{"id":21878315,"url":"https://github.com/pepabo/trail-digger","last_synced_at":"2025-04-15T03:05:15.370Z","repository":{"id":40308049,"uuid":"459081942","full_name":"pepabo/trail-digger","owner":"pepabo","description":"trail-digger is a tool for digging trail log files of AWS CloudTrail.","archived":false,"fork":false,"pushed_at":"2022-12-03T10:59:36.000Z","size":63,"stargazers_count":6,"open_issues_count":2,"forks_count":5,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-04-15T03:05:08.861Z","etag":null,"topics":["aws","cloudtrail-events","cloudtrail-log-analytics","cloudtrail-logs"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pepabo.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-02-14T08:48:31.000Z","updated_at":"2024-07-05T01:45:41.000Z","dependencies_parsed_at":"2022-08-09T16:53:03.629Z","dependency_job_id":null,"html_url":"https://github.com/pepabo/trail-digger","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pepabo%2Ftrail-digger","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pepabo%2Ftrail-digger/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pepabo%2Ftrail-digger/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pepabo%2Ftrail-digger/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pepabo","download_url":"https://codeload.github.com/pepabo/trail-digger/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248997084,"owners_count":21195799,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cloudtrail-events","cloudtrail-log-analytics","cloudtrail-logs"],"created_at":"2024-11-28T08:12:17.681Z","updated_at":"2025-04-15T03:05:15.352Z","avatar_url":"https://github.com/pepabo.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# trail-digger\n\n`trail-digger` is a tool for digging trail log files of AWS CloudTrail.\n\n**NOTICE: If Amazon Athena is available, [most issues can be solved with Amazon Athena](https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html)**\n\n## Usage\n\n### `trail-digger events`\n\n`trail-digger events` show AWS CloudTrail events (JSONL) **in order of timeline** using trail logs.\n\n#### Show the events of 2022/02/03 for AWS account/default region of `my-profile` in order of timeline\n\n``` console\n$ env AWS_PROFILE=my-profile trail-digger events s3://your-trail-log-bucket --date 2022/02/03\n```\n\n#### Show the events of 2022/02 for AWS account/us-west-2 of `my-profile` in order of timeline\n\n``` console\n$ env AWS_PROFILE=my-profile trail-digger events s3://your-trail-log-bucket --date 2022/02 --region us-west-2\n```\n\n#### Show the events of 2022/01 for AWS account(1234567890)/all regions in order of timeline\n\n``` console\n$ env AWS_PROFILE=my-profile trail-digger events s3://your-trail-log-bucket --date 2022/01 --account 1234567890 --all-regions \n```\n\n#### Show the events of 2022/01/04 for all AWS accounts/all regions in order of timeline\n\n``` console\n$ env AWS_PROFILE=my-profile trail-digger events s3://your-trail-log-bucket --date 2022/01/04 --all-accounts --all-regions \n```\n\n### `trail-digger analyze`\n\n`trail-digger analyze` analyze AWS CloudTrail events using trail logs.\n\nThe usage is the same as `trail-digger analyze`, but it outputs the analysis results.\n\n``` console\n$ AWS_PROFILE=my-profile trail-digger analyze s3://your-trail-log-bucket\n2022-02-15T07:27:48+09:00 INF Digging trail logs prefix=AWSLogs/1234567890/CloudTrail/ap-northeast-1/2022/02/15/\n2022-02-15T07:28:07+09:00 INF Digging trail logs prefix=AWSLogs/1234567890/CloudTrail/ap-northeast-1/2022/02/16/\n\n                                                             Count\n\n  Event Type            Management Event:                 12345678\n                        Data Event:                          12345\n\n  Event Source          access-analyzer.amazonaws.com:       XXXXX\n                        autoscaling.amazonaws.com:            XXXX\n                        cloudformation.amazonaws.com:         XXXX\n                        cloudtrail.amazonaws.com:            XXXXX\n                        codepipeline.amazonaws.com:           XXXX\n                        config.amazonaws.com:                  XXX\n                        dax.amazonaws.com:                   XXXXX\n                        dms.amazonaws.com:                     XXX\n                        ec2.amazonaws.com:                      XX\n                        ecr.amazonaws.com:                     XXX\n                        ecs.amazonaws.com:                   XXXXX\n                        elasticfilesystem.amazonaws.com:       XXX\n                        elasticloadbalancing.amazonaws.com:   XXXX\n                        elasticmapreduce.amazonaws.com:       XXXX\n                        es.amazonaws.com:                      XXX\n                        guardduty.amazonaws.com:             　XXX\n                        kms.amazonaws.com:                     XXX\n                        lambda.amazonaws.com:                XXXXX\n                        redshift.amazonaws.com:               XXXX\n                        s3.amazonaws.com:                   XXXXXX\n                        sagemaker.amazonaws.com:               XXX\n                        secretsmanager.amazonaws.com:         XXXX\n                        ssm.amazonaws.com:                     XXX\n                        sts.amazonaws.com:                    XXXX\n\n  Region                ap-northeast-1:                   12358023\n\n  Recipient Account ID  1234567890:                       12358023\n\n```\n\n### `trail-digger size`\n\n`trail-digger size` show size of trail logs.\n\nThe usage is the same as `trail-digger analyze`, but it outputs the size of trail log S3 objects.\n\nIn addition, for `trail-digger events` and `trail-digger analyze`, the aggregation range is determined by `eventTime`, but for `trail-digger size`, the aggregation range is determined by the date path of the S3 bucket.\n\n## Install\n\n**homebrew tap:**\n\n```console\n$ brew install pepabo/tap/trail-digger\n```\n\n**manually:**\n\nDownload binany from [releases page](https://github.com/pepabo/trail-digger/releases)\n\n**go install:**\n\n```console\n$ go install github.com/pepabo/trail-digger@latest\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpepabo%2Ftrail-digger","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpepabo%2Ftrail-digger","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpepabo%2Ftrail-digger/lists"}