CloudWatch Logs AWS IoT log entries
Each component of AWS IoT generates its own log entries. Each log entry has an
eventType that specifies the operation that caused the log entry to be
generated. This section describes the log entries generated by the following AWS IoT
components.
Topics
Message broker log entries
The AWS IoT message broker generates log entries for the following events:
Topics
Connect log entry
The AWS IoT message broker generates a log entry with an eventType of
Connect when an MQTT client connects.
Connect log entry example
{ "timestamp": "2017-08-10 15:37:23.476", "logLevel": "INFO", "traceId": "20b23f3f-d7f1-feae-169f-82263394fbdb", "accountId": "123456789012", "status": "Success", "eventType": "Connect", "protocol": "MQTT", "clientId": "abf27092886e49a8a5c1922749736453", "principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167", "sourceIp": "205.251.233.181", "sourcePort": 13490 }
In addition to the Common CloudWatch Logs attributes, Connect log entries contain
the following attributes:
- clientId
-
The ID of the client making the request.
- principalId
-
The ID of the principal making the request.
- protocol
-
The protocol used to make the request. Valid values are
MQTTorHTTP. - sourceIp
-
The IP address where the request originated.
- sourcePort
-
The port where the request originated.
Disconnect log entry
The AWS IoT message broker generates a log entry with an eventType of
Disconnect when an MQTT client disconnects.
Disconnect log entry example
{ "timestamp": "2017-08-10 15:37:23.476", "logLevel": "INFO", "traceId": "20b23f3f-d7f1-feae-169f-82263394fbdb", "accountId": "123456789012", "status": "Success", "eventType": "Disconnect", "protocol": "MQTT", "clientId": "abf27092886e49a8a5c1922749736453", "principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167", "sourceIp": "205.251.233.181", "sourcePort": 13490, "reason": "DUPLICATE_CLIENT_ID", "details": "A new connection was established with the same client ID", "disconnectReason": "CLIENT_INITIATED_DISCONNECT" }
In addition to the Common CloudWatch Logs attributes, Disconnect log entries contain
the following attributes:
- clientId
-
The ID of the client making the request.
- principalId
-
The ID of the principal making the request.
- protocol
-
The protocol used to make the request. Valid values are
MQTTorHTTP. - sourceIp
-
The IP address where the request originated.
- sourcePort
-
The port where the request originated.
- reason
-
The reason why the client is disconnecting.
- details
-
A brief explanation of the error.
- disconnectReason
-
The reason why the client is disconnecting.
GetRetainedMessage log entry
The AWS IoT message broker generates a log entry with an eventType of
GetRetainedMessage when GetRetainedMessage is called.
GetRetainedMessage log entry example
{ "timestamp": "2017-08-07 18:47:56.664", "logLevel": "INFO", "traceId": "1a60d02e-15b9-605b-7096-a9f584a6ad3f", "accountId": "123456789012", "status": "Success", "eventType": "GetRetainedMessage", "protocol": "HTTP", "topicName": "a/b/c", "qos": "1", "lastModifiedDate": "2017-08-07 18:47:56.664" }
In addition to the Common CloudWatch Logs attributes, GetRetainedMessage log entries
contain the following attributes:
- lastModifiedDate
-
The Epoch date and time, in milliseconds, when the retained message was stored by AWS IoT.
- protocol
-
The protocol used to make the request. Valid value:
HTTP. - qos
-
The Quality of Service (QoS) level used in the publish request. Valid values are
0or1. - topicName
-
The name of the subscribed topic.
ListRetainedMessage log entry
The AWS IoT message broker generates a log entry with an eventType of
ListRetainedMessage when ListRetainedMessages is called.
ListRetainedMessage log entry example
{ "timestamp": "2017-08-07 18:47:56.664", "logLevel": "INFO", "traceId": "1a60d02e-15b9-605b-7096-a9f584a6ad3f", "accountId": "123456789012", "status": "Success", "eventType": "ListRetainedMessage", "protocol": "HTTP" }
In addition to the Common CloudWatch Logs attributes, ListRetainedMessage log
entries contains the following attribute:
- protocol
-
The protocol used to make the request. Valid value:
HTTP.
Publish-In log entry
When the AWS IoT message broker receives an MQTT message, it generates a log entry
with an eventType of Publish-In.
Publish-In log entry example
{ "timestamp": "2017-08-10 15:39:30.961", "logLevel": "INFO", "traceId": "672ec480-31ce-fd8b-b5fb-22e3ac420699", "accountId": "123456789012", "status": "Success", "eventType": "Publish-In", "protocol": "MQTT", "topicName": "$aws/things/MyThing/shadow/get", "clientId": "abf27092886e49a8a5c1922749736453", "principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167", "sourceIp": "205.251.233.181", "sourcePort": 13490, "retain": "True" }
In addition to the Common CloudWatch Logs attributes, Publish-In log entries contain
the following attributes:
- clientId
-
The ID of the client making the request.
- principalId
-
The ID of the principal making the request.
