Documentation Center
AlienVault® USM Anywhere™

Enabling AWS Log Collection

  Role Availability   Read-Only   Analyst   Manager

AWS sensor CloudWatch Logs can be used to aggregate and store application logs. This provides an easy mechanism for transporting log files from your running instances to a place where USM Anywhere can access them without having to change any network access settings.

The advantage of CloudWatch Logs is the ability to easily configure additional metadataInformation about other associated data, used to help organize information, provide identification, support archiving of data, and other functions. to be processed with the log files. It also simplifies the task of moving log files around EC2. But, if you don't want to use this utility, USM Anywhere also lets you monitor an S3 bucket, and move log files there using the tools of your choice.

After you've enabled logs, such as S3 and Cloudwatch, USM Anywhere automatically discovers them and they can start generating events, based on CloudTrail, S3, ELB Access, and other security logs.

After deployment, all of the USM Anywhere out-of-box logs you see in the Setup Wizard are disabled by default. To start log collection jobs for the logs of your choice, you must enable them on this page.

To enable out-of-box logs in USM Anywhere

  1. Choose SETTINGS > SCHEDULER to open the Job Scheduler page.
  2. Locate the jobs you want to enable to collect events or asset information and click the disabled icon ().
  3. This turns the icon green (). To disable an already enabled job, toggle the icon to its original status.

Access the log collection jobs and toggle the Enable/Disable icon