AWS CloudTrail - Could not read messages from SQS

(john) #1


I’ve configured the AWS-CloudTrail input in Graylog, but the graylog is unable to pull the logs.
The graylog log file shows the following error message:

2017-10-18T15:21:29.741+03:00 ERROR [CloudTrailSubscriber] Could not read messages from SQS. This is most likely a misconfiguration of the plugin. Going into sleep loop and retrying. Access to the resource is denied. (Service: AmazonSQS; Status Code: 403; Error Code: AccessDenied; Request ID: c2cc9cb6-95c8-59c7-a16e-ced7dc78fc36)

Please advise.


(john) #2


Any suggestions?

(Jan Doberstein) #3

my suggestion, check your credentials in graylog and check if you have enabled to access to the logs.

(john) #4

Hi Jan,

Thanks for your response.

I’ve tested the “secret key” and the “access key” with third-party program and I was able to login to s3 and view the logs.
I also verified that the IAM user have permissions to read CloudTrail logs from S3 and write notifications from SQS.

(system) closed #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.