cancel
Showing results for 
Search instead for 
Did you mean: 
pfabrizi
Level 9

Amazon Cloudtrail

Has anyone configured Amazon Cloudtrail in 9.6.0 Mr7 or at all?

I am getting connection errors and there is no real error messages just a generic one. I opened a case with McAfee and they indicated it was on the Amazon side. My customer is indicating everything is correct on the Amazon side.

Thanks!

0 Kudos
1 Reply
infoseced
Level 7

Re: Amazon Cloudtrail

Yes.  What connection errors are you getting?  Are they from AWS SQS, or from the receiver.   I will assume that your APN and API key are good.  Your API account needs access to S3 bucket.  Also the SQS "events" / S3 log files cannot exceed a certain file size but I forget what that is.  It should be listed in the Cloudtrail config document.

What is the name of the S3 bucket the logs are in?

Simply there is an issue with the retrieval, and how the receiver handles (Concatenates) the URI for the S3 bucket name.    Mare sure the bucketname has no "." in the name.  If the bucket does, you need a new bucket, move the cloudtrail / flow logs to a new bucket.  Change SNS to draw from new bucket. Validate SQS is receiving messages from SNS.

0 Kudos