How to get the “resource name” while using the AWS CloudTrail processing library
up vote
0
down vote
favorite
I am using the AWS CloudTrail processing library to pull Cloudtrail logs from AWS. In the screenshot image of event history below (taken from the CloudTrail web console), the name of the bucket affected by a change is reflected under the column: Resource name . How can I retrieve this same value using the aws-cloudtrail-processing-library. The library returns the name of the bucket where CloudTrail saves the log files and not the affected bucket (highlighted). Also, even after downloading the logs from the bucket, I do not see this information.
Here is the snippet of my processing class:
public class AuditorCloudTrail {
public static void main(String args) throws InterruptedException {
final Log logger = LogFactory.getLog(AuditorCloudTrail.class);
final AWSCloudTrailProcessingExecutor executor = new AWSCloudTrailProcessingExecutor.Builder(
new AuditorEventsProcessor(), new AuditorCloudTrailConfig()).withSourceFilter(new AuditorSourceFilter())
.withProgressReporter(new AuditorProgressReporter()).withEventFilter(new AuditorEventsFilter())
.withExceptionHandler(new AuditorExceptionHandler()).build();
executor.start();
// add shut down hook to gracefully stop executor (optional)
Runtime.getRuntime().addShutdownHook(new Thread() {
public void run() {
logger.info("Shut Down Hook is called.");
executor.stop();
}
});
// register a Default Uncaught Exception Handler (optional)
Thread.setDefaultUncaughtExceptionHandler(new Thread.UncaughtExceptionHandler() {
@Override
public void uncaughtException(Thread t, Throwable e) {
// Two options here:
// First, we can call System.exit(1); in such case shut down hook will be
// called.
// Second, we can optionally restart another executor and start.
final AWSCloudTrailProcessingExecutor executor = new AWSCloudTrailProcessingExecutor.Builder(
new AuditorEventsProcessor(), new AuditorCloudTrailConfig()).withSourceFilter(new AuditorSourceFilter())
.withEventFilter(new AuditorEventsFilter())
.withProgressReporter(new AuditorProgressReporter())
.withExceptionHandler(new AuditorExceptionHandler()).build();
executor.start();
}
});
// can optionally limit running time, or remove both lines so it is running
// forever. (optional)
Thread.sleep(24 * 60 * 60 * 1000);
executor.stop();
}
and the method that filters events:
public boolean filterEvent(CloudTrailEvent event) throws CallbackException {
CloudTrailEventData eventData = event.getEventData();
String eventSource = eventData.getEventSource();
try {
saveEvent(eventData);
} catch (InterruptedException e) {
e.printStackTrace();
}
return (eventSource.equals(IAM_EVENTS) ||
eventSource.equals(S3_EVENTS));
}
java amazon-web-services aws-sdk amazon-cloudtrail
asked Nov 9 at 16:47
SyCode
136316
add a comment |
up vote
0
down vote
favorite
I am using the AWS CloudTrail processing library to pull Cloudtrail logs from AWS. In the screenshot image of event history below (taken from the CloudTrail web console), the name of the bucket affected by a change is reflected under the column: Resource name . How can I retrieve this same value using the aws-cloudtrail-processing-library. The library returns the name of the bucket where CloudTrail saves the log files and not the affected bucket (highlighted). Also, even after downloading the logs from the bucket, I do not see this information.
Here is the snippet of my processing class:
public class AuditorCloudTrail {
public static void main(String args) throws InterruptedException {
final Log logger = LogFactory.getLog(AuditorCloudTrail.class);
final AWSCloudTrailProcessingExecutor executor = new AWSCloudTrailProcessingExecutor.Builder(
new AuditorEventsProcessor(), new AuditorCloudTrailConfig()).withSourceFilter(new AuditorSourceFilter())
.withProgressReporter(new AuditorProgressReporter()).withEventFilter(new AuditorEventsFilter())
.withExceptionHandler(new AuditorExceptionHandler()).build();
executor.start();
// add shut down hook to gracefully stop executor (optional)
Runtime.getRuntime().addShutdownHook(new Thread() {
public void run() {
logger.info("Shut Down Hook is called.");
executor.stop();
}
});
// register a Default Uncaught Exception Handler (optional)
Thread.setDefaultUncaughtExceptionHandler(new Thread.UncaughtExceptionHandler() {
@Override
public void uncaughtException(Thread t, Throwable e) {
// Two options here:
// First, we can call System.exit(1); in such case shut down hook will be
// called.
// Second, we can optionally restart another executor and start.
final AWSCloudTrailProcessingExecutor executor = new AWSCloudTrailProcessingExecutor.Builder(
new AuditorEventsProcessor(), new AuditorCloudTrailConfig()).withSourceFilter(new AuditorSourceFilter())
.withEventFilter(new AuditorEventsFilter())
.withProgressReporter(new AuditorProgressReporter())
.withExceptionHandler(new AuditorExceptionHandler()).build();
executor.start();
}
});
// can optionally limit running time, or remove both lines so it is running
// forever. (optional)
Thread.sleep(24 * 60 * 60 * 1000);
executor.stop();
}
and the method that filters events:
public boolean filterEvent(CloudTrailEvent event) throws CallbackException {
CloudTrailEventData eventData = event.getEventData();
String eventSource = eventData.getEventSource();
try {
saveEvent(eventData);
} catch (InterruptedException e) {
e.printStackTrace();
}
return (eventSource.equals(IAM_EVENTS) ||
eventSource.equals(S3_EVENTS));
}
java amazon-web-services aws-sdk amazon-cloudtrail
asked Nov 9 at 16:47
SyCode
136316
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I am using the AWS CloudTrail processing library to pull Cloudtrail logs from AWS. In the screenshot image of event history below (taken from the CloudTrail web console), the name of the bucket affected by a change is reflected under the column: Resource name . How can I retrieve this same value using the aws-cloudtrail-processing-library. The library returns the name of the bucket where CloudTrail saves the log files and not the affected bucket (highlighted). Also, even after downloading the logs from the bucket, I do not see this information.
