Destino Amazon Security Lake
Utiliza el destino Amazon Security Lake de Observability Pipelines para enviar logs a Amazon Security Lake.
Requisitos previos
Antes de configurar el destino Amazon Security Lake, debes hacer lo siguiente:
The Amazon Security Lake destination is in Preview. Complete the
form to request access.
- Follow the Getting Started with Amazon Security Lake to set up Amazon Security Lake, and make sure to:
- Enable Amazon Security Lake for the AWS account.
- Select the AWS regions where S3 buckets will be created for OCSF data.
- Take note of the Amazon Security Lake S3 bucket name. The bucket name is used when you set up the Amazon Security Lake destination in Observability Pipelines.
- Follow Collecting data from custom sources in Security Lake to create a custom source in Amazon Security Lake.
Configuración
Configura el destino Amazon Security Lake y sus variables de entorno cuando configures un pipeline. La siguiente información se configura en la interfaz de usuario del pipeline.
Configurar el destino
- Enter your S3 bucket name.
- Enter the AWS region.
- Optionally, toggle the switch to enable TLS. If you enable TLS, the following certificate and key files are required.
Note: All file paths are made relative to the configuration data directory, which is /var/lib/observability-pipelines-worker/config/
by default. See Advanced Configurations for more information. The file must be owned by the observability-pipelines-worker group
and observability-pipelines-worker
user, or at least readable by the group or user.Server Certificate Path
: The path to the certificate file that has been signed by your Certificate Authority (CA) Root File in DER or PEM (X.509).CA Certificate Path
: The path to the certificate file that is your Certificate Authority (CA) Root File in DER or PEM (X.509).Private Key Path
: The path to the .key
private key file that belongs to your Server Certificate Path in DER or PEM (PKCS#8) format.
Notes:
- When you add the Amazon Security Lake destination, the OCSF processor is automatically added so that you can convert your logs to Parquet before they are sent to Amazon Security Lake. See Remap to OCSF documentation for setup instructions.
- Only logs formatted by the OCSF processor are converted to Parquet.
Configurar las variables de entorno
There are no environment variables to configure for the Amazon Security Lake destination.
Autenticación AWS
To use the Amazon Security Lake destination, you need to set up AWS credential files and environment variables. Observability Pipelines uses those credentials to send logs to Amazon Security Lake. Datadog recommends setting up a specific AWS profile that can be used by Observability Pipelines.
The Observability Pipelines Worker uses the standard AWS credential provider chain for authentication. See AWS SDKs and Tools standardized credential providers for more information.
Permisos
For Observability Pipelines to send logs to Amazon Security Lake, the following policy permissions are required:
s3:ListBucket
s3:PutObject
Cómo funciona el destino
Colocación de eventos en lotes
Un lote de eventos se descarga cuando se cumple uno de estos parámetros. para obtener más información, consulta lotes de eventos.
Eventos máximos | Bytes máximos | Tiempo de espera (segundos) |
---|
Ninguno | 256,000,000 | 300 |