AlienVault® USM Anywhere™

Collecting ELB Access Logs

Role Availability Read-Only Analyst   Manager

Elastic Load Balancing (ELB) is an important feature in Amazon Web Services (AWS) because it automatically distributes incoming application traffic across multiple targets. AWS ELB access logs provide insight into who is accessing your web resources. They also help you identify common abuse patterns and use of automated hacking tools such as web application scanners.

USM Anywhere supports log discovery in two types of load balancers:

  • AWS Application Load Balancer: You must enable Application Load Balancer logs for every AWS ELB that you want to monitor. See the Amazon documentation to learn how to enable Application Load Balancer access logging in AWS,

  • AWS Classic Load Balancer: You must enable Classic Load Balancer logs for every AWS ELB that you want to monitor. See the Amazon documentation to learn how to enable Classic Load Balancer access logging in AWS.

The AWS sensor automatically detects ELB access logs after you have enabled them in AWS. All you need to do is to enable the log collection job in USM Anywhere.

To enable AWS ELB access log collection in USM Anywhere

  1. Go to Settings > Scheduler.
  2. In the left navigation pane, click Log Collection.

  3. Locate the Discover Elastic Load Balancer (ELB) job and click the icon.

    This turns the icon green ( ). To disable an already-enabled job, toggle the icon to its original status.

After you have enabled log collection, USM Anywhere automatically discovers your AWS ELB access logs every 20 minutes. They will now begin generating events and you can see them in the AWS Load Balancer Dashboard.