davidjiglesias
commented
2 years ago Thanks @hitman28594 for your time to contribute. We are actively working in improvements for the aws-s3 wodle and the other cloud integrations.
Closed hitman28594 closed 1 year ago
davidjiglesias
commented
2 years ago Thanks @hitman28594 for your time to contribute. We are actively working in improvements for the aws-s3 wodle and the other cloud integrations.
davidjiglesias
commented
1 year ago Custom bucket improvements to be done in https://github.com/wazuh/wazuh/issues/13577
Description
Tasks
Hello team,
I am writing to highlight several issues and improvements opportunities with the aws-s3 Wodle.
https://github.com/wazuh/wazuh/issues/13847 https://github.com/wazuh/wazuh/issues/13577
Log collection Improvements:
add support for a new bucket_type to ingest any JSON logs.
add support for a new bucket_type to ingest CSV formatted logs, with option to specify the csv separator/delimiter.
The s3 wodles cloudtrail.db only stores “1000” entries per bucket type. When monitoring large buckets or multiple buckets of the same “bucket_type” this causes the monitoring to stop working for some of the configured buckets as the Wodle forgets it ever monitored certain paths/files.
there should be a check in the aws-s3 Wodle to confirm that the number of events ingested by the Wodle matches the number of raw events in the bucket/logfile. These inconsistencies should be monitored and reported even if they are ignored or skipped.
support for monitoring multi-line logs stored within an s3 bucket… basically any option available to localfile, should be available to the aws-s3 Wodle.
Other non log-collection improvements: