Centralized logging - one region, perhaps one account (S3/VPC)
0
Hi, struggling with consolidating logs. I want to enable server access logging in S3 as well as VPC flow logging. Both need to have a logging bucket per region. That is not very scalable. Can't this be consolidated into one bucket? I'd also be fine having it all sent to a centralized log-archive account, if possible, but that probably needs bucket replication and doesn't solve the original issue of so many buckets required. Config logs and cloudtrail logs are nicely consolidated, but server access logs and VPC flow logs are not. A related point is if server access logging must be enabled (security-wise) on the bucket where server access logging takes place, don't you get into an endless loop? :/
Thanks! I did look at that, it's the one solution that always comes up when searching for centralized logging, but tbh it looked way too complicated for what I want, with Kinesis, OpenSeach, Kibana, etc. I don't need all of that. I just want to minimize the amount of buckets for my logging, which seems extensive when one just enables all logging to be Security Hub compliant.
GuardDuty can analyze those logs just fine, or even Cloudwatch, I don't need to do OpenSearch/Kinesis/Kibana overhead, I think :/ but please correct me if I'm wrong!
Thanks again, I do appreciate the prompt response!
Thanks! I did look at that, it's the one solution that always comes up when searching for centralized logging, but tbh it looked way too complicated for what I want, with Kinesis, OpenSeach, Kibana, etc. I don't need all of that. I just want to minimize the amount of buckets for my logging, which seems extensive when one just enables all logging to be Security Hub compliant.
GuardDuty can analyze those logs just fine, or even Cloudwatch, I don't need to do OpenSearch/Kinesis/Kibana overhead, I think :/ but please correct me if I'm wrong!
Thanks again, I do appreciate the prompt response!