How to locate a specific request in AWS, cloudtrail or Athena

sam23

11/21/23, 5:20 PM

How locate a specific request in AWS, cloudtrail or cloudwatch?

Request on 2022-11-17T17:07:52.037Z
General:
Request URL: https://0712f1246-1104-y-https-www-abc-com.mplbci.ekb.eg/access
HTTP Version: HTTP/1.1
Request method: GET
Remote Address: 195.41.20.252

I am looking for a full set of headers and values, especially the X-Forwarded-For list of IPs that came with the original request, before hitting out systems.

I tried using the Athena query, but I did not get the result

SELECT * FROM cloudtrail_logs_abc_cloudtrails
WHERE sourceipaddress= '195.41.20.252'


SELECT *
FROM cloudtrail_logs_abc_cloudtrails
where eventsource='https://0712f1246-1104-y-https-www-abc-com.mplbci.ekb.eg/access'
limit 100

could anyone suggest me what is the best way to find it , any help would be apricateed .

135

0 + 5

amazon-web-services

amazon-cloudwatch

aws-cli

amazon-cloudtrail

Tim

11/21/23, 7:11 PM

AWS doesn't keep all the headers and such for requests automatically, that would require a lot of storage and would mostly be wasted. CloudTrail logs keep some basic information. If you want that information you'll need to configure logging in your web server.

sam23

11/22/23, 12:56 AM

Original client request in the question which probably won't show in AWS the same way. It probably comes from a referrer, I'm looking for access logs coming from that server, going to /access page on abc.com, with all headers.

Tim

11/22/23, 1:01 AM

You'll have to configure them on your web server if you want them.

sam23

11/22/23, 4:10 AM

The web server logging is configured, but no logs are being generated against the query. do I need to expand the search result ?

Tim

11/22/23, 8:25 AM

I'd be looking in the web server logs directly to start with, to confirm logging is working. Once that's done you can confirm the logs have made it to S3 or CloudWatch logs, wherever you're sending them. Find the data, follow the data.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to locate a specific request in AWS, cloudtrail or Athena

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.