Skip to main content
Skip table of contents

Initialize the AWS S3 Beat

This section provides instructions for initializing the AWS S3 beat after configuration.


  • Open Collector is installed. If you have not already installed it, follow the instructions in the Open Collector Installation and User Guide, and then return to this topic.
  • AWS queues are set up.
  • The event on the bucket is configured so that the actions performed on the bucket are sent to the queue from which the s3beat service is listening.
  • The queues and bucket are on the same region, and the proper permission has been granted to the queue.
  • The following port is open:





    Outbound443HTTPSAWSS3 Beat

Initialize the Beat

  1. Confirm Open Collector is running:

    ./lrctl status 

    You should see the open_collector and metrics versions:

    If Open Collector is not running correctly, see Troubleshoot the Open Collector in the Open Collector Installation and User Guide.
  2. Start the beat:

    ./lrctl s3beat start
  3. Select a new s3beat instance and enter a unique identifier for this instance.

  4. Tell the service whether you have deployed the s3beat service in AWS.

    • If you enter N, it is assumed that deployment is done on-premise (not in AWS), and the user must enter security credentials.

      1. Enter the access key of your s3beat AWS application, which you should have saved from the Configure AWS S3 section.

        The secret access key and access keys are saved in encrypted format.

      2. Enter the s3beat secret access key of your s3beat AWS application, which you should have saved from the Configure AWS S3 section.

    • If you enter Y, it is assumed that the deployment is done in AWS, so security credentials are not required.

  5. Enter your s3beat sqs queue and region in the format queuename:region. You can configure multiple queuename and region combinations.

  6. To save the configuration, type c.
  7. If you want to enable cross-account access of some objects, type y. Otherwise, press Enter and go to the next numbered step.

    1. Enter your s3beat ARN for the assume role cross account access in the mentioned format. You can enter multiple ARNs. When you have finished entering your ARNs, type c.

  8. If you want to provide multiline pattern regex, type y. Otherwise, press Enter.
  9. The configuration has been saved and the service has started successfully.
  10. Check the status of the service:

    ./lrctl s3beat status 

Default Config Values for S3Beat:

S. No.

Field Name

Default Value

1.AWSAccessKeyIDUser Provided
4.AWSSecretAccessKeyUser Provided


6.QueueListUser Provided
10.multiline.patternUser Provided

This flag is the Assume role ARN from AWS for cross account access in the format:



This flag enables user to access cross account logs retrieval using Sts:AssumeRole for s3beat deployment.


This flag sets the maximum session duration of IAM role assigned to ARN used for Assume role.
For commands to inspect or edit a configuration, see the configuration information in Open Collector Installation Tips.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.