View a markdown version of this page

搜尋 AWS 傳輸閘道流量日誌記錄 - Amazon VPC

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

搜尋 AWS 傳輸閘道流量日誌記錄

您可以使用 CloudWatch Logs 主控台,搜尋發佈至 CloudWatch Logs 的流量日誌記錄。您可以使用指標篩選條件來篩選流量日誌記錄。流量日誌記錄是以空格分隔。

使用 CloudWatch Logs 主控台搜尋流量日誌記錄

  1. https://console.aws.amazon.com/cloudwatch/ 開啟 CloudWatch 主控台。

  2. 在導覽窗格中,選擇 Logs (日誌),然後選擇 Log groups (日誌群組)。

  3. 選取包含您流量日誌的日誌群組。隨即顯示每個傳輸閘道日誌串流的清單。

  4. 如果您知道要搜尋的傳輸閘道,請選取個別日誌串流。或者,選擇 Search Log Group (搜尋日誌群組) 以搜尋整個日誌群組。如果您的日誌群組中有許多傳輸閘道,這可能需要一些時間,視您選取的時間範圍而定。

  5. 對於 Filter events (篩選事件),請輸入下列字串。這會假設流量日誌記錄使用預設格式

    [version, resource_type, account_id,tgw_id, tgw_attachment_id, tgw_src_vpc_account_id, tgw_dst_vpc_account_id, tgw_src_vpc_id, tgw_dst_vpc_id, tgw_src_subnet_id, tgw_dst_subnet_id, tgw_src_eni, tgw_dst_eni, tgw_src_az_id, tgw_dst_az_id, tgw_pair_attachment_id, srcaddr, dstaddr, srcport, dstport, protocol, packets, bytes,start,end, log_status, type,packets_lost_no_route, packets_lost_blackhole, packets_lost_mtu_exceeded, packets_lost_ttl_expired, tcp_flags,region, flow_direction, pkt_src_aws_service, pkt_dst_aws_service]

  6. 根據需要透過指定欄位值來修改篩選條件。下列範例會依特定來源 IP 地址進行篩選。

    [version, resource_type, account_id,tgw_id, tgw_attachment_id, tgw_src_vpc_account_id, tgw_dst_vpc_account_id, tgw_src_vpc_id, tgw_dst_vpc_id, tgw_src_subnet_id, tgw_dst_subnet_id, tgw_src_eni, tgw_dst_eni, tgw_src_az_id, tgw_dst_az_id, tgw_pair_attachment_id, srcaddr= 10.0.0.1, dstaddr, srcport, dstport, protocol, packets, bytes,start,end, log_status, type,packets_lost_no_route, packets_lost_blackhole, packets_lost_mtu_exceeded, packets_lost_ttl_expired, tcp_flags,region, flow_direction, pkt_src_aws_service, pkt_dst_aws_service]
[version, resource_type, account_id,tgw_id, tgw_attachment_id, tgw_src_vpc_account_id, tgw_dst_vpc_account_id, tgw_src_vpc_id, tgw_dst_vpc_id, tgw_src_subnet_id, tgw_dst_subnet_id, tgw_src_eni, tgw_dst_eni, tgw_src_az_id, tgw_dst_az_id, tgw_pair_attachment_id, srcaddr= 10.0.2.*, dstaddr, srcport, dstport, protocol, packets, bytes,start,end, log_status, type,packets_lost_no_route, packets_lost_blackhole, packets_lost_mtu_exceeded, packets_lost_ttl_expired, tcp_flags,region, flow_direction, pkt_src_aws_service, pkt_dst_aws_service]

    下列範例會依傳輸閘道識別碼 tgw-123abc456bca、目的地連接埠和位元組數進行篩選。

    [version, resource_type, account_id,tgw_id=tgw-123abc456bca, tgw_attachment_id, tgw_src_vpc_account_id, tgw_dst_vpc_account_id, tgw_src_vpc_id, tgw_dst_vpc_id, tgw_src_subnet_id, tgw_dst_subnet_id, tgw_src_eni, tgw_dst_eni, tgw_src_az_id, tgw_dst_az_id, tgw_pair_attachment_id, srcaddr, dstaddr, srcport, dstport = 80 || dstport = 8080, protocol, packets, bytes >= 500,start,end, log_status, type,packets_lost_no_route, packets_lost_blackhole, packets_lost_mtu_exceeded, packets_lost_ttl_expired, tcp_flags,region, flow_direction, pkt_src_aws_service, pkt_dst_aws_service]