Hi there I went through the documentation for setting up the Cloudtrail plugin for US-WEST-2 and US-EAST-1 and got it all working - the Cloudtrail records showed up in graylog/elasticsearch
Then I configured the same S3 bucket for all the other regions - and AWS console shows a new hierarchy of "directories" (or whatever AWS calls such things) showed up under the S3 bucket - demonstrating to me that all regions are now logging to the same bucket As I had already got US-WEST-2 and US-EAST-1 working, I simply created a bunch of new Inputs using the same creds - with only the region being different. But it didn't work: their data isn't being logged into graylog and server.log is full of the appended error. Yes I checked and they are all configured the same way :-) I'm not that knowledgeable about AWS, but I can't see how it's not working. It all looks like it's dumping to the one S3 bucket correctly within the AWS console, and graylog is working for two regions - so how can the other ones not be working? Do you have to set more permissions for some reason? (I can't see how - if it was a perms issue, surely US-WEST2/US-EAST-1 wouldn't work either?). I've tried deliberately using bad creds and get a different error - so that's not it Any ideas what I've screwed up? Thanks Jason 2015-08-24T05:21:45.578-04:00 ERROR [CloudTrailSubscriber] Could not read messages from SNS. This is most likely a misconfiguration of the plugin. Going into sleep loop and retrying. com.amazonaws.services.sqs.model.QueueDoesNotExistException: The specified queue does not exist for this wsdl version. (Service: AmazonSQS; Status Code: 400; Error Code: AWS.SimpleQueueService.NonExistentQueue; Request ID: cf8f9757-6553-5c24-b2cf-d903813a3862) at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1077) at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:725) at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:460) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:295) at com.amazonaws.services.sqs.AmazonSQSClient.invoke(AmazonSQSClient.java:2339) at com.amazonaws.services.sqs.AmazonSQSClient.receiveMessage(AmazonSQSClient.java:1072) at com.graylog2.input.cloudtrail.notifications.CloudtrailSQSClient.getNotifications(CloudtrailSQSClient.java:41) at com.graylog2.input.cloudtrail.CloudTrailSubscriber.run(CloudTrailSubscriber.java:80) -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/55DAE709.9030100%40trimble.com. For more options, visit https://groups.google.com/d/optout.