Monitoring CloudTrail Log Files with Amazon CloudWatch Logs
You can use Amazon CloudWatch Logs to monitor, store, and access your log files from CloudTrail.
CloudWatch Logs enables you to centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service. You can then easily view them, search them for specific error codes or patterns, filter them based on specific fields, or archive them securely for future analysis. CloudWatch Logs enables you to see all of your logs, regardless of their source, as a single and consistent flow of events ordered by time.
Complete the following steps to configure CloudTrail with CloudWatch Logs to monitor your trail logs and be notified when specific activity occurs.
-
Configure your trail to send log events to CloudWatch Logs.
-
Define CloudWatch Logs metric filters to evaluate log events for matches in terms, phrases, or values. For example, you can monitor for
ConsoleLogin
events. -
Assign CloudWatch metrics to the metric filters.
-
Create CloudWatch alarms that are triggered according to thresholds and time periods that you specify. You can configure alarms to send notifications when alarms are triggered, so that you can take action.
-
You can also configure CloudWatch to automatically perform an action in response to an alarm.
Standard pricing for Amazon CloudWatch and Amazon CloudWatch Logs applies. For more information, see Amazon CloudWatch Pricing
For more information about the Regions in which you can configure your trails to send logs to CloudWatch Logs, see Amazon CloudWatch Logs Regions and Quotas in the AWS General Reference.