Skip to content

Instantly share code, notes, and snippets.

@omardulaimi

omardulaimi/CloudWatch-Logs-Export.py

Created October 7, 2020 05:01
Show Gist options
  • Save omardulaimi/2e5f8468c063e584c072336df32c74e2 to your computer and use it in GitHub Desktop.
Save omardulaimi/2e5f8468c063e584c072336df32c74e2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
CloudWatch-Logs-Export.py
import boto3
import os
import datetime
"""
This portion will obtain the Environment variables from AWS Lambda.
"""
GROUP_NAME = os.environ['GROUP_NAME']
DESTINATION_BUCKET = os.environ['DESTINATION_BUCKET']
PREFIX = os.environ['PREFIX']
NDAYS = os.environ['NDAYS']
nDays = int(NDAYS)
"""
This portion will receive the nDays value (the date/day of the log you want
want to export) and calculate the start and end date of logs you want to
export to S3. Today = 0; yesterday = 1; so on and so forth...
Ex: If today is April 13th and NDAYS = 0, April 13th logs will be exported.
Ex: If today is April 13th and NDAYS = 1, April 12th logs will be exported.
Ex: If today is April 13th and NDAYS = 2, April 11th logs will be exported.
"""
currentTime = datetime.datetime.now()
StartDate = currentTime - datetime.timedelta(days=nDays)
EndDate = currentTime - datetime.timedelta(days=nDays - 1)
"""
Convert the from & to Dates to milliseconds
"""
fromDate = int(StartDate.timestamp() * 1000)
toDate = int(EndDate.timestamp() * 1000)
"""
The following will create the subfolders' structure based on year, month, day
Ex: BucketNAME/LogGroupName/Year/Month/Day
"""
BUCKET_PREFIX = os.path.join(PREFIX, StartDate.strftime('%Y{0}%m{0}%d').format(os.path.sep))
"""
Based on the AWS boto3 documentation
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/logs.html#CloudWatchLogs.Client.create_export_task
"""
def lambda_handler(event, context):
client = boto3.client('logs')
client.create_export_task(
logGroupName=GROUP_NAME,
fromTime=fromDate,
to=toDate,
destination=DESTINATION_BUCKET,
destinationPrefix=BUCKET_PREFIX
)
@omardulaimi
Copy link
Author

omardulaimi commented Sep 22, 2022
edited
Loading

Thanks for sharing this. I'm curious do we define variables at the beginning? Or, at the end of the file? Also, where do we get identified variable from? GROUP_NAME (Is this arn for log group name?) PREFIX (I assume this is any string?)

Hi PiExpr,

So these will be defined in the Environment Variable Section for the Lambda Function. This article will walk you through

Part 1: https://omardulaimi.medium.com/export-ec2-logs-to-cloudwatch-and-s3-89285029a345
Part 2: https://omardulaimi.medium.com/export-cloudwatch-logs-to-s3-with-lambda-dd45cf246766

Now if you are not using Lambda, then you can define the variables in this section of the code:

GROUP_NAME = "Log_goup1"

DESTINATION_BUCKET = "BucketName"

PREFIX = "Random String, can be anything"

NDAYS = "30"

The prefix if I recall correctly is the name of the bucket, and the Group Name is the log group name in CloudWatch.

Note: this articles might be a bit outdated due to AWS changing their layout/things from time to time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment