Cloudtrail integration with Graylog


(rsahu) #1

I need to setup Graylog to parse logs it receives from CloudTrail
Have done the following steps for my account in eu-west -2 but in the grayling stream i can see the us-east-1 logs(sts.amazonaws.com:AssumeRole in us-east-1 by logs.amazonaws.com / null)
– Create SNS Topic
– Create SQS and subscribe to that SNS topic
– Enable CloudTrail Logs and use the SNS topic
– Install aws plugin for graylog.
– Create IAM User and attach the relevant Policies to that user
Configure Graylog plugin to use the user access key and secret key
can someone please let me know if i have missed any step.


(Jochen) #2

Have you read and followed the instructions in the Graylog AWS Plugin README?


(rsahu) #3

Yes I have read and followed all the instructions mentioned in the README but still no luck. Do i have to check anything else which can help me to troubleshoot this issue.


(rsahu) #4

The graylog server is configured in the management VPC. VPC peering is configured between the mgmt vpc and my vpc. The SNS and SQS is configured in the mgmt vpc.


(system) #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.