- protocol
-
The protocol used to make the request. Valid values are
MQTTorHTTP. - retain
-
The attribute used when a message has the RETAIN flag set with a value of
True. If the message doesn't have the RETAIN flag set, this attribute doesn't appear in the log entry. For more information, see MQTT retained messages. - sourceIp
-
The IP address where the request originated.
- sourcePort
-
The port where the request originated.
- topicName
-
The name of the subscribed topic.
Publish-Out log entry
When the message broker publishes an MQTT message, it generates a log entry with an
eventType of Publish-Out
Publish-Out log entry example
{ "timestamp": "2017-08-10 15:39:30.961", "logLevel": "INFO", "traceId": "672ec480-31ce-fd8b-b5fb-22e3ac420699", "accountId": "123456789012", "status": "Success", "eventType": "Publish-Out", "protocol": "MQTT", "topicName": "$aws/things/MyThing/shadow/get", "clientId": "abf27092886e49a8a5c1922749736453", "principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167", "sourceIp": "205.251.233.181", "sourcePort": 13490 }
In addition to the Common CloudWatch Logs attributes, Publish-Out log entries
contain the following attributes:
- clientId
-
The ID of the subscribed client that receives messages on that MQTT topic.
- principalId
-
The ID of the principal making the request.
- protocol
-
The protocol used to make the request. Valid values are
MQTTorHTTP. - sourceIp
-
The IP address where the request originated.
- sourcePort
-
The port where the request originated.
- topicName
-
The name of the subscribed topic.
Queued log entry
When a device with a persistent session is disconnected, the MQTT message broker
stores the device's messages and AWS IoT generates log entries with an eventType of
Queued. For more information about MQTT persistent sessions, see MQTT persistent sessions.
Queued server error log entry example
{ "timestamp": "2022-08-10 15:39:30.961", "logLevel": "ERROR", "traceId": "672ec480-31ce-fd8b-b5fb-22e3ac420699", "accountId": "123456789012", "topicName": "$aws/things/MyThing/get", "clientId": "123123123", "qos": "1", "protocol": "MQTT", "eventType": "Queued", "status": "Failure", "details": "Server Error" }
In addition to the Common CloudWatch Logs attributes, Queued server error log
entries contain the following attributes:
- clientId
-
The ID of the client to which the message is queued.
- details
-
Server ErrorA server error prevented the message from being stored.
- protocol
-
The protocol used to make the request. The value will always be
MQTT. - qos
-
The Quality of Service (QoS) level of the request. The value will always be 1 because the messages with QoS of 0 aren't stored.
- topicName
-
The name of the subscribed topic.
Queued success log entry example
{ "timestamp": "2022-08-10 15:39:30.961", "logLevel": "INFO", "traceId": "672ec480-31ce-fd8b-b5fb-22e3ac420699", "accountId": "123456789012", "topicName": "$aws/things/MyThing/get", "clientId": "123123123", "qos": "1", "protocol": "MQTT", "eventType": "Queued", "status": "Success" }
In addition to the Common CloudWatch Logs attributes, Queued success log entries
contain the following attributes:
- clientId
-
The ID of the client to which the message is queued.
- protocol
-
The protocol used to make the request. The value will always be
MQTT. - qos
-
The Quality of Service (QoS) level of the request. The value will always be 1 because the messages with QoS of 0 aren't stored.
- topicName
-
The name of the subscribed topic.
Queued throttled log entry example
{ "timestamp": "2022-08-10 15:39:30.961", "logLevel": "ERROR", "traceId": "672ec480-31ce-fd8b-b5fb-22e3ac420699", "accountId": "123456789012", "topicName": "$aws/things/MyThing/get", "clientId": "123123123", "qos": "1", "protocol": "MQTT", "eventType": "Queued", "status": "Failure", "details": "Throttled while queueing offline message" }
In addition to the Common CloudWatch Logs attributes, Queued throttled log entries
contain the following attributes:
- clientId
-
The ID of the client to which the message is queued.
- details
-
Throttled while queueing offline messageThe client exceeded the
Queued messages per second per accountlimit, so the message wasn't stored. - protocol
-
The protocol used to make the request. The value will always be
MQTT. - qos
-
The Quality of Service (QoS) level of the request. The value will always be 1 because the messages with QoS of 0 aren't stored.
- topicName
-
The name of the subscribed topic.
Subscribe log entry
The AWS IoT message broker generates a log entry with an eventType of
Subscribe when an MQTT client subscribes to a topic.
MQTT 3 Subscribe log entry example
{ "timestamp": "2017-08-10 15:39:04.413", "logLevel": "INFO", "traceId": "7aa5c38d-1b49-3753-15dc-513ce4ab9fa6", "accountId": "123456789012", "status": "Success", "eventType": "Subscribe", "protocol": "MQTT", "topicName": "$aws/things/MyThing/shadow/#", "clientId": "abf27092886e49a8a5c1922749736453", "principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167", "sourceIp": "205.251.233.181", "sourcePort": 13490 }
In addition to the Common CloudWatch Logs attributes, Subscribe log entries contain
the following attributes:
- clientId
-
The ID of the client making the request.
- principalId
-
The ID of the principal making the request.
- protocol
-
The protocol used to make the request. The value will always be
MQTT. - sourceIp
-
The IP address where the request originated.
