Hi all, I'm trying to ingest log data from our AWS Managed Active Directory. I've already enabled the Log Forwarding for AWS MAD following the instructions here: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_enable_log_forwarding.html
However, I'm not clear on which is the required/preferred method for ingesting these logs with Sumo Logic. I'm reading this support article here but would like some additional guidance. https://help.sumologic.com/03Send-Data/Collect-from-Other-Data-Sources/Amazon-CloudWatch-Logs
The ultimate goal is to monitor events such as changes to security group memberships (addition, removal from a group), changes to group policy, etc.
Has anyone configured this? Is there a reason I wouldn't use the wizard to configure the AWS CloudWatch log source?
Please sign in to leave a comment.