All events are captured to AWS Cloudwatch Logs. There is a logGroup for each component that runs on the s3ftp server and all logGroups are prefixed with
The logGroup for the s3ftp application is unsurprisingly called s3ftp/application. This is generally the first place to look when troubleshooting any issues. Any application events such as configuration issues, connection events and errors are logged here.
Cloudwatch Logs Insights
The easiest way to query Cloudwatch Logs is to use Cloudwatch Logs Insights.
From the logs Insights console, select the
/s3ftp/application log Group, adjust the time period and then adjust your search query. Then click
Useful Insights Queries
/s3ftp/application logGroup queries
The following search query will filter out all load balancer health requests.
fields @timestamp, @message | filter @message not like /connection_failed/ | filter @message not like /EOF/ | filter @message not like /connection reset by peer/ | sort @timestamp desc
Show all S3 activity
fields @timestamp, @message | filter sender like /S3Fs bucket/ | sort @timestamp desc
Show all SSH activity
fields @timestamp, @message | filter sender="SSH" | sort @timestamp desc