Cloudwatch Filters: Difference between revisions
From Federal Burro of Information
Jump to navigationJump to search
No edit summary |
No edit summary |
||
| Line 19: | Line 19: | ||
{ ( $.eventSource = "ec2.amazonaws.com" ) && ( $.eventName = "StopInstances" ) } | { ( $.eventSource = "ec2.amazonaws.com" ) && ( $.eventName = "StopInstances" ) } | ||
{ ( $.eventName != "DescribeVolumeStatus" ) && ( $.eventName != "DescribeAddresses" ) && ( $.eventName != "DescribeAddresses" )} | |||
Revision as of 19:53, 20 December 2017
http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
{ $.mfaAuthenticated = "false" }
{ $.userIdentity.type != "AssumedRole" }
{ ( $.eventSource != "iam.amazonaws.com" ) && ( $.eventSource != "cloudtrail.amazonaws.com" ) && ( $.eventSource != "elasticfilesystem.amazonaws.com" )}
{ ( $.eventSource = "ec2.amazonaws.com" ) && ( $.eventName != "DescribeInstanceStatus" ) }
{ $.userIdentity.sessionContext.attributes.mfaAuthenticated != "true" }
{ ( $.eventSource != "iam.amazonaws.com" ) && ( $.eventSource != "cloudtrail.amazonaws.com" ) && ( $.eventSource != "elasticfilesystem.amazonaws.com" ) && ( $.eventSource != "sts.amazonaws.com" ) && ( $.eventSource != "signin.amazonaws.com" ) && ( $.eventSource != "ec2.amazonaws.com" ) && ( $.eventSource != "logs.amazonaws.com" ) }
{ ( $.eventSource = "ec2.amazonaws.com" ) && ( $.eventName != "DescribeInstanceStatus" ) && ( $.eventName != "DescribeVolumeStatus" ) && ( $.eventName != "DescribeAddresses" )}
{ ( $.eventSource = "ec2.amazonaws.com" ) && ( $.eventName != "Describe*" ) && ( $.eventName != "Create*" ) && ( $.eventName != "Delete*" ) }
{ ( $.eventSource = "ec2.amazonaws.com" ) && ( $.eventName = "StopInstances" ) }
{ ( $.eventName != "DescribeVolumeStatus" ) && ( $.eventName != "DescribeAddresses" ) && ( $.eventName != "DescribeAddresses" )}
