AWS CloudTrail lookupEvents 不适用于 StartTime 和 EndTime 节点 js。获取所有事件而不是按时间过滤事件
AWS CloudTrail lookupEvents not working with StartTime and EndTime Node js. Getting all events and not filtering events by time
我正在尝试通过调用 Nodejs sdk 中提供的 lookupEvents 方法来提取 AWS CloudTrail 查找事件。我的代码如下。我能够提取事件,但从时间开始,而不是从我指定的日期开始。
StartTime和EndTime应该是什么格式。
我尝试了 documentation 中显示的那个。
EndTime: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789,
let params = {
LookupAttributes: [
{
AttributeKey: "EventName",
AttributeValue: event.EventName
},
{
AttributeKey: "EventSource",
AttributeValue: event.EventSource
},
{
AttributeKey: "StartTime",
AttributeValue: "Tue Mar 09 2021 00:00:00 GMT+0000"
},
{
AttributeKey: "EndTime",
AttributeValue: "Tue Mar 11 2021 00:00:00 GMT+0000"
}
]
};
const cloudtrail = new AWS.CloudTrail({ region: event.region });
let data;
let count = 0;
console.log(`params are ${JSON.stringify(params)}`)
try {
do {
console.log(`Before method...`)
data = await cloudtrail.lookupEvents(params).promise();
console.log(`data so far is ${data}`);
if (data) {
console.log(`data retrieved is ${JSON.stringify(data)}`);
count += data.Events.length;
if (data.NextToken) {
params.NextToken = data.NextToken;
}
}
} while (data.NextToken);
console.log(`The count of Events matching criteria are ${count}.`);
} catch (err) {
console.error(`Error is ${err.stack}`);
}
根据 Documentation,StartTime 和 EndTime 不是 LookupAttributes 的一部分,它们只是 LookupAttributes 旁边的常规参数。
这是一个工作示例:
let params = {
LookupAttributes: [
{
AttributeKey: "EventName",
AttributeValue: "CreateLogStream",
},
{
AttributeKey: "EventSource",
AttributeValue: "logs.amazonaws.com",
},
],
StartTime: "2021-03-01T01:03:38.141Z",
EndTime: "2021-03-02T01:03:38.141Z",
};
const cloudtrail = new AWS.CloudTrail({ region: "us-east-1" });
cloudtrail.lookupEvents(params, (err, result) => {
console.log("err", err, "result", result);
});
就像前面回答中提到的 Balu,StartTime 和 EndTime 不是 LookUpAtributes 的一部分。它们将在参数中作为键值对单独提及。
以下是我的 AWS Lambda 代码,它更通用,可以将任何 EventName 和 EventSource 以及区域作为 Lambda 收到的 JSON 输入的一部分。
写代码是为了避免回调
const AWS = require('aws-sdk');
exports.handler = async event => {
console.log(new Date().toUTCString() + "\n");
const today = new Date();
today.setHours(0);
today.setMinutes(0);
today.setSeconds(0);
const utcToday = new Date(Date.UTC(today.getFullYear(), today.getMonth(), today.getDate(), 0, 0, 0, 0));
const yesterday = new Date(today.getTime());
yesterday.setDate(yesterday.getDate() - 1);
const utcYesterday = new Date(Date.UTC(yesterday.getFullYear(), yesterday.getMonth(), yesterday.getDate(), 0, 0, 0, 0));
console.log(`today is ${today.toString()}.`);
console.log(`yesterday is ${yesterday.toString()}.`);
console.log(`utcToday is ${utcToday.toString()}.`);
console.log(`utcYesterday is ${utcYesterday.toString()}.`);
let params = {
LookupAttributes: [
{
AttributeKey: "EventName",
AttributeValue: event.EventName
},
{
AttributeKey: "EventSource",
AttributeValue: event.EventSource
}
],
StartTime: utcYesterday.getTime() / 1000,
EndTime: utcToday.getTime() / 1000
};
const cloudtrail = new AWS.CloudTrail({ region: event.region });
let data;
let count = 0;
console.log(`params are ${JSON.stringify(params)}`)
try {
do {
console.log(`Before method...`)
data = await cloudtrail.lookupEvents(params).promise();
console.log(`data so far is ${data}`);
if (data) {
console.log(`data retrieved is ${JSON.stringify(data)}`);
count += data.Events.length;
if (data.NextToken) {
params.NextToken = data.NextToken;
}
}
} while (data.NextToken);