- sourcePort
-
The port where the request originated.
- topicName
-
The name of the subscribed topic.
MQTT 5 Subscribe log entry example
{ "timestamp": "2022-11-30 16:24:15.628", "logLevel": "INFO", "traceId": "7aa5c38d-1b49-3753-15dc-513ce4ab9fa6", "accountId": "123456789012", "status": "Success", "eventType": "Subscribe", "protocol": "MQTT", "topicName": "test/topic1,$invalid/reserved/topic", "subscriptions": [ { "topicName": "test/topic1", "reasonCode": 1 }, { "topicName": "$invalid/reserved/topic", "reasonCode": 143 } ], "clientId": "abf27092886e49a8a5c1922749736453", "principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167", "sourceIp": "205.251.233.181", "sourcePort": 13490 }
For MQTT 5 Subscribe operations, in addition to the Common CloudWatch Logs attributes and the
MQTT 3 Subscribe log entry
attributes, MQTT 5 Subscribe log entries contain the following
attribute:
- subscriptions
-
A list of mappings between the requested topics in the Subscribe request and the individual MQTT 5 reason code. For more information, see MQTT reason codes.
Unsubscribe log entry
The AWS IoT message broker generates a log entry with an eventType of
Unsubscribe when an MQTT client unsubscribes to an MQTT topic.
MQTT unsubscribe log entry example
{ "timestamp": "2024-08-20 22:53:32.844", "logLevel": "INFO", "traceId": "db6bd09a-2c3f-1cd2-27cc-fd6b1ce03b58", "accountId": "123456789012", "status": "Success", "eventType": "Unsubscribe", "protocol": "MQTT", "clientId": "abf27092886e49a8a5c1922749736453", "principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167", "sourceIp": "205.251.233.181", "sourcePort": 13490 }
In addition to the Common CloudWatch Logs attributes, Unsubscribe log entries contain
the following attributes:
- protocol
-
The protocol used to make the request. The value will always be
MQTT. - clientId
-
The ID of the client making the request.
- principalId
-
The ID of the principal making the request.
- sourceIp
-
The IP address where the request originated.
- sourcePort
-
The port where the request originated.
Server certificate OCSP log entries
AWS IoT Core generates log entries for the following event:
RetrieveOCSPStapleData log entry
AWS IoT Core generates a log entry with an eventType of
RetrieveOCSPStapleData when the server retrieves the OCSP staple
data.
RetrieveOCSPStapleData log entry examples
The following is a log entry example of Success.
{ "timestamp": "2024-01-30 15:39:30.961", "logLevel": "INFO", "traceId": "180532b7-0cc7-057b-687a-5ca1824838f5", "accountId": "123456789012", "status": "Success", "eventType": "RetrieveOCSPStapleData", "domainConfigName": "test-domain-config-name", "connectionDetails": { "httpStatusCode": "200", "ocspResponderUri": "http://ocsp.example.com", "sourceIp": "205.251.233.181", "targetIp": "250.15.5.3" }, "ocspRequestDetails": { "requesterName": "iot.amazonaws.com", "requestCertId": "30:3A:30:09:06:05:2B:0E:03:02:1A:05:00:04:14:9C:FF:90:A1:97:B0:4D:6C:01:B9:69:96:D8:3E:E7:A2:51:7F:30:C4:04:14:7C:84:78:AE:12:58:71:38:0C:65:FC:17:77:7D:14:DD:69:73:71:46:02:01:01" }, "ocspResponseDetails": { "responseCertId": "30:3A:30:09:06:05:2B:0E:03:02:1A:05:00:04:14:9C:FF:90:A1:97:B0:4D:6C:01:B9:69:96:D8:3E:E7:A2:51:7F:30:C4:04:14:7C:84:78:AE:12:58:71:38:0C:65:FC:17:77:7D:14:DD:69:73:71:46:02:01:01", "ocspResponseStatus": "successful", "certStatus": "good", "signature": "4C:6F:63:61:6C:20:52:65:73:70:6F:6E:64:65:72:20:53:69:67:6E:61:74:75:72:65", "thisUpdateTime": "Jan 31 01:21:02 2024 UTC", "nextUpdateTime": "Feb 02 00:21:02 2024 UTC", "producedAtTime": "Jan 31 01:37:03 2024 UTC", "stapledDataPayloadSize": "XXX" } }
The following is a log entry example of Failure.
{ "timestamp": "2024-01-30 15:39:30.961", "logLevel": "ERROR", "traceId": "180532b7-0cc7-057b-687a-5ca1824838f5", "accountId": "123456789012", "status": "Failure", "reason": "A non 2xx HTTP response was received from the OCSP responder.", "eventType": "RetrieveOCSPStapleData", "domainConfigName": "test-domain-config-name", "connectionDetails": { "httpStatusCode": "444", "ocspResponderUri": "http://ocsp.example.com", "sourceIp": "205.251.233.181", "targetIp": "250.15.5.3" }, "ocspRequestDetails": { "requesterName": "iot.amazonaws.com", "requestCertId": "30:3A:30:09:06:05:2B:0E:03:02:1A:05:00:04:14:9C:FF:90:A1:97:B0:4D:6C:01:B9:69:96:D8:3E:E7:A2:51:7F:30:C4:04:14:7C:84:78:AE:12:58:71:38:0C:65:FC:17:77:7D:14:DD:69:73:71:46:02:01:01" } }
For the RetrieveOCSPStaple operation, in addition to the Common CloudWatch Logs attributes, the log
entries contain the following attributes:
- reason
-
The reason why the operation fails.
- domainConfigName
-
The name of your domain configuration.
- connectionDetails
-
A brief explanation of the connection details.
-
httpStatusCode
HTTP status codes that are returned by the OCSP responder in response to the client's request made to the server.
-
ocspResponderUri
The OCSP responder URI that AWS IoT Core fetches from the server certificate.
-
sourceIp
The source IP address of the AWS IoT Core server.
-
targetIp
The target IP address of the OCSP responder.
-
- ocspRequestDetails
-
Details of the OCSP request.
-
requesterName
The identifier for the AWS IoT Core server that sends a request to the OCSP responder.
-
requestCertId
The certificate ID of the request. This is the ID of the certificate for which the OCSP response is being requested.
-
- ocspResponseDetails
-
Details of the OCSP response.
-
responseCertId
The certificate ID of the OCSP response.
-
ocspResponseStatus
The status of the OCSP response.
-
certStatus
The status of the certificate.
-
signature
The signature that's applied to the response by a trusted entity.
-
thisUpdateTime
The time at which the status being indicated is known to be correct.
-
nextUpdateTime
The time at or before which newer information will be available about the status of the certificate.
-
producedAtTime
The time at which the OCSP responder signed this response.
-
stapledDataPayloadSize
The payload size of the stapled data.
-
RetrieveOCSPStapleData log entry for private endpoints
AWS IoT Core generates a log entry with an eventType of
RetrieveOCSPStapleData when the server retrieves the OCSP staple
data.
RetrieveOCSPStapleData log entry examples for private endpoints
The following is a log entry example of Success.
{ "timestamp": "2024-01-30 15:39:30.961", "logLevel": "INFO", "traceId": "180532b7-0cc7-057b-687a-5ca1824838f5", "accountId": "123456789012", "status": "Success", "eventType": "RetrieveOCSPStapleData", "domainConfigName": "test-domain-config-name", "lambdaDetails": { "lambdaArn": "arn:aws:lambda:us-west-2:123456789012:function:my-function", "sourceArn": "arn:aws:iot:us-west-2:123456789012:domainconfiguration/testDomainConfigure/6bzfg" }, "authorizedResponderArn": "arn:aws:acm:us-west-2:123456789012:certificate/certificate_ID", "ocspRequestDetails": { "requesterName": "iot.amazonaws.com", "requestCertId": "30:3A:30:09:06:05:2B:0E:03:02:1A:05:00:04:14:9C:FF:90:A1:97:B0:4D:6C:01:B9:69:96:D8:3E:E7:A2:51:7F:30:C4:04:14:7C:84:78:AE:12:58:71:38:0C:65:FC:17:77:7D:14:DD:69:73:71:46:02:01:01" }, "ocspResponseDetails": { "responderId": "04:C1:3F:8F:27:D6:49:13:F8:DE:B2:36:9D:85:8E:F8:31:3B:A6:D0" "responseCertId": "30:3A:30:09:06:05:2B:0E:03:02:1A:05:00:04:14:9C:FF:90:A1:97:B0:4D:6C:01:B9:69:96:D8:3E:E7:A2:51:7F:30:C4:04:14:7C:84:78:AE:12:58:71:38:0C:65:FC:17:77:7D:14:DD:69:73:71:46:02:01:01", "ocspResponseStatus": "successful", "certStatus": "good", "signature": "4C:6F:63:61:6C:20:52:65:73:70:6F:6E:64:65:72:20:53:69:67:6E:61:74:75:72:65", "thisUpdateTime": "Jan 31 01:21:02 2024 UTC", "nextUpdateTime": "Feb 02 00:21:02 2024 UTC", "producedAtTime": "Jan 31 01:37:03 2024 UTC", "stapledDataPayloadSize": "XXX" } }
The following is a log entry example of Failure.
{ "timestamp": "2024-01-30 15:39:30.961", "logLevel": "ERROR", "traceId": "180532b7-0cc7-057b-687a-5ca1824838f5", "accountId": "123456789012", "status": "Failure", "reason": "The payload returned by the Lambda function exceeds the maximum response size of 7 kilobytes.", "eventType": "RetrieveOCSPStapleData", "domainConfigName": "test-domain-config-name", "lambdaDetails": { "lambdaArn": "arn:aws:lambda:us-west-2:123456789012:function:my-function", "sourceArn": "arn:aws:iot:us-west-2:123456789012:domainconfiguration/testDomainConfigure/6bzfg" }, "authorizedResponderArn": "arn:aws:acm:us-west-2:123456789012:certificate/certificate_ID", "ocspRequestDetails": { "requesterName": "iot.amazonaws.com", "requestCertId": "30:3A:30:09:06:05:2B:0E:03:02:1A:05:00:04:14:9C:FF:90:A1:97:B0:4D:6C:01:B9:69:96:D8:3E:E7:A2:51:7F:30:C4:04:14:7C:84:78:AE:12:58:71:38:0C:65:FC:17:77:7D:14:DD:69:73:71:46:02:01:01" } }
For the RetrieveOCSPStaple operation, in addition to the Common CloudWatch Logs attributes and the
attributes in RetrieveOCSPStapleData log entry, the log entries for private endpoints
contain the following attributes:
- lambdaDetails
-
Details of the Lambda function.
