Introduction

Download this manual as a PDF file

The following sections provide an overview of AWS ELK stacks and the ELK: AWS CloudTrail PowerPack:

The ELK: AWS CloudTrail PowerPack is meant to be used in conjunction with the Amazon Web Services PowerPack. For more information about the Amazon Web Services PowerPack, including how to install the PowerPack and discover AWS devices, see the section on Monitoring Amazon Web Services.

What is an AWS ELK Stack?

An ELK stack is a centralized log management platform consisting of three open-source products:

  • Elasticsearch, a storage solution with search and indexing capabilities
  • Logstash, a server-side data collection engine
  • Kibana, a web user interface used for visualizing stored data

In an ELK stack, Logstash collects data, Elasticsearch indexes and stores the data, and Kibana visually presents the data in a user-friendly manner.

You can install an ELK stack on an Amazon Web Services instance to collect, store, and visualize data about that instance.

What Does the ELK: AWS CloudTrail PowerPack Monitor?

The ELK: AWS CloudTrail PowerPack includes the following features:

  • A sample Credential that you can use to create Basic/Snippet credentials to monitor AWS component devices in ELK stacks
  • Dynamic Applications that align to AWS component devices in ELK stacks and then monitor CloudTrail logs and states changes on EC2 instances
  • An Event Policy that notifies users when the ELK Dynamic Applications have aligned to AWS components
  • Run Book Policies and Actions that align the ELK Dynamic Applications to AWS components and update the alignment status on the ScienceLogic Data Collector or All-In-One Appliance

Installing the ELK: AWS CloudTrail PowerPack

Before completing the steps in this section, you must import and install the latest version of the ELK: AWS CloudTrail PowerPack.

By default, installing a new version of a PowerPack overwrites all content from a previous version of that PowerPack that has already been installed on the target system. You can use the Enable Selective PowerPack Field Protection setting in the Behavior Settings page (System > Settings > Behavior) to prevent new PowerPacks from overwriting local changes for some commonly customized fields. For more information, see the section on Global Settings.

Ensure that you are running version 12.1.2 or later of SL1 before installing this PowerPack. For details on upgrading SL1, see the relevant SL1 Platform Release Notes.

To download and install the PowerPack:

  1. Search for and download the PowerPack from the PowerPacks page (Product Downloads > PowerPacksSyncPacks) at the ScienceLogic Support Site.
  2. In SL1, go to the PowerPacks page (System > Manage > PowerPacks).
  3. Click the Actions button and choose Import PowerPack. The Import PowerPack dialog box appears.
  4. Click [Browse] and navigate to the PowerPack file from step 1.
  5. Select the PowerPack file and click Import. The PowerPack Installer modal displays a list of the PowerPack contents.
  6. Click Install. The PowerPack is added to the PowerPacks page.

If you exit the PowerPack Installer modal without installing the imported PowerPack, the imported PowerPack will not appear in the PowerPacks page. However, the imported PowerPack will appear in the Imported PowerPacks modal. This page appears when you click the Actions menu and select Install PowerPack.