1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
1
The default setting for CloudTrail is to find only management events. As you mentioned you only have Management events enabled. Check to ensure that you have the data events enabled for your account. With an S3 bucket that is generating a high workload, you could quickly generate thousands of logs in a short amount of time. Be mindful of how long you choose to enable CloudTrail data events for a busy bucket.
You have several options to consume and analyze CloudTrail logs. A couple of options that spring to mind are Athena and CloudWatch. See links below for further info
답변함 2년 전
관련 콘텐츠
- 질문됨 8달 전
AWS 공식업데이트됨 2년 전- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 2년 전
I create a trail to log all S3 read/write events, then using command line: aws s3 cp bucket to local drive, but when i check logstream, all eventcategory is management, no data event. so how to identify those s3 bucket copy activities? is some configuration wrong? why no data event?
Can you double-check that your trail has Data events enabled? From the CLI you can use 'aws cloudtrail get-event-selectors --trail-name <your-trail> --region <your-region>' to check that the eventCategory is 'Data'.