AWS CloudTrail Loggly Integration

Loggly and AWS CloudTrail: A Simple Way to Operate Smarter

AWS CloudTrail log support is now built into the Loggly platform, providing real-time search, analysis, and alerting on your AWS CloudTrail log data. We read AWS CloudTrail logs directly from your AWS S3 bucket. All of the logs are automatically parsed and indexed so that you can get quick answers to questions like:

“AWS CloudTrail data provides an expanded view of AWS user activity that was previously challenging to capture and access. Now Loggly natively distills AWS CloudTrail data into an easily consumable format so that customers can use it to address security and compliance issues and to resolve real-time operational problems.”

Jim Nisbet, VP of Engineering and CTO, Loggly

  • For a given resource, which AWS user has taken actions on it over a given time period?

  • What is the source IP address of a given activity?

  • Which user activities failed due to inadequate permissions?

  • Which user changed the settings of a security group and when did the change occur?

  • When was a particular Elastic IP (dis)associated with a network interface?

  • Which user launched or terminated an EC2 instance?

AWS CloudTrail logs are important because they provide an audit trail of modifications to and interactions with AWS-hosted deployments. Loggly makes that information much more  consumable by DevOps professionals and actionable for problem solving.  Cloud-centric organizations that run their businesses on AWS will find that Loggly’s support for AWS CloudTrail improves operational effectiveness.

JSON Event Parsing

Key Capabilities:

  • Dead simple setup: Supply the appropriate S3 bucket name & give Loggly permission to read from the bucket, and the data will be pulled by Loggly in real-time.

  • Automated event parsing: It’s easy to see all of the structured fields that are in the AWS CloudTrail data. Drill down on a user, source IP address, or other field to narrow down or rule out potential causes of a particular issue.

  • Dashboard

    Alerting: Customers of our Standard and Pro plans can set up alerts that inform their security teams when a user performs too many actions or let them know if activity has spiked on a particular source IP.

  • Customizable dashboards: See exactly who is creating and terminating AWS instances.

With over 3,500 customers, Loggly is the world’s most popular cloud-based log management service. With no agents to install, you can be up and running in minutes. Get started for free today.