Download the CloudTrail zip file from HERE into a folder called s3_logs.
- Decompress files using 7zip or in-build decompresser in mac
Navigate to your project file and use the command below to download the Helper Script aws-cloudtrail2sof-elk.py from the SOF-ELK repository.
wget <https://raw.githubusercontent.com/philhagen/sof-elk/main/supporting-scripts/aws-cloudtrail2sof-elk.py>
Ensure Python3 is Installed. If not use sudo apt-get install python3 on Ubuntu or on Mac use the command brew install python3 once Homebrew is installed .
Use the command to check Python3 is installed:
python3 --version
Next, run the following command to create a single JSON file from the CloudTrail logs located in the ./s3_logs/ directory:
NB: Make sure you are in the directory that the
Flaws_cloud CloudTrail logs(Here,s3_logs) are stored
python3 aws-cloudtrail2sof-elk.py -f -r ./s3_logs/ -w FlawsReadyToIngest.json
-
f: Tells the script to force overwrite any existing output file. -
r ./s3_logs/: Specifies the directory where your CloudTrail logs are stored. -
w ReadyToIngest.json: Specifies the output file (FlawsReadyToIngest.json) that will contain all the logs in JSON format, ready for ingestion.
The File Processed Successfully
