Alert Logic Amazon Web Services (AWS) CloudWatch Events (CWE) Collector.
This repository contains the AWS CWE JavaScript Lambda function and CloudFormation Template (CFT) for deploying a CW events collector in AWS which will collect and forward CW events to the Alert Logic CloudInsight backend services.
Refer to CF template readme for installation instructions.
The Updater
is a timer triggered function that runs a deployment sync operation every 12 hours in order to keep
the collector lambda function up to date. The Updater
syncs from the Alert Logic S3 bucket where you originally
deployed from.
The Collector
function is an AWS lambda function which takes CloudWatch events from Kinesis and sends them to
the AlertLogic Ingest
service data API for further processing.
- A CloudWatch rule is used to send CloudWatch events to a AWS Kinesis stream.
- An AWS Event Source Mapping is used to invoke an Alert Logic
Collector
lambda function to read CloudWatch events from the Kinesis stream. - The Alert Logic
Collector
lambda function reads CloudWatch events from the Kinesis stream and forwards them to the Alert LogicIngest
service data API.
The Checkin
Scheduled Event trigger is used to report the health and status of the Alert Logic
AWS lambda collector to the Azcollect
back-end service based on an AWS Scheduled Event that
occurs every 15 minutes.
- Clone repo
git clone git@github.com:alertlogic/cwe-collector.git
cd cwe-collector
- Run
make compile test package
in order to perform code analysis, unit tests and package the lambda function into a zip file. - Run
make cfn
to check CloudFromation templates.
Please use the following code style as much as possible.
To get a debug trace, set an Node.js environment variable called DEBUG and specify the JavaScript module/s to debug.
E.g.
export DEBUG=*
export DEBUG=index
Or set an environment variable called "DEBUG" in your AWS stack (using the AWS console) for the "alertlogic-cwe-collector" AWS Lambda function, with value "index" or "*".
See debug for further details.
- Warning: Do Not add additional envrionment varaibles to
config.json
as older collectors do not have the permissions to edit their own environment variables. Adding these to teh config file will break updates on older collectors.
Eg. Dont do this:
{ { "Environment": { "path": "Envrioment.Variables.some_env_var_name", "value": "DO_NOT_DO_THIS" } }