本文為英文版的機器翻譯版本，如內容有任何歧義或不一致之處，概以英文版為準。

# Transfer 系列適用的 CloudWatch 日誌結構
<a name="cw-structure-logs"></a>

本主題說明 Transfer Family 日誌中填入的欄位：適用於 JSON 結構化日誌項目和舊版日誌項目。

**Topics**
+ [Transfer Family 的 JSON 結構化日誌](#json-log-entries)
+ [Transfer Family 的舊版日誌](#legacy-log-entries)

## Transfer Family 的 JSON 結構化日誌
<a name="json-log-entries"></a>

下表包含 Transfer Family SFTP/FTP/FTPS 動作的日誌項目欄位詳細資訊，採用新的 JSON 結構化日誌格式。


| 欄位 | Description | 範例項目 | 
| --- |--- |--- |
| activity-type | The action by the user | 可用的活動類型如下：`AUTH_FAILURE`、`CONNECTED`、`DISCONNECTED`、`ERROR``EXIT_REASON`、`CLOSE`、`CREATE_SYMLINK`、`DELETE`、`MKDIR`、、`OPEN``PARTIAL_CLOSE`、`RENAME`、`RMDIR`、、、`SETSTAT`、、`TLS_RESUME_FAILURE`、。 | 
| bytes-in | Number of bytes uploaded by the user | 29238420042 | 
| bytes-out | Number of bytes downloaded by the user | 23094032490328 | 
| ciphers | Specifies the SSH cipher negotiated for the connection (available ciphers are listed in [密碼編譯演算法](security-policies.md#cryptographic-algorithms)) | aes256-gcm@openssh.com | 
| client | The user's client software | SSH-2.0-OpenSSH\_7.4 | 
| home-dir | The directory that the end user lands on when they connect to the endpoint if their home directory type is PATH: if they have a logical home directory, this value is always / | /user-home-bucket/test | 
| kex | Specifies the negotiated SSH key exchange (KEX) for the connection (available KEX are listed in [密碼編譯演算法](security-policies.md#cryptographic-algorithms)) | diffie-hellman-group14-sha256 | 
| message | Provides more information related to the error | {{<字串>}} | 
| method | The authentication method | publickey | 
| mode | Specifies how a client opens a file | CREATE \| TRUNCATE \| WRITE | 
| operation | The client operation on a file | OPEN \| CLOSE | 
| path | Actual file path affected | /amzn-s3-demo-bucket/test-file-1.pdf  | 
| ssh-public-key | The public key body for the user that is connecting | AAAAC3NzaC1lZDI1NTE5AAAAIA9OY0qV6XYVHaaOiWAcj2spDJVbgjrqDPY4pxd6GnHl | 
| ssh-public-key-fingerprint | 列出使用者金鑰時，服務受管使用者在主控台中顯示的公有金鑰指紋。 在 主控台中，指紋會以填補字元 （如果有的話） 顯示：從 0 到 3 等號 (=) 的結尾。在日誌項目中，此填補會從輸出中分割。  | SHA256:BY3gNMHwTfjd4n2VuT4pTyLOk82zWZj4KEYEu7y4r/0 | 
| ssh-public-key-type | Type of public key: Transfer Family supports RSA-, ECDSA-, and ED25519-formatted keys | ssh-ed25519 | 
| resource-arn | A system-assigned, unique identifier for a specific resource (for example, a server) | arn：aws：transfer：ap-northeast-1：12346789012：server/s-1234567890akeu2js2 | 
| role | The IAM role of the user | arn：aws：iam：：0293883675：role/testuser-role | 
| session-id | A system-assigned, unique identifier for a single session | 9ca9a0e1cec6ad9d | 
| source-ip | Client IP address | 18.323.0.129 | 
| user | The end user's username | myname192 | 
| user-policy | The permissions specified for the end user: this field is populated if the user's policy is a session policy. | The JSON code for the session policy that is being used | 

