Monitoring CloudTrail Log Files with Amazon CloudWatch Logs - AWS CloudTrail

Monitoring CloudTrail Log Files with Amazon CloudWatch Logs

You can configure CloudTrail with CloudWatch Logs to monitor your trail logs and be notified when specific activity occurs.

  1. Configure your trail to send log events to CloudWatch Logs.

  2. Define CloudWatch Logs metric filters to evaluate log events for matches in terms, phrases, or values. For example, you can monitor for ConsoleLogin events.

  3. Assign CloudWatch metrics to the metric filters.

  4. Create CloudWatch alarms that are triggered according to thresholds and time periods that you specify. You can configure alarms to send notifications when alarms are triggered, so that you can take action.

  5. You can also configure CloudWatch to automatically perform an action in response to an alarm.

Standard pricing for Amazon CloudWatch and Amazon CloudWatch Logs applies. For more information, see Amazon CloudWatch Pricing.

For more information about the regions in which you can configure your trails to send logs to CloudWatch Logs, see Amazon CloudWatch Logs Regions and Quotas in the AWS General Reference.

The AWS GovCloud (US-West) region requires a separate account. For more information, see AWS GovCloud (US-West).