Simple Log Service provides the Log Analysis for AWS CloudTrail application that you can use to collect logs from Amazon Web Services (AWS) CloudTrail to Simple Log Service. Then, you can store, query, analyze, and visualize the collected logs. This topic describes the features, workflow, assets, and billing of the Log Analysis for AWS CloudTrail application.
Alibaba Cloud has proprietary rights to the information in this topic. This topic describes the capabilities of Alibaba Cloud to interact with third-party services. The names of third-party companies and services may be referenced.
Feature description
The application allows you to import CloudTrail data after simple configurations For more information, see Import logs from AWS CloudTrail to Simple Log Service.
The application provides out-of-the-box dashboards to help you analyze and audit various events within your AWS account. The dashboards are classified into the following categories: Global Auditing and Service Auditing.
The application supports custom query and analysis of collected data.
Workflow
Before you can use the Log Analysis for AWS CloudTrail application to collect logs from AWS CloudTrail to Simple Log Service, you must create a trail in the AWS CloudTrail console and create a queue in the Amazon Simple Queue Service (SQS) console.
Assets
You can view the assets of the application in the project that you specify. The following assets are included:
Logstore
After you collect logs from AWS CloudTrail to Simple Log Service, Simple Log Service automatically generates a Logstore named in the aws_cloudtrail_**** format to store the logs. Simple Log Service also creates indexes for the Logstore.
Dashboards
Dashboard
Description
Global Auditing
Overview
Displays the overall information of all events that are recorded by AWS CloudTrail in charts. The information includes the number of events, number of source services, number of source regions, number of Insights events, event distribution by event type, event distribution by source region, and event trends.
Logon Auditing
Displays information about the sign-in events that are recorded by AWS CloudTrail in charts. The information includes the distribution of global sign-in events, trends of successful sign-in events and failed sign-in events, distribution of failed authentication events, and global distribution of failed authentication events.
Service Auditing
S3 Data Event
Displays information about Amazon Simple Storage Service (S3) data events that are recorded by AWS CloudTrail in charts. The information includes the list of buckets, number of operations on objects, number of read operations on objects, number of write operations on objects, number of delete operations on objects, and trends of operations on objects.
NoteThe dashboard displays data only if the trail that you create in AWS CloudTrail records data events. For more information, see Data events.
IAM Auditing
Displays information about Identity and Access Management (IAM) events that are recorded by AWS CloudTrail in charts. The information includes the number of error events, distribution of IAM error events, list of error events, distribution of user change events, and list of user change events.
Network and Security Auditing
Displays information about network and security events that are recorded by AWS CloudTrail in charts. The information includes the distribution of change events for virtual private clouds (VPCs), list of change events for VPCs, distribution of change events for network firewalls, and list of change events for network firewalls.
Billing
When you collect logs from AWS CloudTrail to Simple Log Service, you are charged for the read traffic on Amazon SQS and Amazon S3. For more information, see AWS pricing.
After data is stored in Simple Log Service, you are charged for the storage, read traffic, number of requests, data transformation, and data shipping. The fees are included in your Simple Log Service bills. For more information, see Billable items of pay-by-feature.