Documentation

LogFileIterator extends IteratorIterator
in package

The `Aws\CloudTrail\LogFileIterator` provides an easy way to iterate over log file generated by AWS CloudTrail.

CloudTrail log files contain data about your AWS API calls and are stored in Amazon S3 at a predictable path based on a bucket name, a key prefix, an account ID, a region, and date information. This class allows you to specify options, including a date range, and emits each log file that match the provided options.

Yields an array containing the Amazon S3 bucket and key of the log file.

Table of Contents

ACCOUNT_ID  = 'account_id'
DEFAULT_TRAIL_NAME  = 'Default'
END_DATE  = 'end_date'
KEY_PREFIX  = 'key_prefix'
LOG_REGION  = 'log_region'
PREFIX_TEMPLATE  = 'prefix/AWSLogs/account/CloudTrail/region/date/'
PREFIX_WILDCARD  = '*'
START_DATE  = 'start_date'
TRAIL_NAME  = 'trail_name'
$s3BucketName  : string
$s3Client  : S3Client
__construct()  : mixed
Constructs a LogFileIterator using the specified options:
current()  : array<string|int, mixed>|bool
An override of the typical current behavior of \IteratorIterator to format the output such that the bucket and key are returned in an array
forTrail()  : LogRecordIterator
Constructs a LogRecordIterator. This factory method is used if the name of the S3 bucket containing your logs is not known. This factory method uses a CloudTrail client and the trail name (or "Default") to find the information about the trail necessary for constructing the LogRecordIterator.
applyDateFilter()  : Iterator
Applies an iterator filter to restrict the ListObjects result set to the specified date range.
applyRegexFilter()  : Iterator
Applies a regex iterator filter that limits the ListObjects result set based on the provided options.
buildListObjectsIterator()  : Iterator
Constructs an S3 ListObjects iterator, optionally decorated with FilterIterators, based on the provided options.
determineDateForPrefix()  : mixed
Uses the provided date values to determine the date portion of the prefix
normalizeDateValue()  : int
Normalizes a date value to a unix timestamp

Constants

PREFIX_TEMPLATE

public mixed PREFIX_TEMPLATE = 'prefix/AWSLogs/account/CloudTrail/region/date/'

Properties

$s3BucketName

private string $s3BucketName

S3 bucket that contains the log files

Methods

__construct()

Constructs a LogFileIterator using the specified options:

public __construct(S3Client $s3Client, string $s3BucketName[, array<string|int, mixed> $options = [] ]) : mixed
  • trail_name: The name of the trail that is generating our logs. If none is provided, then "Default" will be used, since that is the name of the trail created in the AWS Management Console.
  • key_prefix: The S3 key prefix of your log files. This value will be overwritten when using the fromTrail() method. However, if you are using the constructor, then this value will be used.
  • start_date: The timestamp of the beginning of date range of the log records you want to read. You can pass this in as a DateTime object, integer (unix timestamp), or a string compatible with strtotime().
  • end_date: The timestamp of the end of date range of the log records you want to read. You can pass this in as a DateTime object, integer (unix timestamp), or a string compatible with strtotime().
  • account_id: This is your AWS account ID, which is the 12-digit number found on the Account Identifiers section of the AWS Security Credentials page. See https://console.aws.amazon.com/iam/home?#security_credential
  • log_region: Region of the services of the log records you want to read.
Parameters
$s3Client : S3Client
$s3BucketName : string
$options : array<string|int, mixed> = []
Return values
mixed

current()

An override of the typical current behavior of \IteratorIterator to format the output such that the bucket and key are returned in an array

public current() : array<string|int, mixed>|bool
Return values
array<string|int, mixed>|bool

forTrail()

Constructs a LogRecordIterator. This factory method is used if the name of the S3 bucket containing your logs is not known. This factory method uses a CloudTrail client and the trail name (or "Default") to find the information about the trail necessary for constructing the LogRecordIterator.

public static forTrail(S3Client $s3Client, CloudTrailClient $cloudTrailClient[, array<string|int, mixed> $options = [] ]) : LogRecordIterator
Parameters
$s3Client : S3Client
$cloudTrailClient : CloudTrailClient
$options : array<string|int, mixed> = []
Tags
throws
InvalidArgumentException
see
LogRecordIterator::__contruct
Return values
LogRecordIterator

applyDateFilter()

Applies an iterator filter to restrict the ListObjects result set to the specified date range.

private applyDateFilter(Iterator $objectsIterator, int $startDate, int $endDate) : Iterator
Parameters
$objectsIterator : Iterator
$startDate : int
$endDate : int
Return values
Iterator

applyRegexFilter()

Applies a regex iterator filter that limits the ListObjects result set based on the provided options.

private applyRegexFilter(Iterator $objectsIterator, string $logKeyPrefix, string $candidatePrefix) : Iterator
Parameters
$objectsIterator : Iterator
$logKeyPrefix : string
$candidatePrefix : string
Return values
Iterator

buildListObjectsIterator()

Constructs an S3 ListObjects iterator, optionally decorated with FilterIterators, based on the provided options.

private buildListObjectsIterator(array<string|int, mixed> $options) : Iterator
Parameters
$options : array<string|int, mixed>
Return values
Iterator

determineDateForPrefix()

Uses the provided date values to determine the date portion of the prefix

private determineDateForPrefix(mixed $startDate, mixed $endDate) : mixed
Parameters
$startDate : mixed
$endDate : mixed
Return values
mixed

normalizeDateValue()

Normalizes a date value to a unix timestamp

private normalizeDateValue(string|DateTime|int $date) : int
Parameters
$date : string|DateTime|int
Tags
throws
InvalidArgumentException

if the value cannot be converted to a timestamp

Return values
int

Search results