Graylog2 is an open source platform for big data capture, search, and analysis. Graylog2 collects, indexes, and makes available massive volumes of data coming from applications, network hardware, sensors and mobile devices. Graylog2 enables organizations to monitor, search, and analyze real-time and historical machine data.
Initial users typically come from IT Operations Management, Applications Management, and Security and Compliance who want to improve service levels, reduce operational costs, mitigate security risks, and demonstrate and maintain compliance.
The free Graylog2 plugin for AWS CloudTrail leverages the CloudTrail SNS notification for reliable collection of logs. Once the data is in Graylog2, users can use the search interface to answer key questions about API activity:
·What actions did a user take over a given period of time?
·For a given resource, which AWS user has taken actions on it over a given time period?
·What is the source IP address of a given activity?
·Which user activities failed due to inadequate permissions?
·Which user changed the settings of a security group and when did the change occur?
·When was a particular Elastic IP (dis)associated with a network interface?
·Which user launched or terminated an EC2 instance?