eG Help

Agents Administration - Tests

Default Parameters for AWSCldTrailEvtTest

This test automatically discovers the CloudTrail trails and event filters within each trail. For every event filter, the test reports the total count of events and count of error events captured by that filter. In the process, the test promptly alerts administrators when an error event is captured. Detailed diagnostics provided by this test reveals the complete details of events, thus enabling quick and easy event analysis and troubleshooting.

This page depicts the default parameters that need to be configured for the AWSCldTrailEvtTest.

The TEST PERIOD list box helps the user to decide how often this test needs to be executed.

To monitor an Amazon EC2 instance, the eG agent has to be configured with the access key and secret key of a user with a valid AWS account. For this purpose, we recommend that you create a special user on the AWS cloud, obtain the access and secret keys of this user, and configure this test with these keys. To know the procedure for this, click here. Specify the access key and secret key so obtained in the AWS ACCESS KEY and AWS SECRET KEY text boxes. Make sure you reconfirm the access and secret keys you provide here by retyping it in the CONFIRM AWS ACCESS KEY and CONFIRM AWS SECRET KEY text boxes.

In some environments, all communication with the AWS EC2 cloud and its regions could be routed through a proxy server. In such environments, you should make sure that the eG agent connects to the cloud via the proxy server and collects metrics. To enable metrics collection via a proxy, specify the IP address of the proxy server and the port at which the server listens against the PROXY HOST and PROXY PORT parameters. By default, these parameters are set to none, indicating that the eG agent is not configured to communicate via a proxy, by default.

If the proxy server requires authentication, then, specify a valid proxy user name and password in the PROXY USER NAME and PROXY PASSWORD parameters, respectively. Then, confirm the password by retyping it in the CONFIRM PASSWORD text box. By default, these parameters are set to none, indicating that the proxy sever does not require authentication by default.

If a Windows NTLM proxy is to be configured for use, then additionally, you will have to configure the Windows domain name and the Windows workstation name required for the same against the PROXY DOMAIN and PROXY WORKSTATION parameters. If the environment does not support a Windows NTLM proxy, set these parameters to none.

In the EXCLUDE REGION text box, you can provide a comma-separated list of region names or patterns of region names that you do not want to monitor. For instance, to exclude regions with names that contain &#lsquo;east’ and ‘west’ from monitoring, your specification should be: *east*,*west*.

By default, the SHOW ALL EVENTS flag is set to Yes. This implies that by default, this test will also report metrics for an additional All descriptor. Typically, the measures reported by the All descriptor will be the aggregate of the measures reported by all the other descriptors of this test - i.e., every measure reported by the All descriptor will return the sum of the values that all configured events have registered for that measure. This enables administrators to easily assess the overall performance of events configured for monitoring on a Cloud Trail.

Set the SHOW ALL ONLY flag to Yes, if you wish to view only the consolidated metrics of all the events of this test. In this case therefore, only the All descriptor will be listed for this test. By default, this flag is set to No.

In large AWS infrastructures, tens of thousands of CloudTrail events will be generated, even during normal operations. Naturally, the detailed diagnosis of such events will also occupy a considerable amount of database space; with time, this space consumption will grow. To minimize the strain on the eG database, by default, the detailed diagnosis capability is turned off for the Total events measure alone. Accordingly, the SHOW INFORMATION DD flag is set to No by default. If you want to view detailed metrics for the Total events measure, then set this flag to Yes.

Once the necessary values have been provided, clicking on the UPDATE button will register the changes made.

When changing default configurations of tests, the values with “$” indicate variables that will be replaced by the eG system according to the specific server being managed - for instance, $hostName is the host/nickname of the target host, $port is the port number of the server being monitored. E.g., for a server xyz:80, $hostName will be changed automatically by the eG manager to “xyz*” and $port will be changed to “80” when configuring a test.