Hi there
I went through the documentation for setting up the Cloudtrail plugin
for US-WEST-2 and US-EAST-1 and got it all working - the Cloudtrail
records showed up in graylog/elasticsearch
Then I configured the same S3 bucket for all the other regions - and AWS
console shows a new hierarchy of "directories" (or whatever AWS calls
such things) showed up under the S3 bucket - demonstrating to me that
all regions are now logging to the same bucket
As I had already got US-WEST-2 and US-EAST-1 working, I simply created a
bunch of new Inputs using the same creds - with only the region being
different. But it didn't work: their data isn't being logged into
graylog and server.log is full of the appended error. Yes I checked and
they are all configured the same way :-)
I'm not that knowledgeable about AWS, but I can't see how it's not
working. It all looks like it's dumping to the one S3 bucket correctly
within the AWS console, and graylog is working for two regions - so how
can the other ones not be working? Do you have to set more permissions
for some reason? (I can't see how - if it was a perms issue, surely
US-WEST2/US-EAST-1 wouldn't work either?). I've tried deliberately using
bad creds and get a different error - so that's not it
Any ideas what I've screwed up? Thanks
Jason
2015-08-24T05:21:45.578-04:00 ERROR [CloudTrailSubscriber] Could not
read messages from SNS. This is most likely a misconfiguration of the
plugin. Going into sleep loop and retrying.
com.amazonaws.services.sqs.model.QueueDoesNotExistException: The
specified queue does not exist for this wsdl version. (Service:
AmazonSQS; Status Code: 400; Error Code:
AWS.SimpleQueueService.NonExistentQueue; Request ID:
cf8f9757-6553-5c24-b2cf-d903813a3862)
at
com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1077)
at
com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:725)
at
com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:460)
at
com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:295)
at
com.amazonaws.services.sqs.AmazonSQSClient.invoke(AmazonSQSClient.java:2339)
at
com.amazonaws.services.sqs.AmazonSQSClient.receiveMessage(AmazonSQSClient.java:1072)
at
com.graylog2.input.cloudtrail.notifications.CloudtrailSQSClient.getNotifications(CloudtrailSQSClient.java:41)
at
com.graylog2.input.cloudtrail.CloudTrailSubscriber.run(CloudTrailSubscriber.java:80)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/55DAE709.9030100%40trimble.com.
For more options, visit https://groups.google.com/d/optout.
