Cloud to Cloud Log Collection
Currently, Cloud to Cloud log collection is available only for LogRhythm Cloud customers.
LogRhythm Cloud to Cloud (C2C) facilitates the creation, management, and collection of cloud log source information through a user interface in the Web Console. C2C credentials are used to safely and securely provision an appropriate collection method (either Open Collector with Beats or a System Monitor Agent).
In a future release, LogRhythm will host a System Monitor Agent in the cloud for collection of syslog from the Open Collector. This System Monitor Agent will also be able to collect cloud log sources that use the System Monitor Agent as their primary collection method. The Agent will have a maximum collection rate of 5000 MPS. Request for a System Monitor Agent is unnecessary.
As of LogRhythm 7.8.0, the following beats are supported for C2C collection:
- Azure Event Hub Beat
- Carbon Black Cloud Beat
- Cisco AMP Beat
- Duo Authentication Security Beat
- Gmail Message Tracking Beat
- Okta Beat
- PubSub Beat
- Sophos Central Beat
API log sources:
- Office365 Management activity
- Office365 Message Tracking
- AWS CloudTrail Events
- AWS CloudWatch Events and Alarms
- AWS Config Events
- AWS Simple Storage Service (S3) Events
- AWS S3 CloudTrail Events
For more details on configuring and initializing C2C collection using beats, see OCBeats.