Amazon S3
Background
Built in Amazon S3 dashboards and consoles to gain deep-level insights on your Elastic S3 buckets access logs. DBAs, IT Admins, Sys Admins and DevOps – with rich premium visualizations like dashboards, gadgets and consoles XpoLog S3 features.
The application is aimed to run on access logs of the S3 bucket itself, if enabled (click on the logging of the bucket to enable it and see the path where log data will be written to):
Steps
- Add Log Data In XpoLog, When adding a log to XpoLog you can now set a Log Type (logtype). For AWS S3 set the following logtypes:
- AWS
- S3
- access
- The S3 access log usually is placed in a 'logs' directory within the bucket if the logging is enabled. The files name structure: <DATE>-<UNIQUE_ID> - in XpoLog it should be represented as {date,yyyy-MM-dd-HH-mm-ss}-{string}
It is required to configure a S3 account for XpoLog to connect and read the required data from the S3 bucket. - Once all required information is set click next and edit the log pattern, this step is crucial to the accuracy and deployment of the AWS S3 App. Use the following conversion table to build the XpoLog pattern out of the access log format.
Example
The AWS S3 access log format is:
bucket-owner bucket date-time remote-ip requester requester-id operation key request-uri http-status error-code bytes-sent object-size total-time turn-around-time referrer user-agnet version-id
In XpoLog this pattern will be translated into:
{text:Bucket Owner} {text:Bucket,ftype=bucket;,} [{date:Time,dd/MMM/yyyy:HH:mm:ss z}] {geoip:Remote IP,ftype=remoteip;type=;,} {text:Requester} {text:Request ID} {text:Operation} {text:Key} "{choice:Request-Method,ftype=reqmethod;,GET;POST} {text:Request-URI-FULL}{regexp:Request-URI-Subject,ftype=requrl;refName=Request-URI-FULL,[XPLG_PARAM((.*\?[^=]+)|(/[^/]+/[^/]+))].*$} {string:Request-Protocol,ftype=reqprotocol;,}" {number:HTTP status,ftype=respstatus;,} {text:Error Code,ftype=errorcode;,} {number:Bytes Sent,ftype=bytesent;,} {text:Object Size,ftype=objectsize;,} {text:Total Time,ftype=totaltime;,} {text:Turn-Around Time,ftype=turnaroundtime;,} "{string:Referer,ftype=referer;,}" "{string:User Agent,ftype=useragent;,}"{text:Version Id}
for more information see below:
AWS S3 Access Log Format Conversion Table
Field Name | Description | XpoLog Pattern | XpoLog ftype |
---|---|---|---|
Bucket Owner | The canonical user ID of the owner of the source bucket | {text:Bucket Owner} | |
Bucket | The name of the bucket that the request was processed against. If the system receives a malformed request and cannot determine the bucket, the request will not appear in any server access log | {text:Bucket,ftype=bucket;,} | bucket |
Time | The time at which the request was received | [{date:Time,dd/MMM/yyyy:HH:mm:ss z}] | |
Remote IP | The apparent Internet address of the requester. Intermediate proxies and firewalls might obscure the actual address of the machine making the request | {geoip:Remote IP,ftype=remoteip;type=;,} | remoteip |
Requester | The canonical user ID of the requester, or the string "Anonymous" for unauthenticated requests. If the requester was an IAM user, this field will return the requester's IAM user name along with the AWS root account that the IAM user belongs to. This identifier is the same one used for access control purposes | {text:Requester} | |
Request ID | The request ID is a string generated by Amazon S3 to uniquely identify each request | {text:Request ID} | |
Operation | The operation listed here is declared as | {text:Operation} | |
Key | The "key" part of the request, URL encoded, or "-" if the operation does not take a key parameter. | {text:Key} | |
Request Method | HTTP request method name | {choice:Request-Method,ftype=reqmethod;,GET;POST} | reqmethod |
Request-URI-Full | The full Request-URI part of the HTTP request message | {text:Request-URI-FULL} | |
Request-URI-Subject | The subject extracted from the URI (e.g. folder name of the file requested) | {regexp:Request-URI-Subject,ftype=requrl;refName=Request-URI-FULL,[XPLG_PARAM((.*\?[^=]+)|(/[^/]+/[^/]+))].*$} | requrl |
Request Protocol | HTTP protocol used for the request in question | {string:Request-Protocol,ftype=reqprotocol;,} | reqprotocol |
HTTP Status | The numeric HTTP status code of the | {number:HTTP status,ftype=respstatus;,}
| respstatus |
Error Code | The Amazon S3 Error Code, of the | {text:Error Code,ftype=errorcode;,} | errorcode |
Bytes Sent | The number of response bytes sent, excluding HTTP protocol overhead, or "-" if zero | {number:Bytes Sent,ftype=bytesent;,} | bytesent |
Object Size | The total size of the object in question | {text:Object Size,ftype=objectsize;,} | objectsize |
Total Time | The number of milliseconds the request was in flight from the server's perspective. This value is measured from the time your request is received to the time that the last byte of the response is sent. Measurements made from the client's perspective might be longer due to network latency | {text:Total Time,ftype=totaltime;,} | totaltime |
Turn-Around Time | The number of milliseconds that Amazon S3 spent processing your request. This value is measured from the time the last byte of your request was received until the time the first byte of the response was sent | {text:Turn-Around Time,ftype=turnaroundtime;,} | turnaroundtime |
Referrer | The value of the HTTP Referrer header, if present. HTTP user-agents (e.g. browsers) typically set this header to the URL of the linking or embedding page when making a request | {string:Referer,ftype=referer;,} | referer |
User-Agent | The value of the HTTP User-Agent header | {string:User Agent,ftype=useragent;,} | useragent |
Version ID | The version ID of the object being copied or "-" if the x-amz-copy-source header didn’t specify a | {text:Version Id} |