I’m total newbie to graylog. I have a central S3 bucket receiving cloudtrail logs from other accounts. I’m using sherzberg/graylog-plugin-s3 for fetching logs into graylog. An issue with cloudtrail logs is that it has multiple events combined. I want to separate each event into its own log entry in graylog and have it indexed. How can I achieve this?
I tried using the bundled aws plugin, for some reason its not working. Anyways i would need to figure out this since I have plans to fetch other types of logs from S3 too.
you might have already an answer to this or your other question ( Cloudtrail plugin is not reading messages from SQS ) if you provide more information and describe what you have done how. What you have configured and what error you are getting or what is not working in the way you think it should work.
Maybe it is just a design question - but it looks like with the given information no one is able to help you.
I have spinned up graylog in my aws account using the prebaked ami. I have a s3 bucket receiving cloudtrail logs from other accounts. i have set up sns and sqs. I can see messages reaching the queue. For some reason, my graylog instance is not reading the logs. I can see only this message in the log
’2018-02-26_15:45:48.23276 INFO [CloudTrailTransport] Starting cloud trail subscriber’. I’m using the native aws plugin in graylog 2.4
Hi Community, is anyone facing this issue? For some reason aws graylog plugin is not reading cloudtrail logs. I’m not getting any error messages. it’s just that the SQS size is increasing.
