描述日志目标类型为“s3”的一个或多个流日志

Get-EC2FlowLog -Filter @{Name="log-destination-type";Values="s3"}

输出:

CreationTime             : 2/25/2019 9:07:36 PM
DeliverLogsErrorMessage  :
DeliverLogsPermissionArn :
DeliverLogsStatus        : SUCCESS
FlowLogId                : fl-01b2e3d45f67f8901
FlowLogStatus            : ACTIVE
LogDestination           : arn:aws:s3:::amzn-s3-demo-bucket-dd-tata
LogDestinationType       : s3
LogGroupName             :
ResourceId               : eni-01d2dda3456b7e890
TrafficType              : ALL

  • 有关 API 详细信息,请参阅《AWS Tools for PowerShell Cmdlet 参考(V5)》中的 DescribeFlowLogs

有关 AWS SDK 开发人员指南和代码示例的完整列表,请参阅 使用 AWS SDK 创建 Amazon EC2 资源。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。