Scribd
Upload
35 views

11 - Logging & Monitoring For Security

Uploaded by

anilrajops
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
35 views

11 - Logging & Monitoring For Security

Uploaded by

anilrajops
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 23

Logging & Monitoring

by TWN
for Security
No part of this publication may be reproduced, copied, transmitted in any
form or by any means, electronic, mechanical, photocopying, recording or
otherwise, without the prior written permission of nnSoftware GmbH

Copyright 2023 nnSoftware GmbH. All rights reserved.


TechWorld with Nana is an established name in the DevOps and
Cloud industry, and it stands for the quality trainings helping 1,000s
of engineers acquire the most in-demand skills in this field.

Our mission is enable individual engineers as well as companies to take advantage of the
recent developments in Cloud and DevOps fields, to use technologies and concepts in
order to create efficient, automated, streamlined DevSecOps processes in organisations.

Copyright 2023 nnSoftware GmbH. All rights reserved.


Why Logging & Monitoring?
Despite all security measurements, there is always a chance that someone hacks into our
systems

Before Attack

Prevent by getting alerts when seeing


suspicious behavior in systems

After Attack

Analyze logs: Understand what happened,


and how the attack occurred to secure weak
links in systems and completet proper
incident analysis

Copyright 2023 nnSoftware GmbH. All rights reserved.


Automated Logging & Monitoring

3 aspects of Logging and Monitoring

Again, with DevOps we want to have this automated

Copyright 2023 nnSoftware GmbH. All rights reserved.


AWS CloudWatch and
CloudTrail
AWS CloudTrail & CloudWatch
AWS has 2 services that help us to configure logging, monitoring and alerting in AWS cloud

Copyright 2023 nnSoftware GmbH. All rights reserved.


What is AWS CloudTrail?
Service that allows you to monitor and log activity in your AWS account

Key features

Trail signifies the recorded history or path


of actions taken - CloudTrail creates a
chronological record (or trail)

CloudTrail delivers events to


Amazon S3 and CloudWatch Logs

Copyright 2023 nnSoftware GmbH. All rights reserved.


What is AWS CloudWatch?
Monitoring and observability service that helps you collect and analyze data from various
resources within your AWS infrastructure

Key features Automated Alerts

Copyright 2023 nnSoftware GmbH. All rights reserved.


Event History

CloudTrail provides an Event


History for the most recent
events in an AWS region

Filter events
See detailed log entry
Event History Limitations

Limited to recent activity

Captures only management events

Different Events

Management Events Information about management operations that are performed on resources

Data Events Information about the resource operations performed on or in a resource

Insight Events Capture unusual API call rate or error rate activity analyzing CloudTrail
management activity

Copyright 2023 nnSoftware GmbH. All rights reserved.


Multi-region CloudTrail S3 bucket with event logs of
different regions
Multi-Region enabled by default - saves event logs from
all regions
Home region of trail, where the trail can be configured
viewed and deleted
Forward logs to S3 bucket storage for persistence
Forward logs to CloudWatch for automated alarm
configuration

Copyright 2023 nnSoftware GmbH. All rights reserved.


CloudWatch Log Group
Log Stream = Sequence of log events that share the same source. Each separate source of logs in
CloudWatch logs makes up a separate log stream
Log Group = A group of log streams that share the same retention, monitoring and access control settings

Copyright 2023 nnSoftware GmbH. All rights reserved.


Configure Alarms
CloudWatch Alarms
Used to monitor and respond to specific conditions or thresholds in your
AWS resources or applications
When the conditions specified in the alarm are met, CloudWatch can
automatically take actions or send notifications to alert you about the situation

Metrics are data about the performance of your systems


There are resource and application metrics
It’s a time-ordered set of data points that represent the values of a resource
over time
Metrics
For example, you can create a metric to track CPU utilization of an EC2 instance

Alarms allow you to watch CloudWatch metrics and to receive


notifications when the metrics fall outside of the configured
Alarms thresholds

Copyright 2023 nnSoftware GmbH. All rights reserved.


Configure CloudWatch Alarms

Copyright 2023 nnSoftware GmbH. All rights reserved.


EC2 Alarm Example

No alarm - within
threshold

Alarm triggered by
bringing down EC2
instance

In alarm state

Copyright 2023 nnSoftware GmbH. All rights reserved.


Custom Metrics Filter
Instead of using existing metrics, we can create own custom metrics

Filter pattern to filter specific


logs and create metric filter
from it

Copyright 2023 nnSoftware GmbH. All rights reserved.


Custom Metrics Filter for Failed Login Attempts
Create a metrics filter
for failed logins Metrics filter created

Copyright 2023 nnSoftware GmbH. All rights reserved.


Alarm for Failed Login Attempts
No alarm - within
threshold

Trigger alarm by simulating


failed login attempts

Failed login event log Alarm detail view


Wrap Up

Copyright 2023 nnSoftware GmbH. All rights reserved.


AWS Budgets
What is AWS Budgets?

With AWS Budgets service you can set custom


budgets to track your cost and usage
Get alerted if budget exceeds certain
threshold

Why it’s useful

AWS cloud is a paid platform


We might forget to delete resources or don’t
know about a service that was created in the
background
So it’s useful to set a limit to be aware of the
costs and be able to take actions

Copyright 2023 nnSoftware GmbH. All rights reserved.


AWS Budgets

You can set up a monthly cost budget

Copyright 2023 nnSoftware GmbH. All rights reserved.

You might also like