在一处查看AWS ALB访问日志 [英] View AWS ALB access logs in one place

问题描述

我已经为我的AWS ALB配置了访问日志记录.间隔将这些日志转储到S3存储桶中.

I have access logging configured for my AWS ALB. It dumps these logs into an S3 bucket on an interval.

要查看它们，您必须下载然后解压缩文件并浏览文本.

To view them you have to download then unzip the file and look through the text.

我想在一个地方查看ALB HTTP请求的列表，而不必执行上述过程.

I'd like to see a list of the ALB HTTP requests in one place without having to go through the process mentioned above.

AWS是否提供类似的服务?

Does AWS offer anything like this?

推荐答案

AWS Application Load Balancer将日志文件保存到Amazon S3中.

The AWS Application Load Balancer saves log files into Amazon S3.

Amazon Athena 查询S3中保存的文件.重要的部分是了解文件格式.

Amazon Athena can then be used to query the files saved in S3. The important part is knowing the file format.

请参阅这篇出色的文章: Athena& ALB日志分析

See this excellent article: Athena & ALB Log Analysis

他们使用此查询创建表:

They use this query to create the table:

CREATE EXTERNAL TABLE IF NOT EXISTS logs.web_alb (
  type string,
  time string,
  elb string,
  client_ip string,
  client_port string,
  target string,
  request_processing_time int,
  target_processing_time int,
  response_processing_time int,
  elb_status_code int,
  target_status_code string,
  received_bytes int,
  sent_bytes int,
  request_verb string,
  request_url string,
  request_proto string,
  user_agent string,
  ssl_cipher string,
  ssl_protocol string,
  target_group_arn string,
  trace_id string
)
PARTITIONED BY(year string, month string, day string) 
ROW FORMAT SERDE 'org.apache.hadoop.hive.serde2.RegexSerDe'
WITH SERDEPROPERTIES (
  'serialization.format' = '1',
  'input.regex' = '([^ ]*) ([^ ]*) ([^ ]*) ([^ ]*):([0-9]*) ([^ ]*) ([-0-9]*) ([-0-9]*) ([-0-9]*) ([-0-9]*) ([^ ]*) ([-0-9]*) ([-0-9]*) \"([^ ]*) ([^ ]*) ([^ ]*)\" \"([^\"]*)\" ([^ ]*) ([^ ]*) ([^ ]*) ([^ ]*)'
) LOCATION 's3://{{BUCKET}}/AWSLogs/{{ACCOUNT}}/elasticloadbalancing/us-east-1/';

这篇关于在一处查看AWS ALB访问日志的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！