File tree 1 file changed +3
-3
lines changed
1 file changed +3
-3
lines changed Original file line number Diff line number Diff line change @@ -18,7 +18,7 @@ Lambda function to stream ec2 loadbalancer access logs and cloudwatch logs to im
1818INSPECTOR_MODE: "log_stream_server"
1919INSPECTOR_LOGSTREAM_LISTEN_ADDR: ":<port>"
2020INSPECTOR_LOGSTREAM_LOG_FILE_NAME: "<log_binding_file_name>" # from step 1
21- INSPECTOR_API_ACCESS_TOKEN: "<access_token>" # setup here https://console.impartsecurity.net/orgs/_/integrations/inspector . Click `New inspector access token`
21+ INSPECTOR_API_ACCESS_TOKEN: "<access_token>" # setup here https://console.impartsecurity.net/orgs/_/settings/tokens#create . Click `New inspector access token`
2222```
2323
24243 . Run the lambda function subscribed either to cloud watch events or elb s3 events.
@@ -33,7 +33,7 @@ INSPECTOR_LOGSTREAM_LISTEN_ADDR: "<inspector_host>:<port>" # from step 2
3333For elb access logs:
3434
3535```
36- %{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE:loadbalancer} %{IP:client_ip}:%{NUMBER:client_port} (?:%{IP:backend_ip}:%{NUMBER:backend_port}|-) %{NUMBER:request_processing_time} %{NUMBER:backend_processing_time} %{NUMBER:response_processing_time} (?:%{NUMBER:response_code}|-) (?:%{NUMBER:backend_status_code}|-) %{NUMBER:received_bytes} %{NUMBER:sent_bytes} "(?:%{WORD:http_method}|-) (?:%{GREEDYDATA:request}|-) (?:HTTP/%{NUMBER:httpversion }|-( )?)" "%{DATA:userAgent }"( %{NOTSPACE:ssl_cipher} %{NOTSPACE:ssl_protocol})?
36+ %{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE:loadbalancer} %{IP:client_ip}:%{NUMBER:client_port} (?:%{IP:backend_ip}:%{NUMBER:backend_port}|-) %{NUMBER:request_processing_time} %{NUMBER:backend_processing_time} %{NUMBER:response_processing_time} (?:%{NUMBER:response_code}|-) (?:%{NUMBER:backend_status_code}|-) %{NUMBER:received_bytes} %{NUMBER:sent_bytes} "(?:%{WORD:http_method}|-) (?:%{GREEDYDATA:request}|-) (?:HTTP/%{NUMBER:http_version }|-( )?)" "%{DATA:user_agent }"( %{NOTSPACE:ssl_cipher} %{NOTSPACE:ssl_protocol})?
3737```
3838
3939For api gateway cloudwatch access logs if the log format set to:
@@ -43,5 +43,5 @@ $context.requestTime "$context.httpMethod $context.path $context.protocol" $cont
4343```
4444
4545```
46- %{HTTPDATE:timestamp} "(?:%{WORD:http_method}|-) (?:%{GREEDYDATA:request}|-) (?:HTTP/%{NUMBER:httpversion }|-( )?)" (?:%{NUMBER:response_code}|-)
46+ %{HTTPDATE:timestamp} "(?:%{WORD:http_method}|-) (?:%{GREEDYDATA:request}|-) (?:HTTP/%{NUMBER:http_version }|-( )?)" (?:%{NUMBER:response_code}|-)
4747```
You can’t perform that action at this time.
0 commit comments