本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
Transfer Family 的 CloudWatch 日誌結構
本主題說明 Transfer Family 日誌中填入的欄位:適用於 JSON 結構化日誌項目和舊版日誌項目。
Transfer Family 的 JSON 結構化日誌
下表包含 Transfer Family SFTP/FTP/FTPS 動作的日誌項目欄位詳細資訊,採用新的 JSON 結構化日誌格式。
| 欄位 | 描述 | 項目範例 |
|---|---|---|
| activity-type | The action by the user | 可用的活動類型如下: |
| bytes-in | Number of bytes uploaded by the user | 29238420042 |
| bytes-out | Number of bytes downloaded by the user | 23094032490328 |
| ciphers | Specifies the SSH cipher negotiated for the connection (available ciphers are listed in 密碼編譯演算法) | aes256-gcm@openssh.com |
| client | The user's client software | SSH-2.0-OpenSSH_7.4 |
| home-dir | The directory that the end user lands on when they connect to the
endpoint if their home directory type is PATH: if they have a
logical home directory, this value is always / |
/user-home-bucket/test |
| kex | Specifies the negotiated SSH key exchange (KEX) for the connection (available KEX are listed in 密碼編譯演算法) | diffie-hellman-group14-sha256 |
| message | Provides more information related to the error | <字串> |
| method | The authentication method | publickey |
| mode | Specifies how a client opens a file | CREATE | TRUNCATE | WRITE |
| operation | The client operation on a file | OPEN | CLOSE |
| path | Actual file path affected | /amzn-s3-demo-bucket/test-file-1.pdf |
| ssh-public-key | The public key body for the user that is connecting | AAAAC3NzaC1lZDI1NTE5AAAAIA9OY0qV6XYVHaaOiWAcj2spDJVbgjrqDPY4pxd6GnHl |
| ssh-public-key-fingerprint | 列出使用者金鑰時,服務受管使用者在主控台中顯示的公有金鑰指紋。 注意在 主控台中,指紋會以填充字元 (如果有的話) 顯示:從 0 到 3 等號 (=) 結尾。在日誌項目中,此填充會從輸出分割。 |
SHA256:BY3gNMHwTfjd4n2VuT4pTyLOk82zWZj4KEYEu7y4r/0 |
| ssh-public-key-type | Type of public key: Transfer Family supports RSA-, ECDSA-, and ED25519-formatted keys | ssh-ed25519 |
| resource-arn | A system-assigned, unique identifier for a specific resource (for example, a server) |
arn:aws:transfer:ap-northeast-1:12346789012:server/s-1234567890akeu2js2 |
| role | The IAM role of the user |
arn:aws:iam::0293883675:role/testuser-role |
| session-id | A system-assigned, unique identifier for a single session |
9ca9a0e1cec6ad9d |
| source-ip | Client IP address | 18.323.0.129 |
| user | The end user's username | myname192 |
| user-policy | The permissions specified for the end user: this field is populated if the user's policy is a session policy. | The JSON code for the session policy that is being used |
Transfer Family 的舊版日誌
下表包含各種 Transfer Family 動作的日誌項目詳細資訊。
注意
這些項目不是新的 JSON 結構化日誌格式。
下表包含各種 Transfer Family 動作的日誌項目詳細資訊,採用新的 JSON 結構化日誌格式。
| 動作 | Amazon CloudWatch Logs 中的對應日誌 |
|---|---|
| 身分驗證失敗 |
ERRORS AUTH_FAILURE Method=publickey User=lhr Message="RSA SHA256:Lfz3R2nmLY4raK+b7Rb1rSvUIbAE+a+Hxg0c7l1JIZ0" SourceIP=3.8.172.211 |
| COPY/TAG/DELETE/DECRYPT 工作流程 |
{"type":"StepStarted","details":{"input":{"fileLocation":{"backingStore":"EFS","filesystemId":"fs-12345678","path":"/lhr/regex.py"}},"stepType":"TAG","stepName":"successful_tag_step"},"workflowId":"w-1111aaaa222bb3","executionId":"81234abcd-1234-efgh-5678-ijklmnopqr90","transferDetails":{serverId":"s-124abcd55"user."sessionId1234567890 |
| 自訂步驟工作流程 |
{"type":"CustomStepInvoked","details":{"output":{"token":"MzM4Mjg5YWUtYTEzMy00YjIzLWI3OGMtYzU4OGI2ZjQyMzE5"},"stepType":"CUSTOM","stepName":"efs-s3_copy_2"},"workflowId":"w-9283e49d3297c3f7","executionId":"1234abcd-1234-efgh-5678-ijklmnopr90","transferDetails:{1"serverId"1."sessionId1234567890 |
| 刪除 |
lhr.33a8fb495ffb383b DELETE Path=/bucket/user/123.jpg |
| 下載 |
lhr.33a8fb495ffb383b OPEN Path=/bucket/user/123.jpg Mode=READ llhr.33a8fb495ffb383b CLOSE Path=/bucket/user/123.jpg BytesOut=3618546 |
| 登入/登出 |
user.914984e553bcddb6 CONNECTED SourceIP=1.22.111.222 User=lhr HomeDir=LOGICAL Client=SSH-2.0-OpenSSH_7.4 Role=arn:aws::iam::123456789012:role/sftp-s3-access user.914984e553bcddb6 DISCONNECTED |
| 重新命名 |
lhr.33a8fb495ffb383b RENAME Path=/bucket/user/lambo.png NewPath=/bucket/user/ferrari.png |
| 工作流程錯誤日誌範例 |
{"type":"StepErrored","details":{"errorType":"BAD_REQUEST","errorMessage":"Cannot tag Efs file","stepType":"TAG","stepName":"successful_tag_step"},"workflowId":"w-1234abcd5678efghi","executionId":"81234abcd-1234-efgh-5678-ijklmnopqr90","transferDetails":{"serverId":"s-1234abcd5678efghi","username":"ldefchr"":"1234567890sessionId:" |
| Symlinks |
lhr.eb49cf7b8651e6d5 CREATE_SYMLINK LinkPath=/fs-12345678/lhr/pqr.jpg TargetPath=abc.jpg |
| 上傳 |
lhr.33a8fb495ffb383b OPEN Path=/bucket/user/123.jpg Mode=CREATE|TRUNCATE|WRITE lhr.33a8fb495ffb383b CLOSE Path=/bucket/user/123.jpg BytesIn=3618546 |
| 工作流程 |
{"type":"ExecutionStarted","details":{"input":{"initialFileLocation":{"backingStore":"EFS","filesystemId":"fs-12345678","path":"/lhr/regex.py"}}},"workflowId":"w-1111aaa222bb3","executionId":"1234abcd-1234-efgh-5678-ijklmnopqr90","transferDetails":{"serverId":"szz-zz111aaa2223","username"lhr":"sessionId":1234567890 {"type":"StepStarted","details":{"input":{"fileLocation":{"backingStore":"EFS","filesystemId":"fs-12345678","path":"/lhr/regex.py"}},"stepType":"CUSTOM","stepName":"efs-s3_copy_2"},"workflowId":"w-9283e49d3297c3f7","executionId":"1234abcd-1234-efgh-5678-ijklmnopr90","transferDetails":{"serverId"s-189db49d2"sessionId1234567890 |
