Carbon Black
With this integration, you can collect Logs from Carbon Black and forward them to Logz.io.
Set Carbon Black Event Forwarder
Follow Carbon Black instructions for forwarding events to S3 bucket
Create new stack
To deploy this project, click the button that matches the region you wish to deploy your stack to:
| Region | Deployment |
|---|---|
us-east-1 |  |
us-east-2 | |
us-west-1 | |
us-west-2 | |
eu-central-1 | |
eu-north-1 | |
eu-west-1 | |
eu-west-2 | |
eu-west-3 | |
sa-east-1 | |
ap-northeast-1 | |
ap-northeast-2 | |
ap-northeast-3 | |
ap-south-1 | |
ap-southeast-1 | |
ap-southeast-2 | |
ca-central-1 | |
Specify stack details
Specify the stack details as per the table below, check the checkboxes and select Create stack.
| Parameter | Description | Required/Default |
|---|---|---|
logzioListener | The Logz.io listener URL for your region. (For more details, see the regions page | Required |
logzioToken | Your Logz.io log shipping token. | Required |
logLevel | Log level for the Lambda function. Can be one of: debug, info, warn, error, fatal, panic. | Default: info |
logType | The log type you'll use with this Lambda. This is shown in your logs under the type field in OpenSearch Dashboards. Logz.io applies parsing based on the log type. | Default: s3_hook |
pathsRegexes | Comma-seperated list of regexes that match the paths you'd like to pull logs from. | - |
pathToFields | Fields from the path to your logs directory that you want to add to the logs. For example, org-id/aws-type/account-id will add each of the fields ord-id, aws-type and account-id to the logs that are fetched from the directory that this path refers to. | - |
Add trigger
After deploying the stack, wait a few minutes for it to complete. Once your Lambda function is ready, you'll need to manually add a trigger due to CloudFormation limitations:
Navigate to the function's page and click on Add trigger.
Choose S3 as a trigger, and fill in:
- Bucket: Your bucket name.
- Event type: Select
All object create events. - Prefix and Suffix: Leave these fields empty.
Confirm the checkbox, and click Add.
Send logs
Your function is now configured. When you upload new files to your bucket, the function will be triggered, and the logs will be sent to your Logz.io account.
Parsing
The S3 Hook will automatically parse logs if the object's path contains the phrase cloudtrail (case insensitive).
Check your logs
Allow some time for data ingestion, then check your OpenSearch Dashboards.
Encounter an issue? See our log shipping troubleshooting guide.