- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
There are no ways to select particular log types in AWS Managed AD. Once the logging is enabled, you get "SecurityEvents" logs, which are separated for every AD node.
One option to reduce log size in CloudWatch is configuring CloudWatch log group retention. https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html
Log retention – By default, logs are kept indefinitely and never expire. You can adjust the retention policy for each log group, keeping the indefinite retention or choosing a retention period between 10 years and one day.
Another option is configuring a Subscription Filter for the CloudWatch log group and filtering logs using Lambda. Choose only what you need, store it in S3, and use this S3 as a target for your SIEM system. https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 10 mesi fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 3 anni fa