Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- : timestamp=>"2016-10-07T13:25:55.964000+0000",
- : message=>"Failed action. ",
- : status=>400,
- : action=>[
- "index",
- {
- : _id=>nil,
- : _index=>"cloudtrail-2016.06.10",
- : _type=>"logs",
- : _routing=>nil
- },
- #<LogStash: : Event: 0x796f4bed@metadata_accessors=#<LogStash: : Util: : Accessors: 0x5ca57927@store={
- },
- @lut={
- }>,
- @cancelled=false,
- @data={
- "eventVersion"=>"1.03",
- "userIdentity"=>{
- "type"=>"IAMUser",
- "principalId"=>"XXX",
- "arn"=>"arn:aws:iam::123456:user/user1",
- "accountId"=>"123456",
- "userName"=>"user1",
- "sessionContext"=>{
- "attributes"=>{
- "mfaAuthenticated"=>"false",
- "creationDate"=>"2016-06-10T08:05:02Z"
- }
- },
- "invokedBy"=>"signin.amazonaws.com"
- },
- "eventSource"=>"s3.amazonaws.com",
- "eventName"=>"PutBucketPolicy",
- "awsRegion"=>"us-east-1",
- "sourceIPAddress"=>"XXX.XXX.150.109",
- "userAgent"=>"signin.amazonaws.com",
- "requestParameters"=>{
- "bucketName"=>"bucketname",
- "buckeyPolicy"=>{
- "Version"=>"2012-10-17",
- "Statement"=>[
- {
- "Effect"=>"Allow",
- "Principal"=>{
- "AWS"=>[
- "arn:aws:iam::123456:user/user2",
- "arn:aws:iam::123456:user/user2",
- "arn:aws:iam::123456:user/user2"
- ]
- },
- "Action"=>[
- "s3:ListBucket",
- "s3:GetBucketLocation"
- ],
- "Resource"=>"arn:aws:s3:::bucketname"
- },
- {
- "Effect"=>"Allow",
- "Principal"=>{
- "AWS"=>[
- "arn:aws:iam::123456:user/user2",
- "arn:aws:iam::123456:user/user3",
- "arn:aws:iam::123456:user/user4"
- ]
- },
- "Action"=>[
- "s3:GetObject"
- ],
- "Resource"=>"arn:aws:s3:::bucketname/*"
- },
- {
- "Effect"=>"Allow",
- "Principal"=>{
- "AWS"=>"arn:aws:iam::123456:user/user5"
- },
- "Action"=>[
- "s3:PutObject"
- ],
- "Resource"=>"arn:aws:s3:::bucketname/*"
- }
- ]
- }
- },
- "responseElements"=>nil,
- "requestID"=>"D51828F4E6B57964",
- "eventID"=>"7b5b3622-93d7-445b-baac-34341604aa58",
- "eventType"=>"AwsApiCall",
- "recipientAccountId"=>"123456",
- "@timestamp"=>"2016-06-10T15:51:26.000Z",
- "@version"=>"1"
- },
- @metadata={
- },
- @accessors=#<LogStash: : Util: : Accessors: 0x749d9d9c@store={
- "eventVersion"=>"1.03",
- "userIdentity"=>{
- "type"=>"IAMUser",
- "principalId"=>"XXX",
- "arn"=>"arn:aws:iam::123456:user/user",
- "accountId"=>"123456",
- "userName"=>"user",
- "sessionContext"=>{
- "attributes"=>{
- "mfaAuthenticated"=>"false",
- "creationDate"=>"2016-06-10T08:05:02Z"
- }
- },
- "invokedBy"=>"signin.amazonaws.com"
- },
- "eventSource"=>"s3.amazonaws.com",
- "eventName"=>"PutBucketPolicy",
- "awsRegion"=>"us-east-1",
- "sourceIPAddress"=>"XXX.XXX.150.109",
- "userAgent"=>"signin.amazonaws.com",
- "requestParameters"=>{
- "bucketName"=>"XXX",
- "buckeyPolicy"=>{
- "Version"=>"2012-10-17",
- "Statement"=>[
- {
- "Effect"=>"Allow",
- "Principal"=>{
- "AWS"=>[
- "arn:aws:iam::123456:user/XXX",
- "arn:aws:iam::123456:user/XXX",
- "arn:aws:iam::123456:user/XXX"
- ]
- },
- "Action"=>[
- "s3:ListBucket",
- "s3:GetBucketLocation"
- ],
- "Resource"=>"arn:aws:s3:::XXX"
- },
- {
- "Effect"=>"Allow",
- "Principal"=>{
- "AWS"=>[
- "arn:aws:iam::123456:user/XXX",
- "arn:aws:iam::123456:user/XXX",
- "arn:aws:iam::123456:user/XXX"
- ]
- },
- "Action"=>[
- "s3:GetObject"
- ],
- "Resource"=>"arn:aws:s3:::XXX/*"
- },
- {
- "Effect"=>"Allow",
- "Principal"=>{
- "AWS"=>"arn:aws:iam::123456:user/XXX"
- },
- "Action"=>[
- "s3:PutObject"
- ],
- "Resource"=>"arn:aws:s3:::XXX/*"
- }
- ]
- }
- },
- "responseElements"=>nil,
- "requestID"=>"D51828F4E6B57964",
- "eventID"=>"7b5b3622-93d7-445b-baac-34341604aa58",
- "eventType"=>"AwsApiCall",
- "recipientAccountId"=>"123456",
- "@timestamp"=>"2016-06-10T15:51:26.000Z",
- "@version"=>"1"
- },
- @lut={
