Versions Compared

Old Version 1

changes.mady.by.user Richard Siman

Saved on

compared with

New Version 2

changes.mady.by.user Richard Siman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel6
outlinefalse
typelist
printablefalse

Introduction

Amazon Web Services (AWS) stands as a prominent cloud provider, offering an array of services that generate valuable log data crucial for monitoring, security, and compliance in modern IT ecosystems. This guide will assist you in configuring Snare Central for the task of collecting and processing logs via the AWS Kinesis Data Stream.

...

However, the process doesn't stop there. AWS CloudWatch Logs can employs employ subscription filters to selectively forward or aggregate specific log data into AWS Kinesis Data Streams. These streams serve as dynamic conduits, ensuring real-time or near-real-time access to log data.

...

Expand
titleStep by Step Guide for Deleting Snare Central - Amazon Web Services (AWS) Cloud Log Collection

Step 1. Go to Snare Central and navigate to System > Administrative Tools > Cloud Log Collection Configuration.

Step 2. Select Amazon Web Services and Click the AWS Log Collector that you want to delete, then click the Delete icon on the right side.

Troubleshooting Guide

This guide will be your resource for resolving common issues and challenges that you may encounter with Amazon Web Services (AWS) - Cloud Log Collection.

  1. Amazon Web Services icon is gray in System > Administrative Tools > Cloud Log Collection Configuration Web UI.

Expand
titlePossible Cause and Resolution

When Amazon Web Services icon in Cloud Log Providers list is gray, it is possible that Snare Central license does not have IA_CLOUD or IA_CLOUD_AWS.

Image Added

You can check it via navigating to Status > Snare Health Checker or simply click the heart icon the lower left corner of Snare Central and scroll down to Snare Central License and select Show Details to view the License Information.

Image Added

If there is no IA_CLOUD or IA_CLOUD_AWS in the License Information, then you needed the correct license with IA_CLOUD or IA_CLOUD_AWS. Once you have the correct license, click License Page button.

Image Added

In the License Update page, click Browse button and navigate to the correct license then click Load License button.

Image Added

Wait for a while then navigate to System > Administrative Tools > Cloud Log Collection Configuration and you should be able to see Amazon Web Services icon is now green and you should be able to Add Cloud Collection.

Image Added

  1. AWS Cloud Log Collector icon is gray and the Status is Not Running (Disabled by configuration)

Expand
titlePossible Cause and Resolution

When your configured AWS Cloud Log Collector icon is gray, it is possible that the log collector is disabled during configuration or toggled off.

Image Added

Select the AWS Cloud Log Collector and check if Status: Not Running (Disabled by configuration)

Image Added

To enable AWS Cloud Log Collector, simply toggle on the Enable button besides beside the name in Cloud Log Providers or the one in the upper right corner besides the Edit and Delete icon. Then click Confirm in the pop-up dialog box.

Image Added

Once toggled on, the configured AWS Cloud Log Collector icon should be green and enabled.

Snare Central will now start collecting AWS Logs.

  1. AWS Cloud Log Collector icon is red and the Status is Not Running (message: The security token included in the request is invalid.)

Expand
titlePossible Cause and Resolution

When the AWS Cloud Log Collector icon is red and Status is Not Running (message: The security token included in the request is invalid), it is possible that the AWS Access Key ID is invalid or expired.

Image Added

Go to AWS website and check if AWS Access Key ID is not yet expired and the value entered in the Snare Central configuration is correct.

Image Added

If the value entered in the Snare Central Configuration is incorrect, you can simply edit it by clicking the Edit icon on the upper left corner. For more info, see: Step by Step Guide for Updating Snare Central - Amazon Web Services (AWS) Cloud Log Collection

  1. AWS Cloud Log Collector icon is red and the Status is Not Running (message: The request signature we calculated does not match the signature you provided.)

Expand
titlePossible Cause and Resolution

When the AWS Cloud Log Collector icon is red and Status is Not Running (message: The request signature we calculated does not match the signature you provided), it is possible that the AWS Secret Access Key is invalid or expired.

Image Added

Go to AWS website and check if AWS Secret Access Key is not yet expired and is valid.

If it is still valid and not yet expired, The value entered in the Snare Central Configuration maybe incorrect, you can simply edit it by clicking the Edit icon on the upper left corner. For more info, see: Step by Step Guide for Updating Snare Central - Amazon Web Services (AWS) Cloud Log Collection

  1. AWS Cloud Log Collector icon is red and the Status is Not Running (message: Stream <streamname> under account <account number> not found.)

Expand
titlePossible Cause and Resolution

When the AWS Cloud Log Collector icon is red and Status is Not Running (message: Stream <streamname> under account <account number> not found), it is possible that the AWS Kinesis Data Stream Name you specified is not in the configured AWS Region Code or the AWS Kinesis Data Stream Name is wrong/does not exist.

Image Added

Go to AWS website and check if the AWS Kinesis Data Stream Name exist in the AWS Region Code you specified.

If it exist in the specified AWS Region Code then the value entered in the Snare Central Configuration maybe incorrect. Double check the AWS Region Code entry and the AWS Kinesis Data Stream Name

Image Added

Modify the wrong entry by simply clicking the Edit icon on the upper left corner. For more info, see: Step by Step Guide for Updating Snare Central - Amazon Web Services (AWS) Cloud Log Collection

  1. AWS Cloud Log Collector did not collect the old logs in AWS Kinesis Data Stream.

Expand
titlePossible Cause and Resolution

When AWS Cloud Log Collector is not collecting the old logs in AWS Kinesis Data Stream, it is possible that the Default Starting Position When Collecting Logs is configured to LATEST or that the old logs were already expired based from the set retention period in AWS Kinesis Data Stream.

Go to AWS website and check if the old logs still exist in the AWS Kinesis Data Stream.

If it still exist, then check the configured Default Starting Position When Collecting Logs if it is set to LATEST.

Image Added

If it is LATEST, then change it to TRIM_HORIZON to start collecting from the oldest log in the AWS Kinesis Data Stream. You can simply edit it by clicking the Edit icon on the upper left corner. For more info, see: Step by Step Guide for Updating Snare Central - Amazon Web Services (AWS) Cloud Log Collection