You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: Monitoring/ingest_nas_audit_logs_into_cloudwatch/README-MANUAL.md
+9-5Lines changed: 9 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,9 +14,12 @@ or by following the manual instructions found in the this file.
14
14
15
15
## Prerequisites
16
16
- An FSx for Data ONTAP file system.
17
-
- An S3 bucket to store the "stats" file and a Lambda layer zip file.
18
-
- You will need to download the [Lambda layer zip file](https://raw.githubusercontent.com/NetApp/FSx-ONTAP-samples-scripts/main/Monitoring/ingest_nas_audit_logs_into_cloudwatch/lambda_layer.zip) from this repo and upload it to the S3 bucket. Be sure to perserve the name `lambda_layer.zip`.
19
-
- The "stats" file is maintained by the program. It is used to keep track of the last time the Lambda function successfully ingested audit logs from each SVM. Its size will be small (i.e. less than a few megabytes).
17
+
- An S3 bucket to store the "stats" file and optionally a copy of all the raw NAS audit log files. It will also
18
+
hold a Lambda layer file needed to be able to an add Lambda Layer from a CloudFormation script.
19
+
- You will need to download the [Lambda layer zip file](https://raw.githubusercontent.com/NetApp/FSx-ONTAP-samples-scripts/main/Monitoring/ingest_nas_audit_logs_into_cloudwatch/lambda_layer.zip)
20
+
from this repo and upload it to the S3 bucket. Be sure to perserve the name `lambda_layer.zip`.
21
+
- The "stats" file is maintained by the program. It is used to keep track of the last time the Lambda function
22
+
successfully ingested audit logs from each SVM. Its size will be small (i.e. less than a few megabytes).
20
23
- A CloudWatch log group to ingest the audit logs into. Each audit log file with get its own log stream within the log group.
21
24
- Have NAS auditing configured and enabled on the SVM within a FSx for Data ONTAP file system. **Ensure you have selected the XML format for the audit logs.** Also,
22
25
ensure you have set up a rotation schedule. The program will only act on audit log files that have been finalized, and not the "active" one. You can read this
@@ -79,7 +82,7 @@ and `DeleteNetworkInterface` actions. The correct resource line is `arn:aws:ec2:
79
82
`zip -r ingest_nas_audit_logs.zip .`<br>
80
83
81
84
2. Within the AWS console, or using the AWS API, create a Lambda function with:
82
-
1. Python 3.10, or higher, as the runtime.
85
+
1. Python 3.11, or higher, as the runtime.
83
86
1. Set the permissions to the role created above.
84
87
1. Under `Additional Configurations` select `Enable VPC` and select a VPC and Subnet that will have access to all the FSx for ONTAP
85
88
file system management endpoints that you want to gather audit logs from. Also, select a Security Group that allows TCP port 443 outbound.
@@ -96,6 +99,7 @@ process a lot of audit entries and/or process a lot of SVMs.
96
99
| secretArn | The ARN of the secret that contains the credentials for all the FSx for ONTAP file systems you want to gather audit logs from. |
97
100
| s3BucketRegion | The region of the S3 bucket where the stats file is stored. |
98
101
| s3BucketName | The name of the S3 bucket where the stats file is stored. |
102
+
| copyToS3 | Set to `true` if you want to copy the raw audit log files to the S3 bucket.|
99
103
| statsName | The name you want to use as the stats file. |
100
104
| logGroupName | The name of the CloudWatch log group to ingest the audit logs into. |
101
105
| volumeName | The name of the volume, on all the FSx for ONTAP file systems, where the audit logs are stored. |
@@ -122,4 +126,4 @@ Unless required by applicable law or agreed to in writing, software distributed
122
126
123
127
See the License for the specific language governing permissions and limitations under the License.
Copy file name to clipboardExpand all lines: Monitoring/ingest_nas_audit_logs_into_cloudwatch/README.md
+8-4Lines changed: 8 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,9 +15,12 @@ or by following the manual instructions found in the [README-MANUEL.md](README-M
15
15
16
16
## Prerequisites
17
17
- An FSx for Data ONTAP file system.
18
-
- An S3 bucket to store the "stats" file and a Lambda layer zip file.
19
-
- You will need to download the [Lambda layer zip file](https://raw.githubusercontent.com/NetApp/FSx-ONTAP-samples-scripts/main/Monitoring/ingest_nas_audit_logs_into_cloudwatch/lambda_layer.zip) from this repo and upload it to the S3 bucket. Be sure to preserve the name `lambda_layer.zip`.
20
-
- The "stats" file is maintained by the program. It is used to keep track of the last time the Lambda function successfully ingested audit logs from each SVM. Its size will be small (i.e. less than a few megabytes).
