All events are captured to AWS Cloudwatch Logs. There is a logGroup for each component that runs on the s3ftp server and all logGroups are prefixed with /s3ftp/.

The logGroup for the s3ftp application is unsurprisingly called s3ftp/application. This is generally the first place to look when troubleshooting any issues. Any application events such as configuration issues, connection events and errors are logged here.

Cloudwatch Logs Insights

The easiest way to query Cloudwatch Logs is to use Cloudwatch Logs Insights.

From the logs Insights console, select the /s3ftp/application log Group, adjust the time period and then adjust your search query. Then click Run query.

logs insights

Useful Insights Queries

/s3ftp/application logGroup queries

The following search query will filter out all load balancer health requests.

fields @timestamp, @message
| filter @message not like /connection_failed/
| filter @message not like /EOF/
| filter @message not like /connection reset by peer/
| sort @timestamp desc

Show all S3 activity

fields @timestamp, @message
| filter sender like /S3Fs bucket/
| sort @timestamp desc

Show all SSH activity

fields @timestamp, @message
| filter sender="SSH"
| sort @timestamp desc