[Help] Ingesting AWS CloudWatch Log Group for monitoring AWS Managed Active Directory Security Logs

Follow
Avatar
admin.amartin

Hi all, I'm trying to ingest log data from our AWS Managed Active Directory. I've already enabled the Log Forwarding for AWS MAD following the instructions here: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_enable_log_forwarding.html

However, I'm not clear on which is the required/preferred method for ingesting these logs with Sumo Logic. I'm reading this support article here but would like some additional guidance. https://help.sumologic.com/03Send-Data/Collect-from-Other-Data-Sources/Amazon-CloudWatch-Logs

The ultimate goal is to monitor events such as changes to security group memberships (addition, removal from a group), changes to group policy, etc. 

Has anyone configured this? Is there a reason I wouldn't use the wizard to configure the AWS CloudWatch log source?

Thanks!

1

Comments

0 comments

Please sign in to leave a comment.

Didn't find what you were looking for?

New post