Has anyone successfuly used Graylog to automatically ingest logs from Cisco’s Umbrella service (formally OpenDNS)? Umbrella stores the logs in AWS S3 buckets. I don’t think that the Graylog options to read AWS Logs are from S3 buckets - looks like it’s expecting a Kinesis stream.
They recommend the use of s3tools which allows you to run a command line utility. Can this be automated directly in Graylog or will I have to have a totally seperate process to download the logs. According to the Umbrella support article:
The logs are stored in a compressed (gzip) archive in CSV format. Logs are uploaded every ten minutes so there’s a minimum of delay between network traffic coming from your network, being logged by Umbrella and then being available to download from S3.