Loggly and AWS CloudTrail: A Simple Way to Operate Smarter

 

At Loggly, we’re really excited to be participating in the AWS CloudTrail launch and more importantly, making our support for AWS CloudTrail available to our base of more than 3,500 log management customers. Because Loggly’s customers tend to be cloud-centric organizations, a huge percentage of them run all or part of their applications on AWS. And they are always looking for new ways to operate smarter and sharpen their competitive edges. Support for CloudTrail is coming soon!

Until now, there hasn’t been a good way to get a record of AWS API calls made on your account. AWS CloudTrail fills an important information need for our customers; and Loggly makes that information much more consumable for solving real operational problems.

AWS CloudTrail support is now built into the Loggly platform, giving customers the ability to search, analyze, and alert on AWS CloudTrail log data. Loggly reads AWS CloudTrail logs directly from our joint customers’ AWS S3 buckets. All of the logs are automatically parsed and indexed so that customers can get quick answers to their key questions:

  • What actions did a user take over a given period of time?
  • For a given resource, which AWS user has taken actions on it over a given time period?
  • What is the source IP address of a given activity?
  • Which user activities failed due to inadequate permissions?
  • Which user changed the settings of a security group and when did the change occur?
  • When was a particular Elastic IP (dis)associated with a network interface?
  • Which user launched or terminated an EC2 instance?

With Loggly’s event parsing capabilities, it’s easy to see all of the structured fields that are in the AWS CloudTrail data. Then, you can immediately drill down on a user, source IP address, or other facet and narrow down or rule out potential causes of a particular issue. In addition, customers of our Standard and Pro plans can set up alerts that inform their security teams when a user performs too many actions or let them know if activity has spiked on a particular source IP.

loggly_cloudtrail_uniq

loggly_cloudtrail_eventViewO

Loggly’s customizable dashboards can show exactly who is creating and terminating AWS instances. These dashboards include great point-and-click charting capabilities, which really help users make intuitive sense of the data — and give more compelling presentations to their bosses.

loggly_cloudtrail_dashboard

The best news of all is that the integration is incredibly easy to set up, and available to all our customers. Just supply the appropriate S3 bucket name, and the data will be pulled by Loggly in real-time. Not currently a Loggly customer? Sign up today and get instant access to AWS CloudTrail in Loggly.

Loggly has grown to more than 3,500 customers by offering a cloud-based log management service that’s simple to set up and simple to use for operational troubleshooting. Given the huge role that AWS plays in our customer base, adding support for AWS CloudTrail was a simple decision to make.


2 comments

  • Somu

    3 years ago

    I have signed up with Loggly but still don’t see the CloudTrail option enabled under Accounts. When will this be made available?

    • Hector Angulo

      Hector Angulo

      3 years ago

      You should see it by clicking on your user name in top right and select ‘account’. Then you will see ‘CloudTrail’ as an option

Share Your Thoughts

Top