Here is the snippet of my processing class:
public class AuditorCloudTrail {
public static void main(String args) throws InterruptedException {
final Log logger = LogFactory.getLog(AuditorCloudTrail.class);
final AWSCloudTrailProcessingExecutor executor = new AWSCloudTrailProcessingExecutor.Builder(
new AuditorEventsProcessor(), new AuditorCloudTrailConfig()).withSourceFilter(new AuditorSourceFilter())
.withProgressReporter(new AuditorProgressReporter()).withEventFilter(new AuditorEventsFilter())
.withExceptionHandler(new AuditorExceptionHandler()).build();
executor.start();
// add shut down hook to gracefully stop executor (optional)
Runtime.getRuntime().addShutdownHook(new Thread() {
public void run() {
logger.info("Shut Down Hook is called.");
executor.stop();
}
});
// register a Default Uncaught Exception Handler (optional)
Thread.setDefaultUncaughtExceptionHandler(new Thread.UncaughtExceptionHandler() {
@Override
public void uncaughtException(Thread t, Throwable e) {
// Two options here:
// First, we can call System.exit(1); in such case shut down hook will be
// called.
// Second, we can optionally restart another executor and start.
final AWSCloudTrailProcessingExecutor executor = new AWSCloudTrailProcessingExecutor.Builder(
new AuditorEventsProcessor(), new AuditorCloudTrailConfig()).withSourceFilter(new AuditorSourceFilter())
.withEventFilter(new AuditorEventsFilter())
.withProgressReporter(new AuditorProgressReporter())
.withExceptionHandler(new AuditorExceptionHandler()).build();
executor.start();
}
});
// can optionally limit running time, or remove both lines so it is running
// forever. (optional)
Thread.sleep(24 * 60 * 60 * 1000);
executor.stop();
}
and the method that filters events:
public boolean filterEvent(CloudTrailEvent event) throws CallbackException {
CloudTrailEventData eventData = event.getEventData();
String eventSource = eventData.getEventSource();
try {
saveEvent(eventData);
} catch (InterruptedException e) {
e.printStackTrace();
}
return (eventSource.equals(IAM_EVENTS) ||
eventSource.equals(S3_EVENTS));
}
java amazon-web-services aws-sdk amazon-cloudtrail
asked Nov 9 at 16:47
SyCode
136316
I am using the AWS CloudTrail processing library to pull Cloudtrail logs from AWS. In the screenshot image of event history below (taken from the CloudTrail web console), the name of the bucket affected by a change is reflected under the column: Resource name . How can I retrieve this same value using the aws-cloudtrail-processing-library. The library returns the name of the bucket where CloudTrail saves the log files and not the affected bucket (highlighted). Also, even after downloading the logs from the bucket, I do not see this information.
Here is the snippet of my processing class:
public class AuditorCloudTrail {
public static void main(String args) throws InterruptedException {
final Log logger = LogFactory.getLog(AuditorCloudTrail.class);
final AWSCloudTrailProcessingExecutor executor = new AWSCloudTrailProcessingExecutor.Builder(
new AuditorEventsProcessor(), new AuditorCloudTrailConfig()).withSourceFilter(new AuditorSourceFilter())
.withProgressReporter(new AuditorProgressReporter()).withEventFilter(new AuditorEventsFilter())
.withExceptionHandler(new AuditorExceptionHandler()).build();
executor.start();
// add shut down hook to gracefully stop executor (optional)
Runtime.getRuntime().addShutdownHook(new Thread() {
public void run() {
logger.info("Shut Down Hook is called.");
executor.stop();
}
});
// register a Default Uncaught Exception Handler (optional)
Thread.setDefaultUncaughtExceptionHandler(new Thread.UncaughtExceptionHandler() {
@Override
public void uncaughtException(Thread t, Throwable e) {
// Two options here:
// First, we can call System.exit(1); in such case shut down hook will be
// called.
// Second, we can optionally restart another executor and start.
final AWSCloudTrailProcessingExecutor executor = new AWSCloudTrailProcessingExecutor.Builder(
new AuditorEventsProcessor(), new AuditorCloudTrailConfig()).withSourceFilter(new AuditorSourceFilter())
.withEventFilter(new AuditorEventsFilter())
.withProgressReporter(new AuditorProgressReporter())
.withExceptionHandler(new AuditorExceptionHandler()).build();
executor.start();
}
});
// can optionally limit running time, or remove both lines so it is running
// forever. (optional)
Thread.sleep(24 * 60 * 60 * 1000);
executor.stop();
}
and the method that filters events:
public boolean filterEvent(CloudTrailEvent event) throws CallbackException {
CloudTrailEventData eventData = event.getEventData();
String eventSource = eventData.getEventSource();
try {
saveEvent(eventData);
} catch (InterruptedException e) {
e.printStackTrace();
}
return (eventSource.equals(IAM_EVENTS) ||
eventSource.equals(S3_EVENTS));
}
java amazon-web-services aws-sdk amazon-cloudtrail
java amazon-web-services aws-sdk amazon-cloudtrail
asked Nov 9 at 16:47
SyCode
136316
asked Nov 9 at 16:47
SyCode
136316
edited Nov 9 at 16:52
asked Nov 9 at 16:47
SyCode
136316
asked Nov 9 at 16:47
SyCode
136316
asked Nov 9 at 16:47
SyCode
136316
136316
add a comment |
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53230009%2fhow-to-get-the-resource-name-while-using-the-aws-cloudtrail-processing-library%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
