Logentries Docs

Find comprehensive guides and documentation to help you start and continue to work with Logentries.

    

Search results for "{{ search.query }}"

No results found for "{{search.query}}". 
View All Results

Cloudtrail Logs via Lambda

You can use the AWS Management Console to configure CloudTrail to send log events to CloudWatch and stream the events to a Lambda function that forwards them to Logentries.

Creating a Log Group or Specifying an Existing Log Group

CloudTrail uses a CloudWatch Logs log group as a delivery endpoint for log events. You can create a new log group or specify an existing one.

To specify a log group using the console

  1. Navigate to the CloudTrail Trails page.
  2. Click the name of the trail that you want to configure.
  3. In the CloudWatch Logs (Optional) box, do one of the following:
    • If you do not yet have any CloudWatch logs configured, click Configure.
    • If you already have one or more CloudWatch logs configured, click the Edit (pencil) icon to the right of CloudWatch Logs(Optional).
  4. In the New or existing log group box, type a log group name to organize CloudTrail events for you to review using CloudWatch Logs, and then click Continue.

Note
For recommended log group naming conventions, see Log Group and Log Stream Names.
Next, specify a role for CloudTrail to assume to deliver events to the log stream.

Specify a Role

To specify a role using the console

  1. By default, the CloudTrail_CloudWatchLogs_Role is selected for you. To verify this, click View Details and look at the IAM Role box. The default role policy contains the permissions required for creating a CloudWatch Logs log stream in a log group that you specify and for delivering CloudTrail events to that log stream. To see the contents of the role policy, click View Policy Document.

Note
You can specify another role, but you must attach the appropriate role policy to the existing role if you want to use it to send log events to CloudWatch Logs.

  1. Click Allow.

When you are finished with these steps in the console, the CloudTrail trail will be set up to use the log group and role you specified to send events to CloudWatch Logs. If the trail you configured to use CloudWatch Logs receives log files across regions, events from all regions will be sent to the CloudWatch Logs log group that you specified.

Set up le-aws-cloudwatch Lambda function

Obtain log token(s)

  1. Log in to your Logentries account
  2. Add a new token based log
    • Optional: repeat to add second log for debugging

Deploy the script on AWS Lambda

  1. Create a new Lambda function

    Create Function

  2. On the "Select Blueprint" screen, press "Skip"

    Choose Blueprint

  3. Configure function:

    • Give your function a name
    • Set runtime to Python 2.7

    Create Function

  4. Edit code:

    • Edit the contents of le_config.py
    • Replace values of log_token and debug_token with tokens obtained earlier.
    • Create a .ZIP file, containing the updated le_config.py, le_cloudwatch.py and le_certs.pem
      • Make sure the files are in the root of the ZIP archive, and NOT in a folder
    • Choose "Upload a .ZIP file" in AWS Lambda and upload the archive created in previous step

    Create Function

  5. Lambda function handler and role

    • Change the "Handler" value to le_cloudwatch.lambda_handler
    • Create a new basic execution role (your IAM user must have sufficient permissions to create & assign new roles)

    Create Function

  6. Allocate resources:

    • Set memory to 128 MB
    • Set timeout to ~2 minutes (script only runs for seconds at a time)

    Create Function

  7. Enable function:

    • Click "Create function"

    Create Function

Configure CloudWatch Stream

  1. Create a new stream:

    • Select CloudWatch log group containing your CloudTrail events
    • Navigate to "Actions / Stream to AWS Lambda"

    Stream to Lambda

  2. Choose destination Lambda function:

    • Select the AWS Lambda function deployed earlier from drop down menu
    • Click "Next" at the bottom of the page

    Select Function

  3. Configure log format:

    • Choose the correct log format from drop down menu
    • Specify subscription filter pattern
    • Click "Next" at the bottom of the page

    Log Format

  4. Review and start log stream

    • Review your configuration and click "Start Streaming" at the bottom of the page

    Start stream

  5. Watch your logs come in:

Cloudtrail Logs via Lambda