README
¶
trail-digger
trail-digger is a tool for digging trail log files of AWS CloudTrail.
NOTICE: If Amazon Athena is available, most issues can be solved with Amazon Athena
Usage
trail-digger events
trail-digger events show AWS CloudTrail events (JSONL) in order of timeline using trail logs.
Show the events of 2022/02/03 for AWS account/default region of my-profile in order of timeline
$ env AWS_PROFILE=my-profile trail-digger events s3://your-trail-log-bucket --date 2022/02/03
Show the events of 2022/02 for AWS account/us-west-2 of my-profile in order of timeline
$ env AWS_PROFILE=my-profile trail-digger events s3://your-trail-log-bucket --date 2022/02 --region us-west-2
Show the events of 2022/01 for AWS account(1234567890)/all regions in order of timeline
$ env AWS_PROFILE=my-profile trail-digger events s3://your-trail-log-bucket --date 2022/01 --account 1234567890 --all-regions
Show the events of 2022/01/04 for all AWS accounts/all regions in order of timeline
$ env AWS_PROFILE=my-profile trail-digger events s3://your-trail-log-bucket --date 2022/01/04 --all-accounts --all-regions
trail-digger analyze
trail-digger analyze analyze AWS CloudTrail events using trail logs.
The usage is the same as trail-digger analyze, but it outputs the analysis results.
$ AWS_PROFILE=my-profile trail-digger analyze s3://your-trail-log-bucket
2022-02-15T07:27:48+09:00 INF Digging trail logs prefix=AWSLogs/1234567890/CloudTrail/ap-northeast-1/2022/02/15/
2022-02-15T07:28:07+09:00 INF Digging trail logs prefix=AWSLogs/1234567890/CloudTrail/ap-northeast-1/2022/02/16/
Count
Event Type Management Event: 12345678
Data Event: 12345
Event Source access-analyzer.amazonaws.com: XXXXX
autoscaling.amazonaws.com: XXXX
cloudformation.amazonaws.com: XXXX
cloudtrail.amazonaws.com: XXXXX
codepipeline.amazonaws.com: XXXX
config.amazonaws.com: XXX
dax.amazonaws.com: XXXXX
dms.amazonaws.com: XXX
ec2.amazonaws.com: XX
ecr.amazonaws.com: XXX
ecs.amazonaws.com: XXXXX
elasticfilesystem.amazonaws.com: XXX
elasticloadbalancing.amazonaws.com: XXXX
elasticmapreduce.amazonaws.com: XXXX
es.amazonaws.com: XXX
guardduty.amazonaws.com: XXX
kms.amazonaws.com: XXX
lambda.amazonaws.com: XXXXX
redshift.amazonaws.com: XXXX
s3.amazonaws.com: XXXXXX
sagemaker.amazonaws.com: XXX
secretsmanager.amazonaws.com: XXXX
ssm.amazonaws.com: XXX
sts.amazonaws.com: XXXX
Region ap-northeast-1: 12358023
Recipient Account ID 1234567890: 12358023
trail-digger size
trail-digger size show size of trail logs.
The usage is the same as trail-digger analyze, but it outputs the size of trail log S3 objects.
In addition, for trail-digger events and trail-digger analyze, the aggregation range is determined by eventTime, but for trail-digger size, the aggregation range is determined by the date path of the S3 bucket.
Install
homebrew tap:
$ brew install pepabo/tap/trail-digger
manually:
Download binany from releases page
go install:
$ go install github.com/pepabo/trail-digger@latest
Documentation
¶
Overview ¶
Copyright © 2022 Ken'ichiro Oyama <k1lowxb@gmail.com>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Source Files
Directories