search

Graylog2 / graylog-plugin-aws

Several bundled Graylog plugins to integrate with different AWS services like CloudTrail and FlowLogs.
Other
91 stars 37 forks source link

Plugin no longer working #7

Closed 123dev closed 8 years ago

123dev commented 8 years ago

Hi, Thanks for the plugin. Not sure exactly when it stopped working, the only changes to the environments were Graylog updates as the AWS side nothing changed.

These are the errors I get in the logs

2016-01-05_15:38:39.89265 ERROR [CloudTrailSubscriber] Could not read messages from SNS. This is most likely a misconfiguration of the plugin. Going into sleep loop and retrying.
2016-01-05_15:38:39.89309 com.amazonaws.AmazonServiceException: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
2016-01-05_15:38:39.89376
2016-01-05_15:38:39.89422 The Canonical String for this request should have been
2016-01-05_15:38:39.89491 'POST
2016-01-05_15:38:39.89528 /cloudtrail-notifications
2016-01-05_15:38:39.89572
2016-01-05_15:38:39.89621 host:sqs.us-east-1.amazonaws.com
2016-01-05_15:38:39.89810 user-agent:aws-sdk-java/1.9.20.1 Linux/3.13.0-74-generic Java_HotSpot(TM)_64-Bit_Server_VM/25.66-b17/1.8.0_66
2016-01-05_15:38:39.89917 x-amz-date:20160105T153838Z
2016-01-05_15:38:39.89939
2016-01-05_15:38:39.89976 host;user-agent;x-amz-date
2016-01-05_15:38:39.90057 62bd803266d1241d4d977f450bc1dec1a924d61a9fe6e7ca76a26c6acf706134'
2016-01-05_15:38:39.90077
2016-01-05_15:38:39.90098 The String-to-Sign should have been
2016-01-05_15:38:39.90172 'AWS4-HMAC-SHA256
2016-01-05_15:38:39.90196 20160105T153838Z
2016-01-05_15:38:39.90248 20160105/us-east-1/sqs/aws4_request
2016-01-05_15:38:39.90288 d1c80d30412173588b376b144733e905b8f3c4a0d25ca2637f9c679d85de0fb8' (Service: AmazonSQS; Status Code: 403; Error Code: SignatureDoesNotMatch; Request ID: 7a595cfc-0ab5-50d0-84f9-13f9ef0ac36e)
2016-01-05_15:38:39.90334       at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1077)
2016-01-05_15:38:39.90442       at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:725)
2016-01-05_15:38:39.90478       at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:460)
2016-01-05_15:38:39.90522       at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:295)
2016-01-05_15:38:39.90618       at com.amazonaws.services.sqs.AmazonSQSClient.invoke(AmazonSQSClient.java:2339)
2016-01-05_15:38:39.90660       at com.amazonaws.services.sqs.AmazonSQSClient.receiveMessage(AmazonSQSClient.java:1072)
2016-01-05_15:38:39.90764       at com.graylog2.input.cloudtrail.notifications.CloudtrailSQSClient.getNotifications(CloudtrailSQSClient.java:41)
2016-01-05_15:38:39.90810       at com.graylog2.input.cloudtrail.CloudTrailSubscriber.run(CloudTrailSubscriber.java:80)

Thanks

123dev commented 8 years ago

Any suggestions on how to zero-in on this? or is it a known issue?

Thanks

joschi commented 8 years ago

@123dev Please check if the latest release of this plugin fixes your issues: https://github.com/Graylog2/graylog-plugin-aws/releases/tag/0.6.0

123dev commented 8 years ago

Sorry Jochen, I missed your note and just got pinged when this ticket was closed.

I have already tested 0.6.0 and reported the issue here. Unfortunately that is a closed ticket Thankfully stepkirk has logged another ticket here

I'll track the development and resolution in that ticket. Thanks for the follow up. Looking forward to getting this plugin working again.