Open wrsuarez opened 8 years ago
Hi, 👍 for this. We see a lot of exceptions in our graylog. Also the cloudtrail SQS queue is filling up with AWS config messages which can not be fetched by the plugin. Any ideas when this is being included?
Since the last release we are supporting Cloudtrail in this plugin. Can you please verify if you are still unable to solve your issue?
@dennisoelkers, they are referring to support AWS config logs.
Has there been any progress with supporting AWS Config data with this (or some other) plugin?
AWS Config tracks AWS environment changes based on user-defined/focused compliance rules (eg. if ports on a security group changed, then move security group to Not Compliant state - which also triggers a SNS message as an alert of the change). I believe this request is asking for the ability to push the AWS Config SNS message content to Graylog (which might allow more focused logging than CloudTrail).
Appears to be related to https://github.com/Graylog2/graylog-plugin-aws/issues/18 sns events to graylog
This is one of the key gaps between this and Splunk AWS app at the moment. Config log data follows the exact process as CloudTrail and I've gotten as far as launching a new input in Graylog that is correctly receiving notifications when new Config items arrive but obviously the data structure and elements are different between CloudTrail and Config so the plug in exceptions out when it sees fields that it doesn't have a variable for.