Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications that run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, and set alarms. Amazon CloudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by your applications and services. This document explains how to configure the collection of CloudTrail events using the web console's cloud to cloud functionality. This is available to LRCloud customers only.
Prerequisites
Before you start to configure collection from AWS, you must ensure the following:
-
Customer is an LRCloud customer and has their environment hosted.
-
You have a valid AWS Access Key and Secret Access Key.
Initialize the Logs Source
-
Log into the web console as an Restricted Administrator User.
-
On the top navigation bar, click the Administration icon, and select Cloud Log Collection.
-
At the top of the page, click New Log Source.
-
Select the tile for AWS CloudWatch Alarms Sysmon Agent.
The Add AWS CloudWatch Alarms Log Source screen appears.
-
Enter the following details:
Setting
Default Value
Description
Name
N/A
Enter the name for this log source.
Description
N/A
(Optional) Enter a description for this log source.
Region
N/A
Enter the endpoint region code for the specific AWS CloudTrail S3 bucket (for example, us-east-1). For more information, refer to CloudTrail Regions and Endpoints.
Access Key ID
N/A
Enter the AWS Access Key ID. for example, AKIAIOSFODNN7EXAMPLE
Secret Key Access Key
N/A
Enter the AWS Secret Access Key for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Collect CloudWatch Alarms
true
To not collect Cloud Watch Alarms, set this value to false.
Collect CloudWatch Logs
true
To not collect Cloud Watch Logs, set this value to false.
CloudWatchLogGroupPrefix
all log groups
Specify which Log Groups you want to collect logs from.
-
Click Save.
Using the information provided, a new active log source is created and accepted in the client console. Collection should start automatically within a couple of minutes.
The log source's host is the Platform Manager. However, it is recommended that a new host entity is created and the log source is moved to the new host.
For security purposes, the values entered are encrypted using LRCrypt.
Default Config Values for AWS CloudWatch Alarms Log Source
|
Setting |
Default Value |
|---|---|
|
APIPollingIntervalInMs |
5000 |
|
APIRetryCount |
3 |
|
MaxResultCount |
50 |
|
MaxResultCountLogs |
1000 |
|
StartupDelayInSeconds |
30 |