AWS CloudTrail - Could not read messages from SQS


(john) #1

Hi,

I’ve configured the AWS-CloudTrail input in Graylog, but the graylog is unable to pull the logs.
The graylog log file shows the following error message:

2017-10-18T15:21:29.741+03:00 ERROR [CloudTrailSubscriber] Could not read messages from SQS. This is most likely a misconfiguration of the plugin. Going into sleep loop and retrying.
com.amazonaws.services.sqs.model.AmazonSQSException: Access to the resource https://sqs.eu-central-1.amazonaws.com/test-SQS is denied. (Service: AmazonSQS; Status Code: 403; Error Code: AccessDenied; Request ID: c2cc9cb6-95c8-59c7-a16e-ced7dc78fc36)

Please advise.

Thanks,
Grayuser


(john) #2

Hi,

Any suggestions?


(Jan Doberstein) #3

my suggestion, check your credentials in graylog and check if you have enabled to access to the logs.


(john) #4

Hi Jan,

Thanks for your response.

I’ve tested the “secret key” and the “access key” with third-party program and I was able to login to s3 and view the logs.
I also verified that the IAM user have permissions to read CloudTrail logs from S3 and write notifications from SQS.


(system) #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.