How to use this fix #36 with graylog for multiple AWS accounts?


#1

Hi All,

I wonder if there is any document/guide we have that describe how to use Graylog 2.3 for Multiple AWS accounts I believe there is a fix (#36) is performed to add this feature in the new version.

If there is none then, Do I have to perform the following steps to get the cloudtrail logs from multiple AWS Accounts ?

Create an IAM user in each account and give it the permission to access the SQS and S3 bucket as described in the GitHub
Define the access and secret key of each IAM user with SQS name and region in AWS cloudtrail Input in Graylog

Is that it ??

Please guide me if there is something else I need to do to get this working for me

Thanks,
Harris


#2

I have tried the above steps to set up my 2nd AWS account for Cloudtrail logs and got this error

2017-08-09_09:22:47.60336 ERROR [CloudTrailSubscriber] Could not read messages from SQS. This is most likely a misconfiguration of the plugin. Going into sleep loop and retrying.% com.amazonaws.services.sqs.model.QueueDoesNotExistException: The specified queue does not exist for this wsdl version. (Service: AmazonSQS; Status Code: 400; Error Code: AWS.SimpleQueueService.NonExistentQueue; Request ID: c405e1a8-9490-5892-85b4-b3ac4237c5ce)

Please can anyone guide what step am I missing to get this working

Thanks,
Harris


#3

Got it fixed. My S3 region was not correct
The above mentioned steps are correct


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.