search

aws-samples / siem-on-amazon-opensearch-service

A solution for collecting, correlating and visualizing multiple types of logs to help investigate security incidents.
MIT No Attribution
558 stars 185 forks source link

Need help with showing RDS logs #416

Closed apseftis86 closed 9 months ago

apseftis86 commented 9 months ago

Hello,

I have used Kinesis a couple of times now to put logs into the logging bucket and it has all shown up on the dashboard. However, I am trying to do the same with RDS and I don't know what the correct output prefix is supposed to be. I have tried many different options currently I am on. AWSLogs/<account>/MySQL/us-east-1/error/2023/10/13/15/<name of stream>-<random set of characters> The logs that are in there have not gotten parsed from the es-loader. I have been tailling logs for a while now and I don't see any attempts to even read the log when I filter for 'MySQL'. I am trying to figure out what I am doing wrong. Thanks.

nakajiak commented 9 months ago

We will create log exporter and updated the doc.

nakajiak commented 9 months ago

Added log exporter for MySQL and updated docs; https://github.com/aws-samples/siem-on-amazon-opensearch-service/blob/9cec31/docs/configure_aws_service.md#rds-aurora-mysql--mysql--mariadb Please let me know if it doesn't solve the issue.

apseftis86 commented 9 months ago

Looks like it works. I didn't use the log exporter cloud formation I was just able to add the RDS to what I had for the s3 bucket prefix and it worked. Thank you.

nakajiak commented 9 months ago

It's awesome! Thanks for the feedback