-
lambdaArn
The ARN of the Lambda function.
-
sourceArn
The ARN of the domain configuration.
-
- authorizedResponderArn
-
The ARN of the authorizer responder if there is one configured in the domain configuration.
Device Shadow log entries
The AWS IoT Device Shadow service generates log entries for the following events:
DeleteThingShadow log entry
The Device Shadow service generates a log entry with an eventType of
DeleteThingShadow when a request to delete a device's shadow is
received.
DeleteThingShadow log entry example
{ "timestamp": "2017-08-07 18:47:56.664", "logLevel": "INFO", "traceId": "1a60d02e-15b9-605b-7096-a9f584a6ad3f", "accountId": "123456789012", "status": "Success", "eventType": "DeleteThingShadow", "protocol": "MQTT", "deviceShadowName": "Jack", "topicName": "$aws/things/Jack/shadow/delete" }
In addition to the Common CloudWatch Logs attributes, DeleteThingShadow log entries
contain the following attributes:
- deviceShadowName
-
The name of the shadow to update.
- protocol
-
The protocol used to make the request. Valid values are
MQTTorHTTP. - topicName
-
The name of the topic on which the request was published.
GetThingShadow log entry
The Device Shadow service generates a log entry with an eventType of
GetThingShadow when a get request for a shadow is received.
GetThingShadow log entry example
{ "timestamp": "2017-08-09 17:56:30.941", "logLevel": "INFO", "traceId": "b575f19a-97a2-cf72-0ed0-c64a783a2504", "accountId": "123456789012", "status": "Success", "eventType": "GetThingShadow", "protocol": "MQTT", "deviceShadowName": "MyThing", "topicName": "$aws/things/MyThing/shadow/get" }
In addition to the Common CloudWatch Logs attributes, GetThingShadow log entries
contain the following attributes:
- deviceShadowName
-
The name of the requested shadow.
- protocol
-
The protocol used to make the request. Valid values are
MQTTorHTTP. - topicName
-
The name of the topic on which the request was published.
UpdateThingShadow log entry
The Device Shadow service generates a log entry with an eventType of
UpdateThingShadow when a request to update a device's shadow is
received.
UpdateThingShadow log entry example
{ "timestamp": "2017-08-07 18:43:59.436", "logLevel": "INFO", "traceId": "d0074ba8-0c4b-a400-69df-76326d414c28", "accountId": "123456789012", "status": "Success", "eventType": "UpdateThingShadow", "protocol": "MQTT", "deviceShadowName": "Jack", "topicName": "$aws/things/Jack/shadow/update" }
In addition to the Common CloudWatch Logs attributes, UpdateThingShadow log entries
contain the following attributes:
- deviceShadowName
-
The name of the shadow to update.
- protocol
-
The protocol used to make the request. Valid values are
MQTTorHTTP. - topicName
-
The name of the topic on which the request was published.
Rules engine log entries
The AWS IoT rules engine generates logs for the following events:
Topics
FunctionExecution log entry
The rules engine generates a log entry with an eventType of
FunctionExecution when a rule's SQL query calls an external function. An
external function is called when a rule's action makes an HTTP request to AWS IoT or
another web service (for example, calling get_thing_shadow or
machinelearning_predict).
FunctionExecution log entry example
{ "timestamp": "2017-07-13 18:33:51.903", "logLevel": "DEBUG", "traceId": "180532b7-0cc7-057b-687a-5ca1824838f5", "status": "Success", "eventType": "FunctionExecution", "clientId": "N/A", "topicName":"rules/test", "ruleName": "ruleTestPredict", "ruleAction": "MachinelearningPredict", "resources": { "ModelId": "predict-model" }, "principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167" }
In addition to the Common CloudWatch Logs attributes, FunctionExecution log entries
contain the following attributes:
- clientId
-
N/AforFunctionExecutionlogs. - principalId
-
The ID of the principal making the request.
- resources
-
A collection of resources used by the rule's actions.
- ruleName
-
The name of the matching rule.
- topicName
-
The name of the subscribed topic.
RuleExecution log entry
When the AWS IoT rules engine triggers a rule's action, it generates a
RuleExecution log entry.
RuleExecution log entry example
{ "timestamp": "2017-08-10 16:32:46.070", "logLevel": "INFO", "traceId": "30aa7ccc-1d23-0b97-aa7b-76196d83537e", "accountId": "123456789012", "status": "Success", "eventType": "RuleExecution", "clientId": "abf27092886e49a8a5c1922749736453", "topicName": "rules/test", "ruleName": "JSONLogsRule", "ruleAction": "RepublishAction", "resources": { "RepublishTopic": "rules/republish" }, "principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167" }
In addition to the Common CloudWatch Logs attributes, RuleExecution log entries
contain the following attributes:
- clientId
-
The ID of the client making the request.
