Log Management and Analytics

Explore the full capabilities of Log Management and Analytics powered by SolarWinds Loggly

View Product Info


Infrastructure Monitoring Powered by SolarWinds AppOptics

Instant visibility into servers, virtual hosts, and containerized environments

View Infrastructure Monitoring Info

Application Performance Monitoring Powered by SolarWinds AppOptics

Comprehensive, full-stack visibility, and troubleshooting

View Application Performance Monitoring Info

Digital Experience Monitoring Powered by SolarWinds Pingdom

Make your websites faster and more reliable with easy-to-use web performance and digital experience monitoring

View Digital Experience Monitoring Info

Blog How-tos

Better monitoring using AWS CloudTrail

By Bill Fried 11 Jan 2017

If you’re running on AWS, you probably use AWS CloudTrail. AWS CloudTrail logs are important because they provide an audit trail of modifications to and interactions with your AWS-hosted deployments. They provide useful insights for both operational and security-related monitoring. Here’s how the Loggly Application Pack for AWS CloudTrail makes this monitoring easier and more effective.

AWSCloudTrailAppPack 2

Sending your AWS CloudTrail data to Loggly is quick to set up because it leverages our integration with Amazon S3. You give Loggly your S3 bucket name and permission to read from that bucket, and Loggly pulls your log data out in real time. Loggly automatically parses AWS CloudTrail data so that you can see a visual view and event counts in the Loggly Dynamic Field Explorer™.

The Loggly Application Pack for AWS CloudTrail automatically installs a dashboard and several Saved Searches into your Loggly account, giving you answers to the key questions addressed in your AWS CloudTrail logs. The CloudTrail Application Pack dashboard includes the following six widgets:

  1. Top AWS CloudTrail Event Sources in the Last Day

    This chart shows you which of your AWS services have been modified or interacted with by your AWS administrators. Use it to find any unexpected activity.

  2. Top AWS CloudTrail Error Sources in the Last Day

    The error sources chart breaks down the number of errors by service. If a particular service is generating a lot of errors, you’ll want to investigate.

  3. AWS CloudTrail Top Users in the Last Day

    This chart illustrates who is interacting with your services, by username. Unexpected activity levels or unknown usernames can reveal a security breach.

  4. AWS CloudTrail Top Error Messages in the Last Day

    Similar to the error sources chart, it’s helpful to have a visual view of error messages because it guides your troubleshooting efforts.

  5. AWS CloudTrail EC2 Instance Changes Last Day

    This chart creates a timeline view of the number of instances started and stopped over the last day. It can be helpful in establishing a timeline for a problem that occurred.

  6. AWS CloudTrail Failed Logins Last Week

    Visibility into failed logins is an important way to track attempted security breaches. In addition to monitoring this on a dashboard, you can quickly set up alerts that let you know when a failed login has occurred.

Saved Searches Speed Up Your Analysis

Loggly’s Application Packs also create saved searches for many of the analyses we described above, so that you can view the relevant log events without any additional effort. One additional saved search is on new key pairs that were created or imported.

Saved searches are all accessible from the star icon right next to the search button.

AWSCloudTrailAppPack 1

All AWS users should take advantage of the insights that AWS CloudTrail provides. With Loggly, this level of monitoring is simple to set up. If you haven’t tried Loggly yet, now is the time!


Additional Reading

Resource Types Supported by CloudTrail API Activity History (AWS CloudTrail Documentation)

How to set up AWS CloudTrail Logging

The Loggly and SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.
Bill Fried

Bill Fried