AWS Kinesis/CloudWatch Input

The AWS Kinesis/CloudWatch input allows Graylog to read log messages from CloudWatch via Kinesis. Kinesis is required to stream messages to Graylog before messages can be read from CloudWatch.

The following message types are supported:

  • CloudWatch Logs
    Raw text strings within Cloudwatch.

  • CloudWatch Flow Logs
    Flow Logs within a Cloud Watch log group.

  • Kinesis Raw Logs
    Raw text strings written to Kinesis.

Manual Setup Flow

For this setup to function as expected, the Least Privilege Policy shown below must be allowed for the authorized user (see Permission Policies below).

  1. AWS Kinesis Authorize
    Type in the input name, AWS Access Key, AWS Secret Key, and select AWS Region to authorize Graylog. Click the Authorize & Choose Stream button to continue.

  2. AWS Kinesis Setup
    Select the Kinesis stream to pull logs. Click the Verify Stream & Format button to continue.

  3. AWS CloudWatch Health Check
    Graylog will read a message from the Kinesis stream and check its format. Graylog will automatically parse the message if it is a Flow Log.

  4. AWS Kinesis Review
    The final step to review and finalize the details for the input.

Automatic Setup Flow

Walk through the setup to add the AWS Kinesis/CloudWatch input to Graylog. For this setup to function as expected, the Recommended Policy, shown below, must be allowed for the authorized user (see Permission Policies below).

  1. AWS Kinesis Authorize
    Type in the input name, AWS Access Key, AWS Secret Key, and select AWS Region to authorize Graylog. Click the Authorize & Choose Stream button to continue (see image above).

  2. AWS Kinesis Setup
    In the blue dialog box pictured in the image above, click the Setup Kinesis Automatically button. Type in a name for the Kinesis stream name, and select a Cloudwatch log Group from the dropdown list. Click the Begin Automated Setup button. A Kinesis Auto Setup Agreement prompt will appear. Read the agreement, and click I Agree! Create these AWS resources now (see images below).

The auto-setup details and references the resources that were created. Click the Continue Setup button (see Executing Auto-Setup image below).

  1. AWS CloudWatch Health Check
    Graylog will read a message from the Kinesis stream and check its format. Graylog will attempt to automatically parse the message if it is of a known type.

  2. AWS Kinesis Review
    Review and finalize the details for the input

Permission Policies

Manual Setup Flow Permissions

aws 3

Automatic Setup Flow Permissions

aws 4