- principalId
-
The ID of the principal making the request.
- resources
-
A collection of resources used by the rule's actions.
- ruleAction
-
The name of the action triggered.
- ruleName
-
The name of the matching rule.
- topicName
-
The name of the subscribed topic.
RuleMatch log entry
The AWS IoT rules engine generates a log entry with an eventType of
RuleMatch when the message broker receives a message that matches a
rule.
RuleMatch log entry example
{ "timestamp": "2017-08-10 16:32:46.002", "logLevel": "INFO", "traceId": "30aa7ccc-1d23-0b97-aa7b-76196d83537e", "accountId": "123456789012", "status": "Success", "eventType": "RuleMatch", "clientId": "abf27092886e49a8a5c1922749736453", "topicName": "rules/test", "ruleName": "JSONLogsRule", "principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167" }
In addition to the Common CloudWatch Logs attributes, RuleMatch log entries contain
the following attributes:
- clientId
-
The ID of the client making the request.
- principalId
-
The ID of the principal making the request.
- ruleName
-
The name of the matching rule.
- topicName
-
The name of the subscribed topic.
RuleExecutionThrottled log entry
When an execution is throttled, the AWS IoT rules engine generates a log entry with an
eventType of RuleExecutionThrottled.
RuleExecutionThrottled log entry example
{ "timestamp": "2017-10-04 19:25:46.070", "logLevel": "ERROR", "traceId": "30aa7ccc-1d23-0b97-aa7b-76196d83537e", "accountId": "123456789012", "status": "Failure", "eventType": "RuleMessageThrottled", "clientId": "abf27092886e49a8a5c1922749736453", "topicName": "$aws/rules/example_rule", "ruleName": "example_rule", "principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167", "reason": "RuleExecutionThrottled", "details": "Exection of Rule example_rule throttled" }
In addition to the Common CloudWatch Logs attributes, RuleExecutionThrottled log
entries contain the following attributes:
- clientId
-
The ID of the client making the request.
- details
-
A brief explanation of the error.
- principalId
-
The ID of the principal making the request.
- reason
-
The string "RuleExecutionThrottled".
- ruleName
-
The name of the rule to be triggered.
- topicName
-
The name of the topic that was published.
RuleNotFound log entry
When the AWS IoT rules engine cannot find a rule with a given name, it generates a log
entry with an eventType of RuleNotFound.
RuleNotFound log entry example
{ "timestamp": "2017-10-04 19:25:46.070", "logLevel": "ERROR", "traceId": "30aa7ccc-1d23-0b97-aa7b-76196d83537e", "accountId": "123456789012", "status": "Failure", "eventType": "RuleNotFound", "clientId": "abf27092886e49a8a5c1922749736453", "topicName": "$aws/rules/example_rule", "ruleName": "example_rule", "principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167", "reason": "RuleNotFound", "details": "Rule example_rule not found" }
In addition to the Common CloudWatch Logs attributes, RuleNotFound log entries
contain the following attributes:
- clientId
-
The ID of the client making the request.
- details
-
A brief explanation of the error.
- principalId
-
The ID of the principal making the request.
- reason
-
The string "RuleNotFound".
- ruleName
-
The name of the rule that could not be found.
- topicName
-
The name of the topic that was published.
StartingRuleExecution log entry
When the AWS IoT rules engine starts to trigger a rule's action, it generates a log
entry with an eventType of StartingRuleExecution.
StartingRuleExecution log entry example
{ "timestamp": "2017-08-10 16:32:46.002", "logLevel": "DEBUG", "traceId": "30aa7ccc-1d23-0b97-aa7b-76196d83537e", "accountId": "123456789012", "status": "Success", "eventType": "StartingRuleExecution", "clientId": "abf27092886e49a8a5c1922749736453", "topicName": "rules/test", "ruleName": "JSONLogsRule", "ruleAction": "RepublishAction", "principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167" }
In addition to the Common CloudWatch Logs attributes, rule- log entries contain the
following attributes:
- clientId
-
The ID of the client making the request.
- principalId
-
The ID of the principal making the request.
- ruleAction
-
The name of the action triggered.
- ruleName
-
The name of the matching rule.
- topicName
-
The name of the subscribed topic.
Job log entries
The AWS IoT Job service generates log entries for the following events. Log entries are generated when an MQTT or HTTP request is received from the device.
Topics
DescribeJobExecution log entry
The AWS IoT Jobs service generates a log entry with an eventType of
DescribeJobExecution when the service receives a request to describe a
job execution.
DescribeJobExecution log entry example
{ "timestamp": "2017-08-10 19:13:22.841", "logLevel": "DEBUG", "accountId": "123456789012", "status": "Success", "eventType": "DescribeJobExecution", "protocol": "MQTT", "clientId": "thingOne", "jobId": "002", "topicName": "$aws/things/thingOne/jobs/002/get", "clientToken": "myToken", "details": "The request status is SUCCESS." }
In addition to the Common CloudWatch Logs attributes, GetJobExecution log entries
contain the following attributes:
- clientId
-
The ID of the client making the request.
