The Correct way to check your Server Access logs from S3 using Athena !!
Hello Tech Maniacs ,
Lets talk about logs today .Well, in this current scenario where every information is so critical and things changes in seconds, we have a ocean full of data. Hence, we all want our logs to be saved today in a proper place everyday, where later you can go and analyse to find out everything going in and out of your bucket . These logs can be a “blessing in disguise” at the time of Severity , when something goes missing from your bucket, when someone adds a wrong file or your storage being hacked and used by some one else.
In order to check in and out of your logs you should enable “server access logging” under the “properties” in your bucket! There you need to define the Target folder where all of your logs will get saved.
Let me share a real life problem with you ! We have a folder in one of our bucket which is saving most of the crucial and important information about our users . One day we found that , some of the objects got deleted from the bucket. To avoid this further and to save the information handy at least we started using versioning , but the issue still persists and every now and then our objects kept on deleting randomly !
Later we started the server access logs and pointed it to a target bucket in the same region. Next day again our objects got deleted by the time we went to check the server logs there are more than 600 logs created for GET,PUT,POST,DELETE. So it was a nightmare to find the actual “DELETE” logs. Then I came across this link and it did the work for us .
https://aws.amazon.com/premiumsupport/knowledge-center/analyze-logs-athena/
ATHENA is the solution to our problem . Use Athena to create a DATABASE from our log-bucket and then you can query the exact thing(DELETE,GET,PUT) whatever you are looking for !
So please go through the link and you will find the correct way to find the exact logs your are looking for . We have used the same way and found out that it is one of the user who has the rights to the bucket which was deleting the objects in our bucket. Use this way and find a solution to your query !
Hope this blog is informational and helped you out a bit !
Dont forget to like and share this, if you really enjoyed reading it .
Stay tuned for more awesome blogs, Cheers !
