Log files are in JSON format. If you have a JSON viewer add-on installed, you can view the files directly in your browser. Double-click the log file name in the bucket to open a new browser window or tab. The JSON displays in a readable format.
CloudTrail log files are Amazon S3 objects. You can use the Amazon S3 console, the AWS Command Line Interface (CLI), or the Amazon S3 API to retrieve log files.
For more information, see Amazon S3 objects overview in the Amazon Simple Storage Service User Guide.
The following procedure describes how to download a log file with the AWS Management Console.
To download and read a log file
Open the Amazon S3 console at https://console.aws.amazon.com/s3/
. -
Choose the bucket and choose the log file that you want to download.
-
Choose Download or Download as and follow the prompts to save the file. This saves the file in compressed format.
Note
Some browsers, such as Chrome, automatically extract the log file for you. If your browser does this for you, skip to step 5.
-
Use a product such as 7-Zip
to extract the log file. -
Open the log file in a text editor such as Notepad++.
For more information about the event fields that can appear in a log file entry, see CloudTrail record contents for management, data, and network activity events.
AWS partners with third-party specialists in logging and analysis to provide solutions
that use CloudTrail output. For more information, see AWS CloudTrail
partners
Note
You can also use the Event history feature to look up events for create, update, and delete API activity during the last 90 days.
For more information, see Working with CloudTrail event history.