- clientToken
-
A unique, case-sensitive identifier to ensure the idempotency of the request. For more information, see How to Ensure Idempotency.
- details
-
Other information from the Jobs service.
- jobId
-
The job ID for the job execution.
- protocol
-
The protocol used to make the request. Valid values are
MQTTorHTTP. - topicName
-
The topic used to make the request.
GetPendingJobExecution log entry
The AWS IoT Jobs service generates a log entry with an eventType of
GetPendingJobExecution when the service receives a job execution
request.
GetPendingJobExecution log entry example
{ "timestamp": "2018-06-13 17:45:17.197", "logLevel": "DEBUG", "accountId": "123456789012", "status": "Success", "eventType": "GetPendingJobExecution", "protocol": "MQTT", "clientId": "299966ad-54de-40b4-99d3-4fc8b52da0c5", "topicName": "$aws/things/299966ad-54de-40b4-99d3-4fc8b52da0c5/jobs/get", "clientToken": "24b9a741-15a7-44fc-bd3c-1ff2e34e5e82", "details": "The request status is SUCCESS." }
In addition to the Common CloudWatch Logs attributes, GetPendingJobExecution log
entries contain the following attributes:
- clientId
-
The ID of the client making the request.
- clientToken
-
A unique, case sensitive identifier to ensure the idempotency of the request. For more information, see How to Ensure Idempotency.
- details
-
Other information from the Jobs service.
- protocol
-
The protocol used to make the request. Valid values are
MQTTorHTTP. - topicName
-
The name of the subscribed topic.
ReportFinalJobExecutionCount log entry
The AWS IoT Jobs service generates a log entry with an entryType of
ReportFinalJobExecutionCount when a job is completed.
ReportFinalJobExecutionCount log entry example
{ "timestamp": "2017-08-10 19:44:16.776", "logLevel": "INFO", "accountId": "123456789012", "status": "Success", "eventType": "ReportFinalJobExecutionCount", "jobId": "002", "details": "Job 002 completed. QUEUED job execution count: 0 IN_PROGRESS job execution count: 0 FAILED job execution count: 0 SUCCEEDED job execution count: 1 CANCELED job execution count: 0 REJECTED job execution count: 0 REMOVED job execution count: 0" }
In addition to the Common CloudWatch Logs attributes, ReportFinalJobExecutionCount
log entries contain the following attributes:
- details
-
Other information from the Jobs service.
- jobId
-
The job ID for the job execution.
StartNextPendingJobExecution log entry
When it receives a request to start the next pending job execution, the AWS IoT Jobs
service generates a log entry with an eventType of
StartNextPendingJobExecution.
StartNextPendingJobExecution log entry example
{ "timestamp": "2018-06-13 17:49:51.036", "logLevel": "DEBUG", "accountId": "123456789012", "status": "Success", "eventType": "StartNextPendingJobExecution", "protocol": "MQTT", "clientId": "95c47808-b1ca-4794-bc68-a588d6d9216c", "topicName": "$aws/things/95c47808-b1ca-4794-bc68-a588d6d9216c/jobs/start-next", "clientToken": "bd7447c4-3a05-49f4-8517-dd89b2c68d94", "details": "The request status is SUCCESS." }
In addition to the Common CloudWatch Logs attributes, StartNextPendingJobExecution
log entries contain the following attributes:
- clientId
-
The ID of the client making the request.
- clientToken
-
A unique, case sensitive identifier to ensure the idempotency of the request. For more information, see How to Ensure Idempotency.
- details
-
Other information from the Jobs service.
- protocol
-
The protocol used to make the request. Valid values are
MQTTorHTTP. - topicName
-
The topic used to make the request.
UpdateJobExecution log entry
The AWS IoT Jobs service generates a log entry with an eventType of
UpdateJobExecution when the service receives a request to update a job
execution.
UpdateJobExecution log entry example
{ "timestamp": "2017-08-10 19:25:14.758", "logLevel": "DEBUG", "accountId": "123456789012", "status": "Success", "eventType": "UpdateJobExecution", "protocol": "MQTT", "clientId": "thingOne", "jobId": "002", "topicName": "$aws/things/thingOne/jobs/002/update", "clientToken": "myClientToken", "versionNumber": "1", "details": "The destination status is IN_PROGRESS. The request status is SUCCESS." }
In addition to the Common CloudWatch Logs attributes, UpdateJobExecution log entries
contain the following attributes:
- clientId
-
The ID of the client making the request.
- clientToken
-
A unique, case sensitive identifier to ensure the idempotency of the request. For more information, see How to Ensure Idempotency.
- details
-
Other information from the Jobs service.
- jobId
-
The job ID for the job execution.
- protocol
-
The protocol used to make the request. Valid values are
MQTTorHTTP. - topicName
-
The topic used to make the request.
- versionNumber
-
The version of the job execution.
Device provisioning log entries
The AWS IoT Device Provisioning service generates logs for the following events.
GetDeviceCredentials log entry
The AWS IoT Device Provisioning service generates a log entry with an
eventType of GetDeviceCredential when a client calls
GetDeviceCredential.
GetDeviceCredentials log entry example
{ "timestamp" : "2019-02-20 20:31:22.932", "logLevel" : "INFO", "traceId" : "8d9c016f-6cc7-441e-8909-7ee3d5563405", "accountId" : "123456789101", "status" : "Success", "eventType" : "GetDeviceCredentials", "deviceCertificateId" : "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "details" : "Additional details about this log." }
In addition to the Common CloudWatch Logs attributes, GetDeviceCredentials log
entries contain the following attributes:
- details
-
A brief explanation of the error.
- deviceCertificateId
-
The ID of the device certificate.
ProvisionDevice log entry
The AWS IoT Device Provisioning service generates a log entry with an
eventType of ProvisionDevice when a client calls
ProvisionDevice.
ProvisionDevice log entry example
{ "timestamp" : "2019-02-20 20:31:22.932", "logLevel" : "INFO", "traceId" : "8d9c016f-6cc7-441e-8909-7ee3d5563405", "accountId" : "123456789101", "status" : "Success", "eventType" : "ProvisionDevice", "provisioningTemplateName" : "myTemplate", "deviceCertificateId" : "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "details" : "Additional details about this log." }
In addition to the Common CloudWatch Logs attributes, ProvisionDevice log entries
contain the following attributes:
- details
-
A brief explanation of the error.
- deviceCertificateId
-
The ID of the device certificate.
- provisioningTemplateName
-
The name of the provisioning template.
Dynamic thing group log entries
AWS IoT Dynamic Thing Groups generate logs for the following event.
AddThingToDynamicThingGroupsFailed log entry
When AWS IoT was not able to add a thing to the specified dynamic groups, it generates
a log entry with an eventType of
AddThingToDynamicThingGroupsFailed. This happens when a thing met the
criteria to be in the dynamic thing group; however, it could not be added to the dynamic
group or it was removed from the dynamic group. This can happen because:
-
The thing already belongs to the maximum number of groups.
-
The --override-dynamic-groups option was used to add the thing to a static thing group. It was removed from a dynamic thing group to make that possible.
For more information, see Dynamic Thing Group Limitations and Conflicts.
AddThingToDynamicThingGroupsFailed log entry example
This example shows the log entry of an
AddThingToDynamicThingGroupsFailed error. In this example,
TestThing met the criteria to be in the dynamic thing groups
listed in dynamicThingGroupNames, but could not be added to those dynamic
groups, as described in reason.
{ "timestamp": "2020-03-16 22:24:43.804", "logLevel": "ERROR", "traceId": "70b1f2f5-d95e-f897-9dcc-31e68c3e1a30", "accountId": "57EXAMPLE833", "status": "Failure", "eventType": "AddThingToDynamicThingGroupsFailed", "thingName": "TestThing", "dynamicThingGroupNames": [ "DynamicThingGroup11", "DynamicThingGroup12", "DynamicThingGroup13", "DynamicThingGroup14" ], "reason": "The thing failed to be added to the given dynamic thing group(s) because the thing already belongs to the maximum allowed number of groups." }
In addition to the Common CloudWatch Logs attributes,
AddThingToDynamicThingGroupsFailed log entries contain the following
attributes:
- dynamicThingGroupNames
-
An array of the dynamic thing groups to which the thing could not be added.
- reason
-
The reason why the thing could not be added to the dynamic thing groups.
- thingName
-
The name of the thing that could not be added to a dynamic thing group.
Fleet indexing log entries
AWS IoT fleet indexing generates log entries for the following events.
NamedShadowCountForDynamicGroupQueryLimitExceeded log entry
A maximum of 25 named shadows per thing are processed for query terms that are not
data source specific in dynamic groups. When this limit is breached for a thing, the
NamedShadowCountForDynamicGroupQueryLimitExceeded event type will be
emitted.
NamedShadowCountForDynamicGroupQueryLimitExceeded log entry example
This example shows the log entry of a
NamedShadowCountForDynamicGroupQueryLimitExceeded error. In this
example, all-values based DynamicGroup results can be inaccurate, as
described in the reason field.
{ "timestamp": "2020-03-16 22:24:43.804", "logLevel": "ERROR", "traceId": "70b1f2f5-d95e-f897-9dcc-31e68c3e1a30", "accountId": "571032923833", "status": "Failure", "eventType": "NamedShadowCountForDynamicGroupQueryLimitExceeded", "thingName": "TestThing", "reason": "A maximum of 25 named shadows per thing are processed for non-data source specific query terms in dynamic groups." }
Common CloudWatch Logs attributes
All CloudWatch Logs log entries include these attributes:
- accountId
-
Your AWS account ID.
- eventType
-
The event type for which the log was generated. The value of the event type depends on the event that generated the log entry. Each log entry description includes the value of
eventTypefor that log entry. - logLevel
-
The log level being used. For more information, see Log levels.
- status
-
The status of the request.
- timestamp
-
The human-readable UTC timestamp of when the client connected to the AWS IoT message broker.
- traceId
-
A randomly generated identifier that can be used to correlate all logs for a specific request.
