eG Monitoring
 

Measures reported by AWSCldTrailEvtTest

AWS CloudTrail is an AWS service that helps you enable governance, compliance, and operational and risk auditing of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.

Administrators can also configure event filters for events that are collected within a CloudTrail trail. This helps AWS customers save time and money by creating trails that contain a subset of overall API operations and account activity. To know which event filters have been created within which CloudTrail, use the AWSCldTrailEvtTest test!

This test automatically discovers the CloudTrail trails and event filters within each trail. For every event filter, the test reports the total count of events and count of error events captured by that filter. In the process, the test promptly alerts administrators when an error event is captured. Detailed diagnostics provided by this test reveals the complete details of events, thus enabling quick and easy event analysis and troubleshooting.

Outputs of the test : One set of results for each event type in every event filter.

First-level descriptor: AWS Region

Second-level descriptor: CloudTrail trail

Third-level descriptor: Event filter

The measures made by this test are as follows:

Measurement Description Measurement Unit Interpretation
Total_events Indicates the total number of events currently captured by this event filter.

For the All descriptor, this measure will report the total number of events captured by this CloudTrail across all its event filters. 		Number If the SHOW INFORMATION DD flag is set to Yes, then you can use the detailed diagnosis of this measure to know the complete details of the events captured by a particular event filter. The details include Event Name, Event Type, Event Source, Event Time, Source IP Address, Account ID, Region Name, User Name, User Type, User Access key and User Agent.
Error_events Indicates the number of error events currently captured by this event filter.

For the All descriptor, this measure will report the total number of error events captured by this CloudTrail across all its event filters. 		Number Ideally, the value of this measure should be 0. A non-zero value indicates that an error event has occurred.

In such a situation, you can use the detailed diagnosis of this measure to know the details of the error.