CloudWatch 日志条目示例 - AWS Transfer Family
传输会话日志条目示例SFTP 连接器的日志条目示例密钥交换算法失败的日志条目示例

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

CloudWatch 日志条目示例

本主题介绍示例日志条目。

传输会话日志条目示例

在此示例中,SFTP 用户连接到 Transfer Family 服务器,上传文件,然后断开与会话的连接。

以下日志条目反映了连接到 Transfer Family 服务器的 SFTP 用户。

{
   "role": "arn:aws:iam::500655546075:role/scooter-transfer-s3",
   "activity-type": "CONNECTED",
   "ciphers": "chacha20-poly1305@openssh.com,chacha20-poly1305@openssh.com",
   "client": "SSH-2.0-OpenSSH_7.4",
   "source-ip": "52.94.133.133",
   "resource-arn": "arn:aws:transfer:us-east-1:500655546075:server/s-3fe215d89f074ed2a",
   "home-dir": "/scooter-test/log-me",
   "user": "log-me",
   "kex": "ecdh-sha2-nistp256",
   "session-id": "9ca9a0e1cec6ad9d"
}

以下日志条目反映了 SFTP 用户将文件上传到其 Amazon S3 存储桶的情况。

{
   "mode": "CREATE|TRUNCATE|WRITE",
   "path": "/scooter-test/log-me/config-file",
   "activity-type": "OPEN",
   "resource-arn": "arn:aws:transfer:us-east-1:500655546075:server/s-3fe215d89f074ed2a",
   "session-id": "9ca9a0e1cec6ad9d"
}

以下日志条目反映了 SFTP 用户与其 SFTP 会话断开连接的情况。首先,客户端关闭与存储桶的连接,然后断开 SFTP 会话。

{
   "path": "/scooter-test/log-me/config-file",
   "activity-type": "CLOSE",
   "resource-arn": "arn:aws:transfer:us-east-1:500655546075:server/s-3fe215d89f074ed2a",
   "bytes-in": "121",
   "session-id": "9ca9a0e1cec6ad9d"
}

{
   "activity-type": "DISCONNECTED",
   "resource-arn": "arn:aws:transfer:us-east-1:500655546075:server/s-3fe215d89f074ed2a",
   "session-id": "9ca9a0e1cec6ad9d"
}

SFTP 连接器的日志条目示例

本节包含成功和不成功传输的示例日志。日志生成到名为的日志组/aws/transfer/connector-id,其中 c onnector-id 是您的 SFTP 连接器的标识符。

注意

只有在执行StartFileTransfer命令时才会生成 SFTP 连接器的日志条目。

此日志条目适用于成功完成的传输。

{
    "operation": "RETRIEVE",
    "timestamp": "2023-10-25T16:33:27.373720Z",
    "connector-id": "connector-id",
    "transfer-id": "transfer-id",
    "file-transfer-id": "transfer-id/file-transfer-id",
    "url": "sftp://192.0.2.0",
    "file-path": "/remotebucket/remotefilepath",
    "status-code": "COMPLETED",
    "start-time": "2023-10-25T16:33:26.945481Z",
    "end-time": "2023-10-25T16:33:27.159823Z",
    "account-id": "480351544584",
    "connector-arn": "arn:aws:transfer:us-east-1:480351544584:connector/connector-id",
    "local-directory-path": "/connectors-localbucket"
    "bytes": 514
}

此日志条目适用于超时但未成功完成的传输。

{
    "operation": "RETRIEVE",
    "timestamp": "2023-10-25T22:33:47.625703Z",
    "connector-id": "connector-id",
    "transfer-id": "transfer-id",
    "file-transfer-id": "transfer-id/file-transfer-id",
    "url": "sftp://192.0.2.0",
    "file-path": "/remotebucket/remotefilepath",
    "status-code": "FAILED",
    "failure-code": "TIMEOUT_ERROR",
    "failure-message": "Transfer request timeout.",
    "account-id": "480351544584",
    "connector-arn": "arn:aws:transfer:us-east-1:480351544584:connector/connector-id",
    "local-directory-path": "/connectors-localbucket"
}

此日志条目用于成功执行的 SEND 操作。

{
    "operation": "SEND",
    "timestamp": "2024-04-24T18:16:12.513207284Z",
    "connector-id": "connector-id",
    "transfer-id": "transfer-id",
    "file-transfer-id": "transfer-id/file-transfer-id",
    "url": "sftp://server-id.server.transfer.us-east-1.amazonaws.com",
    "file-path": "/DOC-EXAMPLE-BUCKET/my-test-folder/connector-metrics-us-east-1-2024-01-02.csv",
    "status-code": "COMPLETED",
    "start-time": "2024-04-24T18:16:12.295235884Z",
    "end-time": "2024-04-24T18:16:12.461840732Z",
    "account-id": "255443218509",
    "connector-arn": "arn:aws:transfer:us-east-1:255443218509:connector/connector-id",
    "bytes": 275
}

前面日志示例中一些关键字段的描述。

  • timestamp表示何时将日志添加到 CloudWatch。 start-timeend-time对应于连接器实际开始和完成传输的时间。

  • transfer-id是为每个start-file-transfer请求分配的唯一标识符。如果用户在单个 start-file-transfer API 调用中传递多个文件路径,则所有文件共享相同的路径transfer-id

  • file-transfer-id是为每个传输的文件生成的唯一值。请注意,的初始file-transfer-id部分与相同transfer-id

密钥交换算法失败的日志条目示例

本节包含密钥交换算法 (KEX) 失败的示例日志。这些是结构化日志的 ER RO RS 日志流中的示例。

此日志条目是存在主机密钥类型错误的示例。

{
    "activity-type": "KEX_FAILURE",
    "source-ip": "999.999.999.999",
    "resource-arn": "arn:aws:transfer:us-east-1:999999999999:server/s-999999999999999999",
    "message": "no matching host key type found",
    "kex": "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss"
}

此日志条目是 KEX 不匹配的示例。

{
    "activity-type": "KEX_FAILURE",
    "source-ip": "999.999.999.999",
    "resource-arn": "arn:aws:transfer:us-east-1:999999999999:server/s-999999999999999999",
    "message": "no matching key exchange method found",
    "kex": "diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256"
}