# c7n-log-exporter: Cloud watch log exporter automation
A small serverless app to archive cloud logs across accounts to an archive bucket. It utilizes
cloud log export to s3 feature for historical exports.
It also supports kinesis streams / firehose to move to realtime exports in the same format
as the periodic historical exports.
## Features
- Log group filtering by regex
- Incremental support based on previously synced dates
- Incremental support based on last log group write time
- Cross account via sts role assume
- Lambda and CLI support.
- Day based log segmentation (output keys look
like $prefix/$account_id/$group/$year/$month/$day/$export_task_uuid/$stream/$log)
## Assumptions
- The archive bucket has already has appropriate bucket policy permissions.
For details see:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/S3ExportTasks.html#S3Permissions
- Default periodicity for log group archival into s3 is daily.
- Exporter is run with account credentials that have access to the archive s3 bucket.
- Catch up archiving is not run in lambda (do a cli run first)
## Cli usage
```
make install
```
You can run on a single account / log group via the export subcommand
```
c7n-log-exporter export --help
```
## Config format
To ease usage when running across multiple accounts, a config file can be specified, as
an example.
### Using S3 Bucket as destination
```
destination:
bucket: custodian-log-archive
prefix: logs2
accounts:
- name: custodian-demo
role: "arn:aws:iam::111111111111:role/CloudCustodianRole"
groups:
- "/aws/lambda/*"
- "vpc-flow-logs"
```
### Using CloudWatch Destination as destination cross account
The Cloudwatch Destination needs setup in account and access policy set on CloudWatch Destination to to allow
source account access to the Cloudwatch Destination
```
subscription:
destination-arn: "arn:aws:logs:us-east-1:111111111111:destination:CustodianCWLogsDestination"
destination-role: "arn:aws:iam::111111111111:role/CWLtoKinesisRole"
name: "CustodianCWLogsDestination"
destination:
bucket: custodian-log-archive
prefix: logs2
accounts:
- name: custodian-demo
# https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CreateSubscriptionFilter-IAMrole.html
subscription-role: "arn:aws:iam::111111111111:role/<role-name>"
role: "arn:aws:iam::111111111111:role/CloudCustodianRole"
groups:
- "/aws/lambda/*"
- "vpc-flow-logs"
```
## Multiple accounts via cli
To run on the cli across multiple accounts, edit the config.yml to specify multiple
accounts and log groups.
```
c7n-log-exporter run --config config.yml
```
## Serverless Usage
Edit config.yml to specify the accounts, archive bucket, and log groups you want to
use.
```
make install
make deploy
```
Raw data
{
"_id": null,
"home_page": "https://cloudcustodian.io",
"name": "c7n-logexporter",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0,>=3.8",
"maintainer_email": null,
"keywords": null,
"author": "Cloud Custodian Project",
"author_email": null,
"download_url": null,
"platform": null,
"description": "# c7n-log-exporter: Cloud watch log exporter automation\n\nA small serverless app to archive cloud logs across accounts to an archive bucket. It utilizes\ncloud log export to s3 feature for historical exports.\n\nIt also supports kinesis streams / firehose to move to realtime exports in the same format\nas the periodic historical exports.\n\n\n## Features\n\n - Log group filtering by regex\n - Incremental support based on previously synced dates\n - Incremental support based on last log group write time\n - Cross account via sts role assume\n - Lambda and CLI support.\n - Day based log segmentation (output keys look\n like $prefix/$account_id/$group/$year/$month/$day/$export_task_uuid/$stream/$log)\n \n\n## Assumptions\n\n - The archive bucket has already has appropriate bucket policy permissions.\n For details see:\n https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/S3ExportTasks.html#S3Permissions\n - Default periodicity for log group archival into s3 is daily.\n - Exporter is run with account credentials that have access to the archive s3 bucket.\n - Catch up archiving is not run in lambda (do a cli run first)\n\n\n## Cli usage\n\n```\nmake install\n```\n\nYou can run on a single account / log group via the export subcommand\n```\nc7n-log-exporter export --help\n```\n\n## Config format\n\nTo ease usage when running across multiple accounts, a config file can be specified, as\nan example.\n\n### Using S3 Bucket as destination\n\n```\ndestination:\n bucket: custodian-log-archive\n prefix: logs2\n\naccounts:\n - name: custodian-demo\n role: \"arn:aws:iam::111111111111:role/CloudCustodianRole\"\n groups:\n - \"/aws/lambda/*\"\n - \"vpc-flow-logs\"\n```\n\n### Using CloudWatch Destination as destination cross account\nThe Cloudwatch Destination needs setup in account and access policy set on CloudWatch Destination to to allow \nsource account access to the Cloudwatch Destination\n\n```\nsubscription:\n destination-arn: \"arn:aws:logs:us-east-1:111111111111:destination:CustodianCWLogsDestination\"\n destination-role: \"arn:aws:iam::111111111111:role/CWLtoKinesisRole\"\n name: \"CustodianCWLogsDestination\"\n\ndestination:\n bucket: custodian-log-archive\n prefix: logs2\n\naccounts:\n - name: custodian-demo\n # https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CreateSubscriptionFilter-IAMrole.html\n subscription-role: \"arn:aws:iam::111111111111:role/<role-name>\"\n role: \"arn:aws:iam::111111111111:role/CloudCustodianRole\"\n groups:\n - \"/aws/lambda/*\"\n - \"vpc-flow-logs\"\n```\n\n## Multiple accounts via cli\n\nTo run on the cli across multiple accounts, edit the config.yml to specify multiple\naccounts and log groups.\n\n```\nc7n-log-exporter run --config config.yml\n```\n\n## Serverless Usage\n\nEdit config.yml to specify the accounts, archive bucket, and log groups you want to\nuse.\n\n```\nmake install\nmake deploy\n```\n\n\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "Cloud Custodian - Cloud Watch Log S3 exporter",
"version": "0.4.34",
"project_urls": {
"Documentation": "https://cloudcustodian.io/docs/",
"Homepage": "https://cloudcustodian.io",
"Repository": "https://github.com/cloud-custodian/cloud-custodian"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "a1d90e2173dc1a3db8a1e865d7fbbb735eada325b65ca787a53bb42b4deb7775",
"md5": "7d1ba7933452261f6074bacd37059aaf",
"sha256": "9f1678bfb3be5f93c2cfaa9b90e1d1cfe84bde23527a1c8717ddad6d722419df"
},
"downloads": -1,
"filename": "c7n_logexporter-0.4.34-py3-none-any.whl",
"has_sig": false,
"md5_digest": "7d1ba7933452261f6074bacd37059aaf",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0,>=3.8",
"size": 14043,
"upload_time": "2024-03-26T21:21:33",
"upload_time_iso_8601": "2024-03-26T21:21:33.209388Z",
"url": "https://files.pythonhosted.org/packages/a1/d9/0e2173dc1a3db8a1e865d7fbbb735eada325b65ca787a53bb42b4deb7775/c7n_logexporter-0.4.34-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-03-26 21:21:33",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "cloud-custodian",
"github_project": "cloud-custodian",
"travis_ci": false,
"coveralls": true,
"github_actions": true,
"lcname": "c7n-logexporter"
}