console.log(`The count of Events matching criteria are ${count}.`);
} catch (err) {
console.error(`Error is ${err.stack}`);
}
}
我正在尝试通过调用 Nodejs sdk 中提供的 lookupEvents 方法来提取 AWS CloudTrail 查找事件。我的代码如下。我能够提取事件,但从时间开始,而不是从我指定的日期开始。
StartTime和EndTime应该是什么格式。
我尝试了 documentation 中显示的那个。
EndTime: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789,
let params = {
LookupAttributes: [
{
AttributeKey: "EventName",
AttributeValue: event.EventName
},
{
AttributeKey: "EventSource",
AttributeValue: event.EventSource
},
{
AttributeKey: "StartTime",
AttributeValue: "Tue Mar 09 2021 00:00:00 GMT+0000"
},
{
AttributeKey: "EndTime",
AttributeValue: "Tue Mar 11 2021 00:00:00 GMT+0000"
}
]
};
const cloudtrail = new AWS.CloudTrail({ region: event.region });
let data;
let count = 0;
console.log(`params are ${JSON.stringify(params)}`)
try {
do {
console.log(`Before method...`)
data = await cloudtrail.lookupEvents(params).promise();
console.log(`data so far is ${data}`);
if (data) {
console.log(`data retrieved is ${JSON.stringify(data)}`);
count += data.Events.length;
if (data.NextToken) {
params.NextToken = data.NextToken;
}
}
} while (data.NextToken);
console.log(`The count of Events matching criteria are ${count}.`);
} catch (err) {
console.error(`Error is ${err.stack}`);
}
根据 Documentation,StartTime 和 EndTime 不是 LookupAttributes 的一部分,它们只是 LookupAttributes 旁边的常规参数。
这是一个工作示例:
let params = {
LookupAttributes: [
{
AttributeKey: "EventName",
AttributeValue: "CreateLogStream",
},
{
AttributeKey: "EventSource",
AttributeValue: "logs.amazonaws.com",
},
],
StartTime: "2021-03-01T01:03:38.141Z",
EndTime: "2021-03-02T01:03:38.141Z",
};
const cloudtrail = new AWS.CloudTrail({ region: "us-east-1" });
cloudtrail.lookupEvents(params, (err, result) => {
console.log("err", err, "result", result);
});
就像前面回答中提到的 Balu,StartTime 和 EndTime 不是 LookUpAtributes 的一部分。它们将在参数中作为键值对单独提及。
以下是我的 AWS Lambda 代码,它更通用,可以将任何 EventName 和 EventSource 以及区域作为 Lambda 收到的 JSON 输入的一部分。
写代码是为了避免回调
const AWS = require('aws-sdk');
exports.handler = async event => {
console.log(new Date().toUTCString() + "\n");
const today = new Date();
today.setHours(0);
today.setMinutes(0);
today.setSeconds(0);
const utcToday = new Date(Date.UTC(today.getFullYear(), today.getMonth(), today.getDate(), 0, 0, 0, 0));
const yesterday = new Date(today.getTime());
yesterday.setDate(yesterday.getDate() - 1);
const utcYesterday = new Date(Date.UTC(yesterday.getFullYear(), yesterday.getMonth(), yesterday.getDate(), 0, 0, 0, 0));
console.log(`today is ${today.toString()}.`);
console.log(`yesterday is ${yesterday.toString()}.`);
console.log(`utcToday is ${utcToday.toString()}.`);
console.log(`utcYesterday is ${utcYesterday.toString()}.`);
let params = {
LookupAttributes: [
{
AttributeKey: "EventName",
AttributeValue: event.EventName
},
{
AttributeKey: "EventSource",
AttributeValue: event.EventSource
}
],
StartTime: utcYesterday.getTime() / 1000,
EndTime: utcToday.getTime() / 1000
};
const cloudtrail = new AWS.CloudTrail({ region: event.region });
let data;
let count = 0;
console.log(`params are ${JSON.stringify(params)}`)
try {
do {
console.log(`Before method...`)
data = await cloudtrail.lookupEvents(params).promise();
console.log(`data so far is ${data}`);
if (data) {
console.log(`data retrieved is ${JSON.stringify(data)}`);
count += data.Events.length;
if (data.NextToken) {
params.NextToken = data.NextToken;
}
}
} while (data.NextToken);
console.log(`The count of Events matching criteria are ${count}.`);
} catch (err) {
console.error(`Error is ${err.stack}`);
}
}