https://github.com/blend/fluent-plugin-cloudtrail

Fluentd input plugin for AWS CloudTrail
https://github.com/blend/fluent-plugin-cloudtrail

Last synced: 8 months ago
JSON representation

Fluentd input plugin for AWS CloudTrail

Host: GitHub
URL: https://github.com/blend/fluent-plugin-cloudtrail
Owner: blend
License: mit
Created: 2016-12-17T00:33:38.000Z (over 9 years ago)
Default Branch: master
Last Pushed: 2017-03-17T19:59:25.000Z (over 9 years ago)
Last Synced: 2025-10-07T17:52:34.570Z (9 months ago)
Language: Ruby
Size: 5.86 KB
Stars: 3
Watchers: 4
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE.txt

Awesome Lists containing this project

README

# fluent-plugin-cloudtrail

*Deprecated: Consider using fluent-plugin-s3.*

Fluentd input plugin for AWS CloudTrail

## Install

### RubyGems

```
$ gem install fluent-plugin-cloudtrail
```

### td-agent

```
$ td-agent-gem install fluent-plugin-cloudtrail
```

## Example config

```
# Get events from CloudTrail

type cloudtrail
sqs_url
role_arn
tag cloudtrail

# Filter CloudTrail logs

type grep
regexp1 eventSource ^signin\.amazonaws\.com$

# Store CloudTrail data in Elasticsearch

@type copy

@type elasticsearch
hosts https://:443/
type_name cloudtrail
include_tag_key true
tag_key @log_name
logstash_format true
flush_interval 10s
time_key eventTime

@type stdout

```

## IAM Policy

```
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"sqs:GetQueueUrl",
"sqs:ReceiveMessage",
"sqs:DeleteMessage"
],
"Resource": "arn:aws:sqs:us-east-1:123456789012:cloudtrail-sqs-queue-name",
"Effect": "Allow",
"Sid": "AllowReadSqs"
},
{
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::cloudtrail-bucket-name/*",
"Effect": "Allow",
"Sid": "AllowReadS3Objects"
}
]
}
```

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/blend/fluent-plugin-cloudtrail

Awesome Lists containing this project

README