我正在尝试创建一个 Lambda 函数来搜索 cloudwatch 日志中的字符串。如果 10 分钟内该值出现 5 次,请发送电子邮件或 sns。
我不确定错误是否为我指明了正确的方向: 我测试的时候报错: { "errorMessage": "调用 FilterLogEvents 操作时发生错误 (InvalidParameterException):术语 '<'", "errorType": "InvalidParameterException", "stackTrace": [ " File "/var/task/lambda_function.py", line 24, in lambda_handler\n response = cloudwatch.filter_log_events(\n", " File "/var/runtime/botocore/client.py", line 391, in _api_call\n return self._make_api_call(operation_name, kwargs)\n", " File "/var/runtime/botocore/client.py", line 719, in _make_api_call\n raise error_class(parsed_response, operation_name)\n" ] }
中的字符无效我创建了一个 IAM 角色来使用 Lambda 服务,并且它允许过滤日志。
非常感谢任何帮助:
import json
def lambda_handler(event, context):
# TODO implement
return {
'statusCode': 200,
'body': json.dumps('Hello from Lambda!')
}
import boto3
import datetime
def lambda_handler(event, context):
log_group_name = 'security' # log group name
search_string = '4625' # string being searched
sns_topic_arn = 'arn:aws-us-yadyaxxx # SNS topic ARN
custom_email = '[email protected]' # custom email
cloudwatch = boto3.client('logs')
sns = boto3.client('sns')
end_time = int(datetime.datetime.now().timestamp())
start_time = end_time - 600 # 600 seconds = 10 minutes
response = cloudwatch.filter_log_events(
logGroupName=log_group_name,
startTime=start_time,
endTime=end_time,
filterPattern=search_string
)
occurrences = sum(1 for _ in response['events'])
if occurrences >= 5:
message = f"Found '{search_string}' 5 times within 10 minutes in {log_group_name}."
sns.publish(
TopicArn=sns_topic_arn,
Message=message
)
sns.publish(
TopicArn=sns_topic_arn,
Message=message,
Subject='Critical Log Events Detected',
MessageAttributes={
'email': {
'DataType': 'String',
'StringValue': custom_email
}
}
)
我已检查 IAM 角色,它允许过滤日志 还尝试了各种搜索模式;我不认为是这样。
"An error occurred (InvalidParameterException) when calling the FilterLogEvents operation: Invalid character(s) in term '<'"
您在过滤器中使用了不允许的特殊字符,在本例中为
<
。
我运行了您发布的代码,并能够使用
search_string = '123<123
重现错误
请参阅过滤模式语法以了解支持的字符和正则表达式语法。