Help Document

Manage Cloud Sources

  1. Logging setup: Amazon CloudTrail Logs
  2. Logging setup: Amazon S3 server access logs
  3. Logging setup: Amazon ELB access logs
  4. Enable/disable cloud source
  5. Delete a cloud source

Logging setup: Amazon CloudTrail Logs

CloudTrail is an API log monitoring web service offered by AWS. It enables AWS customers to record API calls and sends these log files to Amazon S3 buckets for storage. The service provides details of API activity such as the identity of the API caller, the time of the API call, the source IP address of the API caller, the requests made and response elements returned by the AWS service. In addition, it captures a few non-API events (AWS service events and AWS console sign-in events).

CloudTrail can also be configured to publish a notification for every log file that is delivered, allowing users to take action upon log file delivery.

(I) Enable CloudTrail

  • Login to the AWS console.
  • Go to AWS Services → Management Tools → CloudTrail.
  • Choose trail log bucket.
  • Click Add new trail

II) Add the created Cloudtrail's trail log bucket as a data source in Log360 Cloud

  • Login to the Log360 Cloud console.
  • Go to Settings > Configuration > Manage Cloud Sources and click on Add Data Source.
  • Manage Cloud Sources

  • Select CloudTrail from the Data source drop-down menu.
  • Manage Cloud Sources

  • Choose the Log Fetch Mode, AWS region, the Trail and log bucket.
  • Manage Cloud Sources

  • Click Configure.

Logging Setup: Amazon S3 server access logs

What is S3 server access logging?

Requests to access S3 bucket can be tracked via access logging. Each access log record provides details about a single access request, such as the requester, bucket name, request time, request action, response status, and error code, if any. This access log information can be useful in identifying the nature of traffic.

Follow the below given steps to add Amazon S3 server access logs as a data source in Cloud Security Plus.

  • Login to the Log360 Cloud console.
  • Go to Settings > Configuration > Manage Cloud Sources and click on Add Data Source.
  • Select S3 Server Access Logs from the Data source drop-down menu.
  • Manage Cloud Sources

  • Select the S3 Bucket for which you want to enable access logging.
  • Manage Cloud Sources

  • Click Click Configure..

Logging setup: Amazon ELB access logs

Elastic Load Balancer access logs capture information about requests made to load balancers and can be used to analyze traffic patterns and troubleshoot issues. These logs contain details such as the time the request was received, the client's IP address, latencies, request paths, and server responses.

Follow the below given steps to add Amazon ELB access logs as a data source in Cloud Security Plus.

  • Login to the Log360 Cloud console.
  • Go to Settings > Configuration > Manage Cloud Sources and click on Add DataSources.
  • Select ELB Access Logs from the Data source drop-down menu.
  • Manage Cloud Sources

  • Select the Region and Load Balancer for which you want to enable access logging.
  • Manage Cloud Sources

  • Click Configure.

Enable/disable cloud source

Enabling a cloud source:

To enable a cloud source in Log360 Cloud,

  • Click icon icon-disable located under the Actions column for the data source you want to enable.
  • Manage Cloud Sources

  • The data source will be enabled.

Disabling a cloud source:

To disable a cloud source in Log360 Cloud,

  • Click icon icon-enable located under the Actions column for the data source you want to disable.
  • Manage Cloud Sources

  • The data source will be disabled.

Delete a cloud source

To delete a cloud source in Log360 Cloud,

  • Click delete icon icon-delete located under the Actions column for that particular data source.
  • Manage Cloud Sources

  • The data source will be deleted.