- This topic has 0 replies, 1 voice, and was last updated 2 years, 11 months ago by
.
-
Posts
-
To integrate Cloudwatch with Precinct, we need to create Access Keys (see: https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html)
The Access Keys need the following permissions:- AmazonEC2ReadOnlyAccess
- CloudWatchLogsReadOnlyAccess
- AWSCloudtailReadOnlyAccess
Plug the Access and Secret key into the WitFoo Precinct UI at Admin -> Settings -> Streamer Integrations -> Amazon Web Services Cloudwatch. Click Enable, then Save icon.
As a quick overview, logging follows this workflow:
The AWS Network logs communications to Cloudwatch in Cloudtrail format. This is enabled by default.
Cloudwatch agents on servers send logs to Cloudwatch (see: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-commandline-fleet.html)- Be sure to note that if you enable new services (Apache, Mail, etc), the Cloudwatch configuration needs to be enabled for those services.
Precinct will make an API call to Cloudwatch using the integration above to ingest and analyze all of those records.
Use this guidance to ensure VPC Flow Logs are properly set up for CloudWatch.
Troubleshooting “Access Error” for VPC Flow Log.
- You must be logged in to reply to this topic.