Log Management - Requirements

AWS

Log index	Instruction
alb, elb	Ensure that that logging for ALB/ELB is on and logs are being stored in S3 Bucket. Grant Cloudaware with access to this bucket (`s3:GetObject` and `s3:ListObject` permissions)
aws-config	Enable AWS Config as described in AWS Documentation Ensure that Cloudaware has been granted with the permission `config:Des*` (or `config:DescribeDeliveryChannels` as minimum)
billing	Ensure that your billing integration is set up according to Cloudaware AWS Billing Guide (your billing is consolidated under AWS account and S3 bucket where billing files are stored should be added to Cloudaware)
cloudfront	Enable logging as described in this external guide Ensure that logs are being stored in S3 bucket. Grant Cloudaware with access to this bucket (`s3:GetObject` and `s3:ListObject` permissions)
cloudtrail	Ensure CloudTrail is enabled and the CloudTrail data is accessible (the bucket should be present to Cloudaware)
eks-logs	Ensure Amazon EKS is enabled as described in AWS Documentation Ensure that Cloudaware has been granted with permissions `logs:DescribeLogGroups`, `logs:DescribeLogStreams`, `logs:GetLogEvents`
aws-rds	Cloudaware tracks RDS logs in both CloudWatch and events from DB instance. Ensure that Cloudaware has the following permissions: for logs from CloudWatch: `logs:DescribeLogGroups`, `logs:DescribeLogStreams`, `logs:GetLogEvents` for logs from DB instance: `rds:DescribeDBInstances`, `rds:DescribeDBLogFiles`, `rds:DownloadCompleteDBLogFile`, `rds:DownloadDBLogFilePortion` These permissions are predefined in Cloudaware Conflux Collector policy.
route53	Ensure that logging for DNS Queries is enabled as described in AWS Documentation
s3-access-logs	Ensure that logging for S3 is enabled as described in AWS Documentation
vpc-flow-logs	Ensure that logging for network interface of VPC is enabled as described in AWS Documentation
waf-logs	Ensure that WAF logs are being stored in S3 Bucket. Grant Cloudaware with access to this bucket (`kinesis:DescribeStream` and `kinesis:ListStreams` permissions should be in place, along with `s3:ListBucket` and `s3:GetObject`)

Azure

Log Index	Instruction
azure-activity	Ensure that the Reader role has been assigned to Cloudaware based on Cloudaware Azure Start Guide
azure-billing	Ensure that your billing integration is set up according to Cloudaware Microsoft Azure Billing Guide
azure-flowlogs	Ensure that a custom role has been created for Cloudaware to have 'read' access to Storage Account keys (`Microsoft.Storage/storageAccounts/listKeys/action` permission)

Google Cloud

Log index	Instruction
google-audit-	Ensure that Cloud logging is enabled as described in Google Cloud Documentation

Host Level

Log index	Instruction
metricbeat	Ensure Breeze is installed on a host. Ensure the outbound connection to port 8443 is open on your Conflux node. WARNING: once enabled, metribeat* may generate a significant number of logs
winlogbeat	Ensure Breeze is installed on a host. Ensure the outbound connection to port 8443 is open on your Conflux node. WARNING: once enabled, winglobeat* may generate a significant number of logs
filebeat	Ensure Breeze is installed on a host. Ensure the outbound connection to port 8443 is open on your Conflux node. WARNING: once enabled, filebeat* may generate a significant number of logs
packetbeat	Ensure Breeze is installed on a host. Ensure the outbound connection to port 8443 is open on your Conflux node. WARNING: once enabled, packetbeat* may generate a significant number of logs

* DNS name and IP address will be provided after Conflux is enabled for you in Cloudaware