登录到AWS Management Console,然后打开CloudTrail console,点击Get Stared Now按钮,填充表单即可。CloudTail将日志保存在S3中,建议使用新的S3 Buket。Advanced中还有log file prefix,log file validation,Amazon SNS notifications选项。CloudTrail存储多个事件在一个日志文件中,SNS notification每个文件发送一次通知,而不是每个事件。
启用后就可以从CloudTrail console查看日志,增加、更新、删除、停用trail了。
# Create a single-region trail
# The specified S3 bucket must already exist and have the appropriate CloudTrail permissions applied.
$ aws cloudtrail create-trail --name my-trail --s3-bucket-name my-bucket# Create a trail that applies to all regions
$ aws cloudtrail create-trail --name my-trail --s3-bucket-name my-bucket --is-multi-region-trailAfter the create-trail command completes, run the start-logging command to start logging for that trail.When you create a trail with the CloudTrail console or the create-subscription command, logging is turned on automatically.
$ aws cloudtrail start-logging --name my-trail$ aws cloudtrail stop-logging --name my-trail# Converting a multi-region trail to a single-region trail
$ aws cloudtrail update-trail --name my-trail --no-is-multi-region-trail# Enabling log file validation
$ aws cloudtrail update-trail --name my-trail --enable-log-file-validation$ aws cloudtrail get-trail-status --name my-trail$ aws cloudtrail describe-trails$ aws cloudtrail delete-trail --name my-trail删除trail不会删除S3和SNS topic
Creating and Updating a Trail with the CloudTrail Console
Creating and Updating a Trail with the AWS Command Line Interface
AWS学习笔记(五)--启用CloudTrail记录AWS 账户操作日志
原文:http://blog.51cto.com/7308310/2072273