- Related Products
- ADManager Plus
- ADAudit Plus
- ADSelfService Plus
- Exchange Reporter Plus
- AD360
- Log360
To monitor your AWS environment, EventLog Analyzer requires a valid IAM user with necessary permissions. The solution will use the designated IAM user to collect logs from your AWS environment.
An IAM user is an entity that you create in AWS to represent the person or service that uses it to interact with AWS.
To create a new IAM user, follow these steps.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1486278063000", "Effect": "Allow", "Action": [ "cloudtrail:DescribeTrails", "cloudtrail:GetTrailStatus", "cloudtrail:GetTrail", "cloudtrail:CreateTrail", "cloudtrail:DeleteTrail", "cloudtrail:StartLogging", "cloudtrail:StopLogging", "cloudtrail:UpdateTrail" ], "Resource": [ "*" ] }, { "Sid": "Stmt1486278045000", "Effect": "Allow", "Action": [ "s3:GetBucketTagging", "s3:PutBucketLogging", "s3:PutLifecycleConfiguration", "s3:GetBucketLogging", "s3:PutBucketAcl", "s3:PutBucketPolicy", "s3:CreateBucket", "s3:ListBucket", "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:DeleteBucket", "s3:GetBucketPolicy", "s3:ListAllMyBuckets", "s3:PutObject", "s3:GetObjectAcl", "s3:GetObject", "s3:DeleteObject", "s3:GetObjectVersion" ], "Resource": [ "*" ] }, { "Sid": "Stmt1486278214000", "Effect": "Allow", "Action": [ "sns:GetEndpointAttributes", "sns:GetSubscriptionAttributes", "sns:GetTopicAttributes", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sns:Publish", "sns:Unsubscribe", "sns:SetTopicAttributes", "sns:DeleteTopic", "sns:CreateTopic", "sns:Subscribe", "sns:ConfirmSubscription", "sns:SetSubscriptionAttributes", "sns:AddPermission" ], "Resource": [ "*" ] }, { "Sid": "Stmt1486278276000", "Effect": "Allow", "Action": [ "sqs:DeleteMessage", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ListQueues", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:CreateQueue", "sqs:DeleteQueue", "sqs:SetQueueAttributes", "sqs:AddPermission", "sqs:PurgeQueue" ], "Resource": [ "*" ] }, { "Sid": "Stmt1490256161000", "Effect": "Allow", "Action": [ "iam:GenerateCredentialReport", "iam:GetAccountAuthorizationDetails", "iam:GetCredentialReport" ], "Resource": [ "*" ] }, { "Sid": "Stmt1490256161001", "Effect": "Allow", "Action": [ "elasticloadbalancing:*" ], "Resource": [ "*" ] } ] }
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1486278063000", "Effect": "Allow", "Action": [ "cloudtrail:DescribeTrails", "cloudtrail:GetTrailStatus", "cloudtrail:GetTrail" ], "Resource": [ "*" ] }, { "Sid": "Stmt1486278045000", "Effect": "Allow", "Action": [ "s3:*" ], "Resource": [ "*" ] }, { "Sid": "Stmt1486278214000", "Effect": "Allow", "Action": [ "sns:GetEndpointAttributes", "sns:GetPlatformApplicationAttributes", "sns:GetSMSAttributes", "sns:GetSubscriptionAttributes", "sns:GetTopicAttributes", "sns:ListEndpointsByPlatformApplication", "sns:ListPhoneNumbersOptedOut", "sns:ListPlatformApplications", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sns:Publish" ], "Resource": [ "*" ] }, { "Sid": "Stmt1486278276000", "Effect": "Allow", "Action": [ "sqs:DeleteMessage", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ListQueues", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:PurgeQueue" ], "Resource": [ "*" ] }, { "Sid": "Stmt1490256161000", "Effect": "Allow", "Action": [ "iam:GenerateCredentialReport", "iam:GetAccountAuthorizationDetails", "iam:GetCredentialReport" ], "Resource": [ "*" ] }, { "Sid": "Stmt1490256161001", "Effect": "Allow", "Action": [ "elasticloadbalancing:*" ], "Resource": [ "*" ] } ] }
The generated access key and secret key pair should be used inside EventLog Analyzer to configure the AWS account.
To setup logging for your AWS environment, refer S3 server access logging and ELB access logging.
CloudTrail is an API log monitoring web service offered by AWS. It enables AWS customers to record API calls and sends these log files to Amazon S3 buckets for storage. The service provides details of API activity such as the identity of the API caller, the time of the API call, the source IP address of the API caller, the requests made and response elements returned by the AWS service. In addition, it captures a few non-API events (AWS service events and AWS console sign-in events).
CloudTrail can also be configured to publish a notification for every log file that is delivered, allowing users to take action upon log file delivery.
(I) Enable CloudTrail
(II) Configure an SNS topic
Create an SNS topic. Select the following options: Apply trail to all regions → Yes Create a new S3 bucket → Yes S3 bucket → Provide a new name Log file prefix → Provide the prefix Encrypt log fies → No Enable log file validation → Yes Send SMS notification for every log file delivery → Yes Create a new SNS topic → Yes New SNS topic → Name the topic Select → Create
(III) Create an SQS queue and subscribe to the SNS topic created in Step II
(IV) Add the created SQS queue as a data source in EventLog Analyzer
What is S3 server access logging?
Requests to access S3 bucket can be tracked via access logging. Each access log record provides details about a single access request, such as the requester, bucket name, request time, request action, response status, and error code, if any. This access log information can be useful in identifying the nature of traffic.
Follow the below given steps to add Amazon S3 server access logs as a data source in EventLog Analyzer.
Elastic Load Balancer access logs capture information about requests made to load balancers and can be used to analyze traffic patterns and troubleshoot issues. These logs contain details such as the time the request was received, the client's IP address, latencies, request paths, and server responses.
Follow the below given steps to add Amazon ELB access logs as a data source in EventLog Analyzer
Enabling a cloud source:
To enable a cloud source in EventLog Analyzer,
Disabling a cloud source:
To disable a cloud source in EventLog Analyzer,
To delete a cloud source in EventLog Analyzer,