Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

My ssm logs are filled with ansi color codes I can't read them

0

I enabled AWS SSM audit logs for terminals , but they are filled with linux terminal ANSII color codes , i can barely see the compands the user are typing , how can i solve this any solution, if i deploy these in prod , in future for auditing how can anyone read any log?? , I tried , tired and am tired now , so here I am with a question, that how can i enable/parse a way to read this logs

samples :

  1. "\u001b[1m\u001b[7m%\u001b[27m\u001b[1m\u001b[0m \u001b[0m\u001b[27m\u001b[24m\u001b[Jubuntu@ip-172-31-20-2 9881 %\u001b[K\u001b[?1h\u001b=\u001b[?2004h\u001b[0m\u001b[27m\u001b[24m\u001b[Jubuntu@ip-172-31-20-2 9881 %\u001b[1m\u001b[31me\u001b[0m\u001b[39m\b\u001b[1m\u001b[31me\u001b[1m\u001b[31mx\u001b[0m\u001b[39m\b\b\u001b[1m\u001b[31me\u001b[1m\u001b[31mx\u001b[1m\u001b[31mc\u001b[0m\u001b[39m\b\u001b[1m\u001b[31mc\u001b[1m\u001b[31mi\u001b[0m\u001b[39m\b\b\u001b[1m\u001b[31mc\u001b[0m\u001b[39m\u001b[0m\u001b[39m \b\b\b\b\u001b[0m\u001b[32me\u001b[0m\u001b[32mx\u001b[39m\u001b[0m\u001b[39m \b\b\b\u001b[1m\u001b[31me\u001b[1m\u001b[31mx\u001b[1m\u001b[31mi\u001b[0m\u001b[39m\b\b\b\u001b[0m\u001b[32me\u001b[0m\u001b[32mx\u001b[0m\u001b[32mi\u001b[32mt\u001b[39m\u001b[?1l\u001b>\u001b[?2004l"
  2. "\u001b[1m\u001b[7m%\u001b[27m\u001b[1m\u001b[0m \u001b]2;ubuntu@ip-172-31-20-2: \u0007\u001b]1;\u0007\u001b[0m\u001b[27m\u001b[24m\u001b[Jubuntu@ip-172-31-20-2 ~ %\u001b[K\u001b[?2004hc\bclear\u001b[?2004l"
  3. \u001b[1m\u001b[7m%\u001b[27m\u001b[1m\u001b[0m \u001b]2;ubuntu@ip-172-31-20-2: \u0007\u001b]1;\u0007\u001b[0m\u001b[27m\u001b[24m\u001b[Jubuntu@ip-172-31-20-2 ~ %\u001b[K\u001b[?2004he\becho "" \b\bm" \b\be" \b\b " \b\bh" \b\be" \b\br" \b\be" \b\b\u001b[?2004l", "\u001b]2;echo "me here"\u0007\u001b]1;echo\u0007me here" ---> this one is just a simple echo , find the text
Topics
Management & Governance
Tags
AWS Systems ManagerSession Management
Language
English
asked a year ago80 views
1 Answer
2

AWS SSM Session Manager records the raw "wire" traffic between the terminal and the instance. Because modern shells (like Zsh or Bash with autocompletion) constantly send control characters for colors, cursor movements, and line redrawing, the raw logs look like "matrix code" instead of actual commands.

1. The Quick Fix: Clean existing logs (CLI) If you need to read the logs now, you can strip the ANSI sequences using sed or a dedicated tool like ansifilter.

Option A: This removes most color codes but might struggle with complex cursor movements (like backspaces).

  • sed -r "s/\x1B\[([0-9]{1,3}(;[0-9]{1,2})?)?[mGK]//g" your_ssm_log.txt

Option B: This is much more robust for audit purposes.

# Install on Ubuntu/Debian
sudo apt-get install ansifilter
ansifilter input_log.txt > clean_audit_log.txt

see also:

Option C: If you are moving to production, you cannot manually clean logs. You need an automated pipeline.

  • Lambda Trigger: Set up an S3 Trigger or CloudWatch Logs Subscription Filter. When a new SSM log is saved, a Lambda function runs ansifilter (or a similar regex library) and saves a "Cleaned" version of the log to a separate "Audit-Ready" bucket/group.
  • Third-Party Tools: There are open-source projects like aws-ssm-session-logger specifically designed to convert these streams into readable text or HTML.

see:

Option D: The reason your logs are so messy is often the user's shell configuration (like OhMyZsh or fancy prompts). You can force a "cleaner" environment for SSM sessions:

  • Go to SSM Console > Session Manager > Preferences.
  • In the Shell Profile, add a command to simplify the terminal:
export TERM=vt100
export PAGER=cat
alias ls='ls --color=never'

see:

This forces the session to use basic formatting, which generates significantly fewer ANSI codes.

EXPERT
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content