search

obsrvbl-oss / flowlogs-reader

Command line tool and Python library for working with AWS VPC Flow Logs
Apache License 2.0
138 stars 23 forks source link

Filter Pattern not working with S3FlowLogsReader #46

Closed jaychan-q closed 4 years ago

jaychan-q commented 4 years ago

Trying to use filter pattern with S3FlowLogsReader Class in python and it returns error

FILTER_PATTERN = (
    '[version="2", account_id, interface_id, srcaddr, dstaddr, '
    'srcport, dstport, protocol="17", packets, bytes, '
    'start, end, action, log_status="OK", instance_id]'
)

reader = S3FlowLogsReader('xyz-vpc-flow-logs', include_regions=['us-east-1'], filter_pattern=FILTER_PATTERN)
records = list(reader)

for record in records:
    print (record)

Error is as follows

Traceback (most recent call last):
  File "flowlogs-read1.py", line 14, in <module>
    reader = S3FlowLogsReader('xyz-vpc-flow-logs', include_regions=['us-east-1'], filter_pattern=FILTER_PATTERN)
  File "/usr/local/lib/python2.7/site-packages/flowlogs_reader/flowlogs_reader.py", line 266, in __init__
    super(S3FlowLogsReader, self).__init__('s3', **kwargs)
TypeError: __init__() got an unexpected keyword argument 'filter_pattern'
bbayles commented 4 years ago

I'm afraid this is expected; S3 does not have a filtering language the way that Cloudwatch Logs does.

The docs do mention this: image

jaychan-q commented 4 years ago

Thanks @bbayles for the info