Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New aws_cloudtrail_logs source #3077

Open
binarylogic opened this issue Jul 15, 2020 · 1 comment
Open

New aws_cloudtrail_logs source #3077

binarylogic opened this issue Jul 15, 2020 · 1 comment
Labels
domain: sources Anything related to the Vector's sources have: should We should have this feature, but is not required. It is medium priority. needs: rfc Needs an RFC before work can begin. provider: aws Anything `aws` service provider related source: new A request for a new source type: feature A value-adding code addition that introduce new functionality.

Comments

@binarylogic
Copy link
Contributor

This source will collect events from AWS CloudTrail and ingest them into Vector as log events. We need to investigate what this integration will look like, and therefore a spec/RFC is in order.
@binarylogic binarylogic added domain: sources Anything related to the Vector's sources provider: aws Anything `aws` service provider related needs: rfc Needs an RFC before work can begin. have: should We should have this feature, but is not required. It is medium priority. type: feature A value-adding code addition that introduce new functionality. labels Jul 15, 2020
@jszwedko
Copy link
Member

I discovered you can forward CloudTrail logs to CloudWatch Logs so #3566 could be tractable for getting CloudTrail logs out too; however it has a pretty big limitation:

Because CloudWatch Logs has an event size limitation of 256 KB, CloudTrail does not send events larger than 256 KB to CloudWatch Logs. For example, a call to the EC2 RunInstances API to launch 500 instances will exceed the 256 KB limit. CloudTrail does not send the event to CloudWatch Logs. To ensure that CloudTrail sends events to CloudWatch Logs, break large requests into smaller batches.

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html

I'm imagining we'll prefer the traditional route of CloudTrail -> S3 with a new Vector S3 source.

@jamtur01 jamtur01 mentioned this issue Sep 30, 2020
Merged
@jszwedko jszwedko added the source: new A request for a new source label Aug 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
domain: sources Anything related to the Vector's sources have: should We should have this feature, but is not required. It is medium priority. needs: rfc Needs an RFC before work can begin. provider: aws Anything `aws` service provider related source: new A request for a new source type: feature A value-adding code addition that introduce new functionality.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jszwedko @binarylogic