Logs
bucketAV stores logs in a centralized location using CloudWatch Logs. You can configure the retention period for logs via the LogsRetentionInDays configuration parameter.
You can find the last logs in the dashboard!
Query logs (#)
For more sophisticated query capabilities:
- Visit the Amazon CloudWatch Console.
- Ensure that you are in the correct region.
- Navigate to Logs Insights.
- Select the bucketAV logs log group (if you followed the docs, the name starts with
bucketav-Logs-
). - Select a date range.
- Enter the following query:
fields @timestamp, @message
| filter @logStream like "/var/log/messages" and @message like "bucketav["
| sort @timestamp desc
- Click Run query.
Learn more about the CloudWatch Logs Insights query syntax or discover the following sample queries.
Get the 100 largest files scanned (#)
fields @timestamp
| filter @logStream like '/var/log/messages' and @message like 'bucketav' and @message like 's3://' and @message like '[download='
| parse 's3://*/* * * [download=*,scan=*,size=*]' as bucket, key, version, msg, download, scan, size
| sort size desc
| limit 100
Get total file size scanned by bucket (#)
fields @timestamp
| filter @logStream like '/var/log/messages' and @message like 'bucketav' and @message like 's3://' and @message like '[download='
| parse 's3://*/* * * [download=*,scan=*,size=*]' as bucket, key, version, msg, download, scan, size
| stats count() as files, sum(size) as total by bucket
Export logs for bucketAV support (#)
Please send us your AWS account ID and region first: hello@bucketav.com. We respond with the S3 bucket name and bucket prefix with your upload token required for exporting logs.
- Visit the Amazon CloudWatch Console.
- Ensure that you are in the correct region.
- Navigate to Log groups.
- Click on the bucketAV logs log group (if you followed the docs, the name starts with
bucketav-Logs-
). - Choose Actions, Export data to Amazon S3.
- Set From and To.
- Select Another account.
- Set S3 bucket name to our S3 bucket (reach out to hello@bucketav.com).
- Set the S3 bucket prefix to your upload token (reach out to hello@bucketav.com).
- Click Export.
Remote access fallback (#)
If no logs show up in CloudWatch Logs, you can connect to one of the bucketAV EC2 instances and run the following commands to get the logs:
sudo -i
grep 'bucketav' /var/log/messages