## Transfer Family 的舊版日誌
<a name="legacy-log-entries"></a>

下表包含各種 Transfer Family 動作的日誌項目詳細資訊。

**注意**  
 這些項目不是新的 JSON 結構化日誌格式。

下表包含各種 Transfer Family 動作的日誌項目詳細資訊，採用新的 JSON 結構化日誌格式。




| Action | Amazon CloudWatch Logs 中的對應日誌 | 
| --- | --- | 
| 身分驗證失敗 | ERRORS AUTH\_FAILURE Method=publickey User=lhr Message="RSA SHA256：Lfz3R2nmLY4raK\+b7Rb1rSvUIbAE\+a\+Hxg0c7l1JIZ0" SourceIP=3.8.172.211  | 
| COPY/TAG/DELETE/DECRYPT 工作流程 | {"type"："StepStarted"，"details"：{"input"：{"fileLocation"：{"backingStore"："EFS"，"filesystemId"："fs-12345678"，"path"："/lhr/regex.py"}}，"stepType"："TAG"，"stepName"："successful\_tag\_step"}，"workflowId"："w-1111aaaaa2222bb3"，"executionId"："81234abcd-1234-efgh-5678-ijklmnopqr90"，"transferDetails"：{serverId"："s-1234abcd557"user"sessionId1234567890 | 
| 自訂步驟工作流程 | {"type"："CustomStepInvoked"，"details"：{"output"：{"token"："MzM4Mjg5YWUtYTEzMy00YjIzLWI3OGMtYzU4OGI2ZjQyMzE5"}，"stepType"："CUSTOM"，"stepName"："efs-s3\_copy\_2"}，"workflowId"："w-9283e49d33297c3f7"，"executionId"："1234abcd-1234-efgh-5678-ijklmnopr90"，"transferDetails：{1"-serverId"："1"1"sessionId1234567890 | 
| 刪除 | lhr.33a8fb495ffb383b DELETE 路徑=/bucket/user/123.jpg | 
| 下載 | lhr.33a8fb495ffb383b OPEN Path=/bucket/user/123.jpg Mode=READ<br />llhr.33a8fb495ffb383b CLOSE 路徑=/bucket/user/123.jpg BytesOut=3618546 | 
| 登入/登出 | user.914984e553bcddb6 CONNECTED SourceIP=1.22.111.222 User=lhr HomeDir=LOGICAL Client=SSH-2.0-OpenSSH\_7.4 Role=arn：aws：：iam：：123456789012：role/sftp-s3-access<br />user.914984e553bcddb6 DISCONNECTED | 
| 重新命名 | lhr.33a8fb495ffb383b RENAME 路徑=/bucket/user/lambo.png NewPath=/bucket/user/ferrari.png  | 
| 工作流程錯誤日誌範例 | {"type"："StepErrored"，"details"：{"errorType"："BAD\_REQUEST"，"errorMessage"："Cannot tag Efs file"，"stepType"："TAG"，"stepName"："successful\_tag\_step"}，"workflowId"："w-1234abcd5678efghi"，"executionId"："81234abcd-1234-efgh-5678-ijklmnopqr90"，"transferDetails"：{"serverId"："s-1234abcd5678efghi"，"username"："l"ldefchr"："1234567890ssessionId  | 
| Symlinks | lhr.eb49cf7b8651e6d5 CREATE\_SYMLINK LinkPath=/fs-12345678/lhr/pqr.jpg TargetPath=abc.jpg  | 
| 上傳 | lhr.33a8fb495ffb383b OPEN Path=/bucket/user/123.jpg Mode=CREATE\|TRUNCATE\|WRITE<br />lhr.33a8fb495ffb383b CLOSE 路徑=/bucket/user/123.jpg BytesIn=3618546 | 
| 工作流程 | {"type"："ExecutionStarted"，"details"：{"input"：{"initialFileLocation"：{"backingStore"："EFS"，"filesystemId"："fs-12345678"，"path"："/lhr/regex.py"}}}，"workflowId"："w-1111aaaa2222bb3"，"executionId"："1234abcd-1234-efgh-5678-ijklmnopqr90"，"transferDetails"：{"serverId"："s-zz-zz111aaa2223"，"username"lhr"，"1234567890sessionId"："<br />{"type"："StepStarted"，"details"：{"input"：{"fileLocation"：{"backingStore"："EFS"，"filesystemId"："fs-12345678"，"path"："/lhr/regex.py"}}，"stepType"："CUSTOM"，"stepName"："efs-s3\_copy\_2"}，"workflowId"："w-9283e49d3297c3f7"，"executionId"："1234abcd-1234-efgh-5678-ijklmnopr90"，"transferDetails"：{"serverId"s-189db45d2"sessionId1234567890 |