Recent Searches

    Popular Articles

    Articles
    View all
      Topics
      View all
        Tickets
        View all
          no results

          Sorry! nothing found for

          Accessing Archived Logs

          App container and SSH access logs are permanently stored in S3. Logs are streamed in near real-time to the archive, to minimize loss of data in the unlikely event of an unrecoverable machine scenario. The flip-side is that reviewing archived logs requires a bit more effort.

          Note: create a help desk ticket to obtain the name of your log bucket and server identifiers.

          Browsing Collected Logs

          To browse by date, use the AWS CLI to start at the log type you are trying to view:

          # SSH Logs
aws s3 ls s3://LOG-BUCKET/SERVER/ssh/

# App or DB Logs
aws s3 ls s3://LOG-BUCKET/SERVER/containers/

          The above will return the years collected by the system. To drill down into specific months and date, just append the next segment, followed by a slash. For example:

          # SSH logs - browse months
aws s3 ls s3://LOG-BUCKET/SERVER/ssh/2022/

# SSH Logs - browse days
aws s3 ls s3://LOG-BUCKET/SERVER/ssh/2022/09/

# SSH Logs - browse list of logs for a specific day
aws s3 ls s3://LOG-BUCKET/SERVER/ssh/2022/09/30/

# App or DB Logs - browse months
aws s3 ls s3://LOG-BUCKET/SERVER/containers/2022/

# App or DB Logs - browse days
aws s3 ls s3://LOG-BUCKET/SERVER/containers/2022/09/

# App or DB Logs - browse list of logs for a specific day
aws s3 ls s3://LOG-BUCKET/SERVER/containers/2022/09/30/

          Retrieving Archived Logs

          First, create a directory where you want to download logs to:

          mkdir fetched_logs; cd fetched_logs

          Next, download an entire day of logs like this:

          aws s3 cp s3://LOG-BUCKET/SERVER/containers/2022/09/30/ . --recursive

          You should see a very rapid download of multiple logs.

          Viewing Log Contents

          Linux provides several nifty commands that enable you to browse and search compressed files.

          To view all of the downloaded logs using a paginated view:

          zmore *

          To search for a specific string:

          zgrep 'my search' *

          If you'd like to combine all of the logs into one uncompressed file (named "all_logs") so that you can use other tools to analyze the data, do:

          zcat * > all_logs

          Extracting Useful Data

          The awk utility can be used to pull out interesting data, followed by other commands to summarize it. For example, the following command can be used to extract all of the IP addresses from a consolidated Nginx log file:

          awk '{print $1}' all_logs | sort | uniq

          More examples

          Cleaning Up

          Remove the downloaded logs to conserve storage space on your servers:

          rm -fr fetched_logs
          Preview
          0 of 0