1 Reply Latest reply on Dec 8, 2016 2:29 PM by infoseced

    Amazon Cloudtrail

    pfabrizi

      Has anyone configured Amazon Cloudtrail in 9.6.0 Mr7 or at all?

       

      I am getting connection errors and there is no real error messages just a generic one. I opened a case with McAfee and they indicated it was on the Amazon side. My customer is indicating everything is correct on the Amazon side.

       

       

      Thanks!

        • 1. Re: Amazon Cloudtrail
          infoseced

          Yes.  What connection errors are you getting?  Are they from AWS SQS, or from the receiver.   I will assume that your APN and API key are good.  Your API account needs access to S3 bucket.  Also the SQS "events" / S3 log files cannot exceed a certain file size but I forget what that is.  It should be listed in the Cloudtrail config document.

           

          What is the name of the S3 bucket the logs are in?

           

          Simply there is an issue with the retrieval, and how the receiver handles (Concatenates) the URI for the S3 bucket name.    Mare sure the bucketname has no "." in the name.  If the bucket does, you need a new bucket, move the cloudtrail / flow logs to a new bucket.  Change SNS to draw from new bucket. Validate SQS is receiving messages from SNS.