在使用AWS CloudTrail处理库时如何获取“资源名称”

时间:2018-11-09 16:47:52

标签: java amazon-web-services aws-sdk amazon-cloudtrail

我正在使用AWS CloudTrail processing library从AWS提取Cloudtrail日志。在下面的事件历史记录的屏幕快照图像(来自CloudTrail Web控制台)中,受更改影响的存储桶的名称反映在列Resource name下。如何使用aws-cloudtrail-processing-library检索相同的值。该库返回CloudTrail在其中存储日志文件的存储桶的名称,而不是受影响的存储桶(突出显示)。另外,即使从存储桶下载日志后,我也看不到此信息。

enter image description here

这是我的加工课的摘要:

public class AuditorCloudTrail {


public static void main(String[] args) throws InterruptedException {
    final Log logger = LogFactory.getLog(AuditorCloudTrail.class);



    final AWSCloudTrailProcessingExecutor executor = new AWSCloudTrailProcessingExecutor.Builder(
            new AuditorEventsProcessor(), new AuditorCloudTrailConfig()).withSourceFilter(new AuditorSourceFilter())
                    .withProgressReporter(new AuditorProgressReporter()).withEventFilter(new AuditorEventsFilter())
                    .withExceptionHandler(new AuditorExceptionHandler()).build();
    executor.start();

    // add shut down hook to gracefully stop executor (optional)
    Runtime.getRuntime().addShutdownHook(new Thread() {
        public void run() {
            logger.info("Shut Down Hook is called.");
            executor.stop();
        }
    });

    // register a Default Uncaught Exception Handler (optional)
    Thread.setDefaultUncaughtExceptionHandler(new Thread.UncaughtExceptionHandler() {
        @Override
        public void uncaughtException(Thread t, Throwable e) {

            // Two options here:
            // First, we can call System.exit(1); in such case shut down hook will be
            // called.
            // Second, we can optionally restart another executor and start.
            final AWSCloudTrailProcessingExecutor executor = new AWSCloudTrailProcessingExecutor.Builder(
                    new AuditorEventsProcessor(), new AuditorCloudTrailConfig()).withSourceFilter(new AuditorSourceFilter())
                            .withEventFilter(new AuditorEventsFilter())
                            .withProgressReporter(new AuditorProgressReporter())
                            .withExceptionHandler(new AuditorExceptionHandler()).build();
            executor.start();

        }
    });

    // can optionally limit running time, or remove both lines so it is running
    // forever. (optional)
    Thread.sleep(24 * 60 * 60 * 1000);
    executor.stop();
}

以及事件过滤方法: 

   public boolean filterEvent(CloudTrailEvent event) throws CallbackException {
    CloudTrailEventData eventData = event.getEventData();    

    String eventSource = eventData.getEventSource();    

    try {
        saveEvent(eventData);
    } catch (InterruptedException e) {
        e.printStackTrace();
    }

    return (eventSource.equals(IAM_EVENTS) || 
   eventSource.equals(S3_EVENTS));
}

1 个答案:

答案 0 :(得分:0)

我在AWS Cloudtrail processing engine的GitHub issue上以repository的身份打开了这个问题。我收到的答复是,当前使用处理引擎不支持此功能。因此,解决方法是使用Logstash(需要cloudtrail plugin安装)将cloudtrail日志从预先配置的AWS s3存储桶中提取到mongodb服务器中,如{ {3}},从那里可以使用正常处理来提取所需的事件,包括所涉及的resources

相关问题
最新问题