- "message"=>[
- {
- "eventVersion"=>"1.03",
- "userIdentity"=>{
- "type"=>"IAMUser",
- "principalId"=>"XXX",
- "arn"=>"arn:aws:iam::123:user/XXX",
- "accountId"=>"123",
- "userName"=>"XXX",
- "sessionContext"=>{
- "attributes"=>{
- "mfaAuthenticated"=>"false",
- "creationDate"=>"2016-06-10T08:05:02Z"
- }
- },
- "invokedBy"=>"signin.amazonaws.com"
- },
- "eventSource"=>"s3.amazonaws.com",
- "eventName"=>"PutBucketPolicy",
- "awsRegion"=>"us-east-1",
- "sourceIPAddress"=>"XXX.XXX.150.109",
- "userAgent"=>"signin.amazonaws.com",
- "requestParameters"=>{
- "bucketName"=>"XXX",
- "buckeyPolicy"=>{
- "Version"=>"2012-10-17",
- "Statement"=>[
- {
- "Effect"=>"Allow",
- "Principal"=>{
- "AWS"=>[
- "arn:aws:iam::123:user/XXX",
- "arn:aws:iam::123:user/XXX",
- "arn:aws:iam::123:user/XXX"
- ]
- },
- "Action"=>[
- "s3:ListBucket",
- "s3:GetBucketLocation"
- ],
- "Resource"=>"arn:aws:s3:::XXX"
- },
- {
- "Effect"=>"Allow",
- "Principal"=>{
- "AWS"=>[
- "arn:aws:iam::123:user/XXX",
- "arn:aws:iam::123:user/XXX",
- "arn:aws:iam::123:user/XXX"
- ]
- },
- "Action"=>[
- "s3:GetObject"
- ],
- "Resource"=>"arn:aws:s3:::XXX/*"
- },
- {
- "Effect"=>"Allow",
- "Principal"=>{
- "AWS"=>"arn:aws:iam::123:user/XXX"
- },
- "Action"=>[
- "s3:PutObject"
- ],
- "Resource"=>"arn:aws:s3:::XXX/*"
- }
- ]
- }
- },
- "responseElements"=>nil,
- "requestID"=>"D51828F4E6B57964",
- "eventID"=>"7b5b3622-93d7-445b-baac-34341604aa58",
- "eventType"=>"AwsApiCall",
- "recipientAccountId"=>"123456",
- "@timestamp"=>"2016-06-10T15:51:26.000Z",
- "@version"=>"1"
- },
- "message"
- ],
- "type"=>[
- {
- "eventVersion"=>"1.03",
- "userIdentity"=>{
- "type"=>"IAMUser",
- "principalId"=>"XXX",
- "arn"=>"arn:aws:iam::123:user/XXX",
- "accountId"=>"123",
- "userName"=>"XXX",
- "sessionContext"=>{
- "attributes"=>{
- "mfaAuthenticated"=>"false",
- "creationDate"=>"2016-06-10T08:05:02Z"
- }
- },
- "invokedBy"=>"signin.amazonaws.com"
- },
- "eventSource"=>"s3.amazonaws.com",
- "eventName"=>"PutBucketPolicy",
- "awsRegion"=>"us-east-1",
- "sourceIPAddress"=>"XXX.XXX.150.109",
- "userAgent"=>"signin.amazonaws.com",
- "requestParameters"=>{
- "bucketName"=>"XXX",
- "buckeyPolicy"=>{
- "Version"=>"2012-10-17",
- "Statement"=>[
- {
- "Effect"=>"Allow",
- "Principal"=>{
- "AWS"=>[
- "arn:aws:iam::123:user/XXX",
- "arn:aws:iam::123:user/XXX",
- "arn:aws:iam::123:user/XXX"
- ]
- },
- "Action"=>[
- "s3:ListBucket",
- "s3:GetBucketLocation"
- ],
- "Resource"=>"arn:aws:s3:::XXX"
- },
- {
- "Effect"=>"Allow",
- "Principal"=>{
- "AWS"=>[
- "arn:aws:iam::123:user/XXX",
- "arn:aws:iam::123:user/XXX",
- "arn:aws:iam::123:user/XXX"
- ]
- },
- "Action"=>[
- "s3:GetObject"
- ],
- "Resource"=>"arn:aws:s3:::XXX/*"
- },
- {
- "Effect"=>"Allow",
- "Principal"=>{
- "AWS"=>"arn:aws:iam::123:user/XXX"
- },
- "Action"=>[
- "s3:PutObject"
- ],
- "Resource"=>"arn:aws:s3:::XXX/*"
- }
- ]
- }
- },
- "responseElements"=>nil,
- "requestID"=>"D51828F4E6B57964",
- "eventID"=>"7b5b3622-93d7-445b-baac-34341604aa58",
- "eventType"=>"AwsApiCall",
- "recipientAccountId"=>"123",
- "@timestamp"=>"2016-06-10T15:51:26.000Z",
- "@version"=>"1"
- },
- "type"
- ]
- }>>
- ],
- : response=>{
- "create"=>{
- "_index"=>"cloudtrail-2016.06.10",
- "_type"=>"logs",
- "_id"=>"AVefUlX1FF9Th38qxu5f",
- "status"=>400,
- "error"=>{
- "type"=>"mapper_parsing_exception",
- "reason"=>"failed to parse [requestParameters.buckeyPolicy.Statement.Principal]",
- "caused_by"=>{
- "type"=>"illegal_argument_exception",
- "reason"=>"unknown property [AWS]"
- }
- }
- }
- },
- : level=>: warn,
- : file=>"logstash/outputs/elasticsearch/common.rb",
- : line=>"119",
- : method=>"submit"
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement