Upload File

aws logging and monitoring overviews

11
LOGGING AND MONITORING

Upload: david-severski

Post on 21-Jan-2018

432 views

Category:

Technology


3 download

Report

TRANSCRIPT

Page 1: AWS Logging and Monitoring OverviewS

LOGGING AND MONITORING

Page 2: AWS Logging and Monitoring OverviewS

PRINCIPLES OF WHY

Operational Needs

•Is the

environment

working well?

Security Needs

•Is the

environment

working securely?

Page 3: AWS Logging and Monitoring OverviewS

PRINCIPLES OF HOW

Monitoring is

“Opt-Out”

•Bake monitoring

into the

provision and

configure

processes

Monitoring is

simple

•Leverage AWS

services where

cost efficient

•No on premise

dependencies

Monitoring is

useful

•Slack - ChatOps

for common

portal

•PagerDuty -

Alerting

Page 4: AWS Logging and Monitoring OverviewS

NETWORK – POLICY COMPLIANCE

• REMOVED - SANITIZED

Page 5: AWS Logging and Monitoring OverviewS

NETWORK – TRAFFIC ANALYSIS

• VPC Flow Logs

• Native integration available with AWS Elasticsearch service

• Currently only storing – no processing

• OpenVPN Logs

• CloudWatch storage

Page 6: AWS Logging and Monitoring OverviewS

OPERATING SYSTEM

• System Monitoring

• OpsWorks provides CloudWatch detailed (1 minute vs 5 minute

sampling) monitoring for free

• Part of automatic (Vagrant) configuration process for non-OpsWorks

driven systems

• Only hypervisor visible stats – Disk usage and memory not tracked

• CloudWatch Logs

• Baseline configuration – Chef configuration management sets up

forwarding

• Core logging for AWS Linux (Redhat) and Ubuntu

Page 7: AWS Logging and Monitoring OverviewS

AWS PLATFORM

AWS Config

•What is the state of our

environment?

AWS Cloudtrail

•How did we get in this

state?

AWS Lambda

•Are there nonstandard use

of resources?

AWS CloudWatch

•Are we using more

resources than normal?

•Are services working

correctly?

AWS Inspector (Beta)

•Are resources properly

configured?

Page 8: AWS Logging and Monitoring OverviewS

PROOF OF CONCEPT – SSH LOGIN ALERTS

• Premise: Interactive shell access to systems is strongly discouraged.

• Monitoring

• Authentication logs are auto-forwarded to CloudWatch Logs

• Filter stream set to forward successful logins to Lambda

• Lambda function parses the log message and sends to SNS

• SNS sends to Slack (could also go to PagerDuty, Email, SMS, etc.)

• https://github.com/SCH-CISM/pylambda-login-alerter

https://github.com/SCH-CISM/pylambda-login-alerter
Page 9: AWS Logging and Monitoring OverviewS

CLOUDWATCH

• Pipeline monitoring

• Jobs running longer than expected

• Storage exceeding expected limits

• Service up/down monitoring

• StatusCake

• Custom CloudWatch metrics for processing status

• Limited use of CloudWatch dashboards

Page 10: AWS Logging and Monitoring OverviewS

APPLICATION MONITORINGThere be dragons…

Page 11: AWS Logging and Monitoring OverviewS

OTHER PLATFORMS

OPEN SOURCE

• Operations focused

• Zabbix

• Sensu

• Consul

• Security Focused

• Netflix Security Monkey (Internal deployment partially developed)

COMMERCIAL

• REMOVED - SANITIZZED


Book Overviews Sample 1

Monitoring and Logging on AWS - AWS Immersion Days€¦ · Events–Delivers a near real-time stream of system events that describe changes in Amazon Web Services (AWS) resources

Teaching & Learning - lesson overviews

Overviews of Statics

Centralized Logging - Cloud Object Storage | Store & … Web Services – Centralized Logging on the AWS Cloud February 2018 Page 4 of 19 The information in this guide assumes basic

Section Overviews

Pms Overviews 0709

2. Overviews

Digestion overviews

Building a Logging Pipeline on AWS · CloudWatch Logs AWS managed service that aggregates logs by group and stream Pros: Default destination for Lambda, Batch, many other services

Direct3D Overviews

General SAP Guides - SAP Guides · This section of the SAP on AWS technical documentation provides overviews and planning information for SAP users and partners, including general

Overviews Research Methodology

Prospects &Overviews

IR in AWS: Setup for Success - SANS Cyber Security ... · Agenda •The AWS Security Model •Logging in AWS Main Log Sources Setup/Configuration •Monitoring Generalities and Specifics

Hdrm Overviews

The Ten Riskiest AWS Misconfigurations...not to be confused with CloudWatch, that details health and performance metrics for AWS services 5 Policy and Config/Logging: Enable a trail

Cloud security for everyone · Development: only allow T3 instances All accounts: Prevent disable on logging First steps Master AWS Identity and Access AWS Organizations Management

University Performance Overviews

How to – Configure AWS for EventTracker Integration...How to Configure AWS for EventTracker Integration Figure 28 6. On the “Data events” section, you can specify logging data

Alfresco Content Services on the AWS Cloud · PDF fileAmazon Web Services – Alfresco Content Services on the AWS Cloud September 2017 Page 3 of 38 Logging in to the Servers with

Security at Scale: Logging in AWS Web Services – Security at Scale: Logging in AWS October 2015 Page 1 of 16 Security at Scale: Logging in AWS How AWS CloudTrail can help you achieve

Windows on AWS - london-summit-slides …london-summit-slides-2017.s3.amazonaws.com/How AWS can help yo… · AWS IAM Amazon S3 AWS CloudTrail AWS Config Logging and monitoring platform

HISTORICAL AND ANALYTICAL OVERVIEWS ON …3894/datastream...historical and analytical overviews on dmitri ... historical and analytical overviews on dmitri shostakovich’s ... .34

Prospects & Overviews

Serverless Logging with AWS Lambda and the Elastic Stack

Using AWS Networking and Logging Features to Enhance Security | AWS Public Sector Summit 2016

Speaker Bios/Presentation Overviews€¦ · Speaker Bios/Presentation Overviews Speaker Bios/Presentation Overviews. Working in a stressful helping profession can be very rewarding,

Curriculum Overviews

Standardized Architecture for PCI DSS on the AWS … Architecture for PCI DSS on the AWS Cloud ... Logging, monitoring, and alerts using AWS CloudTrail, Amazon CloudWatch, and AWS

CPOE overviews

Oracle Video Feature Overviews

Gsm Overviews

Medford Neighborhood Overviews

Tracking Causal Order in AWS Lambda Applications logging is available for AWS Lambda functions in all AWS regions, however log streams are local to a region and may or may not be distinct