Menu
AWS CloudTrail
User Guide (Version 1.0)

Downloading Your CloudTrail Log Files

Log files are in JSON format. If you have a JSON viewer add-on installed, you can view the files directly in your browser. Double-click the log file name in the bucket to open a new browser window or tab. The JSON displays in a readable format.

For example, if you use Mozilla Firefox, you can also download the JSONView add-on. With JSONView, you can double-click the compressed .gz file in your bucket to open the log file in JSON format.

CloudTrail log files are Amazon S3 objects. You can use the Amazon S3 console, the AWS Command Line Interface (CLI), or the Amazon S3 API to retrieve log files.

For more information, see Working with Amazon S3 Objects in the Amazon Simple Storage Service Developer Guide.

The following procedure describes how to download a log file with the AWS Management Console.

To download and read a log file

  1. Open the Amazon S3 console at https://console.aws.amazon.com/s3/.

  2. Choose the bucket and choose the log file that you want to download.

  3. Choose Download or Download as and follow the prompts to save the file. This saves the file in compressed format.

    Note

    Some browsers, such as Chrome, automatically extract the log file for you. If your browser does this for you, skip to step 5.

  4. Use a product such as 7-Zip to extract the log file.

  5. Open the log file in a text editor such as Notepad++.

For more information about the event fields that can appear in a log file entry, see CloudTrail Log Event Reference.

AWS partners with third-party specialists in logging and analysis to provide solutions that use CloudTrail output. For more information, see AWS Partner Network - AWS CloudTrail Partners.

Note

You can also use the Event history feature to look up events for create, update, and delete API activity during the last seven days.

For more information, see Viewing Events with CloudTrail Event History.