AWS CloudTrail - Could not read messages from SQS

grayuser · October 18, 2017, 12:56pm

Hi,

I’ve configured the AWS-CloudTrail input in Graylog, but the graylog is unable to pull the logs.
The graylog log file shows the following error message:

2017-10-18T15:21:29.741+03:00 ERROR [CloudTrailSubscriber] Could not read messages from SQS. This is most likely a misconfiguration of the plugin. Going into sleep loop and retrying.
com.amazonaws.services.sqs.model.AmazonSQSException: Access to the resource https://sqs.eu-central-1.amazonaws.com/test-SQS is denied. (Service: AmazonSQS; Status Code: 403; Error Code: AccessDenied; Request ID: c2cc9cb6-95c8-59c7-a16e-ced7dc78fc36)

Please advise.

Thanks,
Grayuser

grayuser · October 23, 2017, 7:58am

Hi,

Any suggestions?

jan · October 23, 2017, 9:01am

my suggestion, check your credentials in graylog and check if you have enabled to access to the logs.

grayuser · October 23, 2017, 10:42am

Hi Jan,

Thanks for your response.

I’ve tested the “secret key” and the “access key” with third-party program and I was able to login to s3 and view the logs.
I also verified that the IAM user have permissions to read CloudTrail logs from S3 and write notifications from SQS.

system · November 6, 2017, 10:42am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to use this fix #36 with graylog for multiple AWS accounts? Graylog Add-ons	3	946	August 23, 2017
Problems While returning CloudTrail Events Graylog Add-ons	1	533	October 29, 2020
Cloudtrail input not running Graylog Central (peer support)	9	1169	March 21, 2018
AWS Plugin Returns "No S3 object keys parsed" Graylog Add-ons	1	655	June 6, 2019
Reading logs from s3 directly Graylog Add-ons	7	5264	March 21, 2018

AWS CloudTrail - Could not read messages from SQS

Related Topics