Reputation: 521
Send log data from ec2 logs to eventbridge
I want to send logs data from my EC2 instance (Ubuntu) to an AWS eventbridge where I can then send them to multiple endpoints. e.g. if someone performs a root user operation on the server this is written to/var/log/auth.log, I would then like this change in the log to be sent to eventbridge where it can then be routed to other locations, how can achieve this?
cheers
N.B. I have tried using the cloudwatch agent but I can't figure how to get the logs to eventbridge once they're in a log group, so if there is a way I can this that would also work.
Upvotes: 0
Views: 698
Answers (1)
Reputation: 238557
I can't figure how to get the logs to eventbridge once they're in a log group, so if there is a way I can this that would also work.
Once your CloudWatch Agent writes relevant logs to CloudWatch logs, you can setup a subscription filter on your log group.
The filter would stream logs of interest (e.g. those that contain ssh) into a lambda function. How to set it up is shown in:
The lambda, using events api, e.g. in boto3, could process the log stream, filter out messages, construct events and publish them to the event bridge.
Upvotes: 2
Related Questions
- How to get logs from AWS API Destinations
- AWS Eventbridge: Pattern to capture ALL events
- Getting Cloudwatch to send CreateLogGroup messages to EventBridge
- How to send a CloudWatchEvent from a lambda to an EventBridge destination
- How to send event from EventBridge to Lambda
- Read event data from AWS Eventbridge Archive
- How to send scheduled custom message using Amazon EventBridge
- Issue with EventBridge rule for aws.events
- How to get the event content in ECS when it is invoked by cloudwatch/eventbridge event?
- Streaming Cloudwatch Logs to Amazon ES