18
+
- An S3 bucket to store the "stats" file and optionally a copy of all the raw NAS audit log files. It will also
19
+
hold a Lambda layer file needed to be able to an add Lambda Layer from a CloudFormation script.
20
+
- You will need to download the [Lambda layer zip file](https://raw.githubusercontent.com/NetApp/FSx-ONTAP-samples-scripts/main/Monitoring/ingest_nas_audit_logs_into_cloudwatch/lambda_layer.zip)
21
+
from this repo and upload it to the S3 bucket. Be sure to preserve the name `lambda_layer.zip`.
22
+
- The "stats" file is maintained by the program. It is used to keep track of the last time the Lambda function successfully
23
+
ingested audit logs from each SVM. Its size will be small (i.e. less than a few megabytes).
21
24
- A CloudWatch log group to ingest the audit logs into. Each audit log file will get its own log stream within the log group.
22
25
- Have NAS auditing configured and enabled on the SVM within a FSx for Data ONTAP file system. **Ensure you have selected the XML format for the audit logs.** Also,
23
26
ensure you have set up a rotation schedule. The program will only act on audit log files that have been finalized, and not the "active" one. You can read this
@@ -92,11 +95,12 @@ and `DeleteNetworkInterface` actions. The correct resource line is `arn:aws:ec2:
92
95
|lambdaSecruityGroupsIds|Yes|Select the security groups that you want the Lambda function associated with. The security group must allow outbound traffic on TCP port 443. Inbound rules don't matter since the Lambda function is not accessible from a network.|
93
96
|s3BucketName|Yes|The name of the S3 bucket where the stats file is stored. This bucket must already exist.|
94
97
|s3BucketRegion|Yes|The region of the S3 bucket resides.|
98
+
|copyToS3|No|If set to `true` it will copy the audit logs to the S3 bucket specified in `s3BucketName`.|
95
99
|secretArn|Yes|The ARN to the secret that contains the credentials for the FSxN file systems that you want to ingest audit logs from.|
96
100
|createWatchdogAlarm|No|If set to `true` it will create a CloudWatch alarm that will alert you if the Lambda function throws in error.|
97
101
|snsTopicArn|No|The ARN of the SNS topic to send the alarm to. This is required if `createWatchdogAlarm` is set to `true`.|
98
102
|lambdaRoleArn|No|The ARN of the role that the Lambda function will use. If not provided, the CloudFormation script will create a role for you.|
99
-
|schedulreRoleArn|No|The ARN of the role that the EventBridge scheduler will run as. If not provided, the CloudFormation script will create a role for you.|
103
+
|schedulerRoleArn|No|The ARN of the role that the EventBridge scheduler will run as. If not provided, the CloudFormation script will create a role for you.|
100
104
|createFsxEndpoint|No|If set to `true` it will create the VPC endpoints for the FSx service|
101
105
|createCloudWatchLogsEndpoint|No|If set to `true` it will create the VPC endpoints for the CloudWatch Logs service|
102
106
|createSecretsManagerEndpoint|No|If set to `true` it will create the VPC endpoints for the Secrets Manager service|
Copy file name to clipboardExpand all lines: Monitoring/ingest_nas_audit_logs_into_cloudwatch/cloudformation-template.yaml
+38-14Lines changed: 38 additions & 14 deletions
Original file line number
Diff line number
Diff line change
@@ -14,6 +14,7 @@ Metadata:
14
14
- lambdaSecurityGroupIds
15
15
- s3BucketName
16
16
- s3BucketRegion
17
+
- copyToS3
17
18
- secretArn
18
19
- createWatchdogAlarm
19
20
- snsTopicArn
@@ -57,6 +58,12 @@ Parameters:
57
58
Description: "The AWS region where the s3 bucket resides."
58
59
Type: String
59
60
61
+
copyToS3:
62
+
Description: "Set to 'true' if you to copy the audit log files to the S3 bucket as well as sending the individual events to the CloudWatch log stream."
63
+
Type: String
64
+
Default: "false"
65
+
AllowedValues: ["true", "false"]
66
+
60
67
secretArn:
61
68
Description: "The ARN of the secret that holds the FSxN credentials to use."
62
69
Type: String
@@ -301,6 +308,7 @@ Resources:
301
308
logGroupName: !Ref logGroupName
302
309
s3BucketName: !Ref s3BucketName
303
310
s3BucketRegion: !Ref s3BucketRegion
311
+
copyToS3: !Ref copyToS3
304
312
secretArn: !Ref secretArn
305
313
statsName: "lastFileRead"
306
314
volumeName: !Ref volumeName
@@ -397,7 +405,7 @@ Resources:
397
405
# APIs, and then calls the ingestAuditFile function to upload the audit
0 commit comments