Graylog2 / graylog-plugin-aws

Several bundled Graylog plugins to integrate with different AWS services like CloudTrail and FlowLogs.
Other
91 stars 37 forks source link

Please add AWS Config Logs to this plugin #20

Open wrsuarez opened 8 years ago

wrsuarez commented 8 years ago

This is one of the key gaps between this and Splunk AWS app at the moment. Config log data follows the exact process as CloudTrail and I've gotten as far as launching a new input in Graylog that is correctly receiving notifications when new Config items arrive but obviously the data structure and elements are different between CloudTrail and Config so the plug in exceptions out when it sees fields that it doesn't have a variable for.

baldzern4 commented 7 years ago

Hi, 👍 for this. We see a lot of exceptions in our graylog. Also the cloudtrail SQS queue is filling up with AWS config messages which can not be fetched by the plugin. Any ideas when this is being included?

dennisoelkers commented 6 years ago

Since the last release we are supporting Cloudtrail in this plugin. Can you please verify if you are still unable to solve your issue?

arunmat commented 6 years ago

@dennisoelkers, they are referring to support AWS config logs.

badllama commented 6 years ago

Has there been any progress with supporting AWS Config data with this (or some other) plugin?

danotorrey commented 6 years ago

AWS Config tracks AWS environment changes based on user-defined/focused compliance rules (eg. if ports on a security group changed, then move security group to Not Compliant state - which also triggers a SNS message as an alert of the change). I believe this request is asking for the ability to push the AWS Config SNS message content to Graylog (which might allow more focused logging than CloudTrail).

Appears to be related to https://github.com/Graylog2/graylog-plugin-aws/issues/18 sns events to graylog