本文介绍了如何通过AWS Management Console和AWS CLI启用AWS CloudTrail来记录用户操作日志。包括创建单区域和多区域追踪、启动和停止日志记录、更新追踪设置以及删除追踪等步骤。
默认,AWS用户的操作没有记录日志,可以使用AWS CloudTrail Console或AWS CLI启用CloudTrail来记录。
AWS CloudTrail Console
登录到AWS Management Console,然后打开CloudTrail console,点击Get Stared Now按钮,填写表单即可。CloudTail将日志保存在S3中,建议使用新的S3 Buket。Advanced中还有log file prefix,log file validation,Amazon SNS notifications选项。CloudTrail存储多个事件在一个日志文件中,SNS notification每个文件发送一次通知,而不是每个事件。
启用后就可以从CloudTrail console查看日志,可增加、更新、删除、停用trail。
CloudTrail CLI
Create a trail
Create a single-region trail:
The specified S3 bucket must already exist and have the appropriate CloudTrail permissions applied.
$ aws cloudtrail create-trail --name my-trail --s3-bucket-name my-bucketCreate a trail that applies to all regions:
$ aws cloudtrail create-trail --name my-trail --s3-bucket-name my-bucket --is-multi-region-trailStart logging
After the create-trail command completes, run the start-logging command to start logging for that trail.When you create a trail with the CloudTrail console or the create-subscription command, logging is turned on automatically.
$ aws cloudtrail start-logging --name my-trailStop logging
$ aws cloudtrail stop-logging --name my-trailUpdate Trail
Converting a multi-region trail to a single-region trail:
$ aws cloudtrail update-trail --name my-trail --no-is-multi-region-trailEnabling log file validation:
$ aws cloudtrail update-trail --name my-trail --enable-log-file-validationGet trail status
$ aws cloudtrail get-trail-status --name my-trailRetrieve trail settings
$ aws cloudtrail describe-trailsDelete a trail
$ aws cloudtrail delete-trail --name my-trail删除trail不会删除S3和SNS topic
参考文档
Creating and Updating a Trail with the CloudTrail Console
Creating and Updating a Trail with the AWS Command Line Interface
转载于:https://blog.51cto.com/7308310/2072273
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
