{"id":2210,"date":"2019-08-22T10:20:42","date_gmt":"2019-08-22T10:20:42","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=2210"},"modified":"2020-05-02T07:41:26","modified_gmt":"2020-05-02T07:41:26","slug":"cloudtrail-logs","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/cloudtrail-logs\/","title":{"rendered":"CloudTrail Logs"},"content":{"rendered":"\n<p>Advanced tasks with CloudTrail log\nfiles<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Create multiple trails per region.<\/li><li>Monitor CloudTrail log files by sending them to\nCloudWatch Logs.<\/li><li>Share log files between accounts.<\/li><li>Use the AWS CloudTrail Processing Library to\nwrite log processing applications in Java.<\/li><li>Validate your log files to verify that they have\nnot changed after delivery by CloudTrail.<\/li><\/ul>\n\n\n\n<p>To receive CloudTrail log files from\nmultiple regions<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Sign in to the AWS Management Console and open the CloudTrail console at https:\/\/console.aws.amazon.com\/cloudtrail\/.<\/li><li>Choose Trails, and then choose a trail name.<\/li><li>Click the pencil icon next to Apply trail to all regions, and then choose Yes.<\/li><li>Choose Save. The original trail is now replicated across all regions. CloudTrail delivers log files from all regions to the specified S3 bucket.<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"323\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-178.png\" alt=\"\" class=\"wp-image-2304\"\/><\/figure><\/div>\n\n\n\n<p><strong>Validating CloudTrail Log File Integrity<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Use CloudTrail log file integrity validation. <\/li><li>The feature using SHA-256 for hashing and\nSHA-256 with RSA for digital signing. <\/li><li>Thus making CloudTrail log files without\ndetection, computationally infeasible to <ul><li>Modify<\/li><\/ul><ul><li>delete\n<\/li><\/ul><ul><li>forge\n<\/li><\/ul><\/li><li>Use CLI to validate files <\/li><li>With log file integrity validation, CloudTrail\ncreates hash for every log file<\/li><li>Every hour, CloudTrail also creates a file\n(called a digest file) that references log files for last hour and has hash of\neach. <\/li><li>Each digest file is signed using private key of\na public and private key pair. <\/li><li>After delivery, use public key to validate the\ndigest file. <\/li><li>CloudTrail uses different key pairs for each AWS\nregion.<\/li><li>The digest files are delivered to S3 bucket\nassociated with trail as CloudTrail log files. <\/li><li>The digest files are put into a folder separate\nfrom the log files. <\/li><li>Each digest file also contains the digital\nsignature of the previous digest file if one exists. <\/li><li>The signature for current digest file is in the\nmetadata properties of digest file S3 object.<\/li><\/ul>\n\n\n\n<p><strong>Sharing CloudTrail Log Files Between AWS Accounts<\/strong><\/p>\n\n\n\n<p>The steps are <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Create an IAM role for each account that you\nwant to share log files with.<\/li><li>For each of these IAM roles, create an access\npolicy that grants read-only access to the account you want to share the log\nfiles with.<\/li><\/ul>\n\n\n\n<p><strong>CloudTrail Processing Library<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>A Java library to process AWS CloudTrail logs<\/li><li>Details about CloudTrail SQS queue and code to\nprocess events, is to be provided<\/li><li>CloudTrail Processing Library will<ul><li>polls\nSQS queue<\/li><\/ul><ul><li>reads\nand parses queue messages<\/li><\/ul><ul><li>downloads\nCloudTrail log files<\/li><\/ul><ul><li>parses\nevents in the log files<\/li><\/ul><ul><li>passes\nevents to code as Java objects.<\/li><\/ul><\/li><li>It is scalable and fault-tolerant. <\/li><li>Handles parallel processing of log files <\/li><li>Manages network failures like network timeouts or\ninaccessible resources.<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Advanced tasks with CloudTrail log files Create multiple trails per region. Monitor CloudTrail log files by sending them to CloudWatch Logs. Share log files between accounts. Use the AWS CloudTrail Processing Library to write log processing applications in Java. Validate your log files to verify that they have not changed after delivery by CloudTrail. To&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":2084,"menu_order":34,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[7,407,372,380],"class_list":["post-2210","page","type-page","status-publish","hentry","category-amazon-aws","tag-aws","tag-cloudtrail-logs","tag-devops","tag-devops-engineer"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>CloudTrail Logs - Testprep Training Tutorials<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/cloudtrail-logs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CloudTrail Logs - Testprep Training Tutorials\" \/>\n<meta property=\"og:description\" content=\"Advanced tasks with CloudTrail log files Create multiple trails per region. Monitor CloudTrail log files by sending them to CloudWatch Logs. Share log files between accounts. Use the AWS CloudTrail Processing Library to write log processing applications in Java. Validate your log files to verify that they have not changed after delivery by CloudTrail. To...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/cloudtrail-logs\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-02T07:41:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-178.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/cloudtrail-logs\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/cloudtrail-logs\/\",\"name\":\"CloudTrail Logs - Testprep Training Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2019-08-22T10:20:42+00:00\",\"dateModified\":\"2020-05-02T07:41:26+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/cloudtrail-logs\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/cloudtrail-logs\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/cloudtrail-logs\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS Certified DevOps Engineer Professional\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"CloudTrail Logs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CloudTrail Logs - Testprep Training Tutorials","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/cloudtrail-logs\/","og_locale":"en_US","og_type":"article","og_title":"CloudTrail Logs - Testprep Training Tutorials","og_description":"Advanced tasks with CloudTrail log files Create multiple trails per region. Monitor CloudTrail log files by sending them to CloudWatch Logs. Share log files between accounts. Use the AWS CloudTrail Processing Library to write log processing applications in Java. Validate your log files to verify that they have not changed after delivery by CloudTrail. To...","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/cloudtrail-logs\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-05-02T07:41:26+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-178.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/cloudtrail-logs\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/cloudtrail-logs\/","name":"CloudTrail Logs - Testprep Training Tutorials","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2019-08-22T10:20:42+00:00","dateModified":"2020-05-02T07:41:26+00:00","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/cloudtrail-logs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/cloudtrail-logs\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/cloudtrail-logs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"AWS Certified DevOps Engineer Professional","item":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/"},{"@type":"ListItem","position":3,"name":"CloudTrail Logs"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2210","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=2210"}],"version-history":[{"count":4,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2210\/revisions"}],"predecessor-version":[{"id":5280,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2210\/revisions\/5280"}],"up":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2084"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=2210"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=2210"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=2210"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}