Skip to content

Instantly share code, notes, and snippets.

@stojg

stojg/parse.php

Last active June 23, 2016 01:38
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save stojg/1b2ab685cc8dbf8c6e03 to your computer and use it in GitHub Desktop.
Save stojg/1b2ab685cc8dbf8c6e03 to your computer and use it in GitHub Desktop.
Download ZIP
simple parsing of aws cloudtrail logs
Raw
parse.php
<?php
$files = glob("*.json");
foreach($files as $file) {
$content = file_get_contents($file);
$data = json_decode($content, true);
if(!isset($data['Records'])) {
continue;
}
foreach($data["Records"] as $event) {
if(!isset($event['userIdentity'])) {
var_dump($event);
die();
}
if(stristr($event['eventName'], 'Describe')) {
continue;
}
$requestParams = '';
if(count($event['requestParameters'])) {
$it = new RecursiveIteratorIterator(new RecursiveArrayIterator($event['requestParameters']));
foreach($it as $v) {
$requestParams .= "{$v}, ";
}
}
$time = new DateTime($event['eventTime'], new DateTimeZone('UTC'));
$time->setTimezone(new DateTimeZone('Pacific/Auckland'));
echo $time->format('Y-m-d H:i:s').' ';
echo str_pad($event['eventName'],35).' ';
echo str_pad($event['sourceIPAddress'], 35).' ';
if(isset($event['userIdentity']['userName'])) echo $event['userIdentity']['userName'].' ';
echo $requestParams.PHP_EOL;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment