Example CloudWatch log entries
This topic presents example log entries.
Topics
Example transfer sessions log entries
In this example, an SFTP user connects to a Transfer Family server, uploads a file, then disconnects from the session.
The following log entry reflects an SFTP user connecting to a Transfer Family server.
{ "role": "arn:aws:iam::500655546075:role/transfer-s3", "activity-type": "CONNECTED", "ciphers": "chacha20-poly1305@openssh.com,chacha20-poly1305@openssh.com", "client": "SSH-2.0-OpenSSH_7.4", "source-ip": "52.94.133.133", "resource-arn": "arn:aws:transfer:us-east-1:500655546075:server/s-3fe215d89f074ed2a", "home-dir": "/test/log-me", "user": "log-me", "kex": "ecdh-sha2-nistp256", "session-id": "9ca9a0e1cec6ad9d" }
The following log entry reflects the SFTP user uploading a file into their Amazon S3 bucket.
{ "mode": "CREATE|TRUNCATE|WRITE", "path": "/test/log-me/config-file", "activity-type": "OPEN", "resource-arn": "arn:aws:transfer:us-east-1:500655546075:server/s-3fe215d89f074ed2a", "session-id": "9ca9a0e1cec6ad9d" }
The following log entries reflect the SFTP user disconnecting from their SFTP session. First, the client closes the connection to the bucket, and then the client disconnects the SFTP session.
{ "path": "/test/log-me/config-file", "activity-type": "CLOSE", "resource-arn": "arn:aws:transfer:us-east-1:500655546075:server/s-3fe215d89f074ed2a", "bytes-in": "121", "session-id": "9ca9a0e1cec6ad9d" } { "activity-type": "DISCONNECTED", "resource-arn": "arn:aws:transfer:us-east-1:500655546075:server/s-3fe215d89f074ed2a", "session-id": "9ca9a0e1cec6ad9d" }
Note
The available activity types are as follows:
AUTH_FAILURE, CONNECTED,
DISCONNECTED, ERROR,
EXIT_REASON, CLOSE,
CREATE_SYMLINK, DELETE,
MKDIR, OPEN, PARTIAL_CLOSE,
RENAME, RMDIR, SETSTAT,
TLS_RESUME_FAILURE.
Example log entries for SFTP connectors
This section contains example logs for both a successful and an unsuccessful
transfer. Logs are generated to a log group named
/aws/transfer/,
where connector-idconnector-id is the identifier for your SFTP
connector. Log entries for SFTP connectors are generated when you run either a
StartFileTransfer or StartDirectoryListing command.
This log entry is for a transfer that completed successfully.
{ "operation": "RETRIEVE", "timestamp": "2023-10-25T16:33:27.373720Z", "connector-id": "connector-id", "transfer-id": "transfer-id", "file-transfer-id": "transfer-id/file-transfer-id", "url": "sftp://192.0.2.0", "file-path": "/remotebucket/remotefilepath", "status-code": "COMPLETED", "start-time": "2023-10-25T16:33:26.945481Z", "end-time": "2023-10-25T16:33:27.159823Z", "account-id": "480351544584", "connector-arn": "arn:aws:transfer:us-east-1:480351544584:connector/connector-id", "local-directory-path": "/connectors-localbucket" "bytes": 514 }
This log entry is for a transfer that timed out, and thus was not completed successfully.
{ "operation": "RETRIEVE", "timestamp": "2023-10-25T22:33:47.625703Z", "connector-id": "connector-id", "transfer-id": "transfer-id", "file-transfer-id": "transfer-id/file-transfer-id", "url": "sftp://192.0.2.0", "file-path": "/remotebucket/remotefilepath", "status-code": "FAILED", "failure-code": "TIMEOUT_ERROR", "failure-message": "Transfer request timeout.", "account-id": "480351544584", "connector-arn": "arn:aws:transfer:us-east-1:480351544584:connector/connector-id", "local-directory-path": "/connectors-localbucket" }
This log entry is for a SEND operation that succeeds.
{ "operation": "SEND", "timestamp": "2024-04-24T18:16:12.513207284Z", "connector-id": "connector-id", "transfer-id": "transfer-id", "file-transfer-id": "transfer-id/file-transfer-id", "url": "sftp://server-id.server.transfer.us-east-1.amazonaws.com", "file-path": "/amzn-s3-demo-bucket/my-test-folder/connector-metrics-us-east-1-2024-01-02.csv", "status-code": "COMPLETED", "start-time": "2024-04-24T18:16:12.295235884Z", "end-time": "2024-04-24T18:16:12.461840732Z", "account-id": "255443218509", "connector-arn": "arn:aws:transfer:us-east-1:255443218509:connector/connector-id", "bytes": 275 }
Descriptions for some key fields in the previous log examples.
-
timestamprepresents when the log is added to CloudWatch.start-timeandend-timecorrespond to when the connector actually starts and finishes a transfer. -
transfer-idis a unique identifier that is assigned for eachstart-file-transferrequest. If the user passes multiple file paths in a singlestart-file-transferAPI operation, all the files share the sametransfer-id. -
file-transfer-idis a unique value generated for each file transferred. Note that the initial portion of thefile-transfer-idis the same astransfer-id.
Example log entries for Key exchange algorithm failures
This section contains example logs where the Key exchange algorithm (KEX) failed. These are examples from the ERRORS log stream for structured logs.
This log entry is an example where there is a host key type error.
{ "activity-type": "KEX_FAILURE", "source-ip": "999.999.999.999", "resource-arn": "arn:aws:transfer:us-east-1:999999999999:server/s-999999999999999999", "message": "no matching host key type found", "kex": "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss" }
This log entry is an example where there is a KEX mismatch.
{ "activity-type": "KEX_FAILURE", "source-ip": "999.999.999.999", "resource-arn": "arn:aws:transfer:us-east-1:999999999999:server/s-999999999999999999", "message": "no matching key exchange method found", "kex": "diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256" }
