circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

CloudWatch

hashtag
Overview

AWS CloudWatch ingests and normalizes logs from Amazon Web Services CloudWatch in Logpoint. CloudWatch monitors AWS resources and applications in near real-time, generating comprehensive logs that provide visibility into system behavior, performance metrics, and security events. Once ingested, you can explore and analyze the data using Logpoint's search capabilities and available analytics for this integration. This gives you clear visibility into AWS infrastructure, API calls, resource operations, security events, application logs, and system metrics, enabling faster detection, compliance, and response.

The integration includes:

  • CloudWatchFetcher to retrieve logs from AWS CloudWatch Log Groups and Log Streams, and ingest them into Logpoint for processing.

  • CloudWatchCompiledNormalizer to convert parsed logs into a standardized format for consistent analysis across Logpoint.

  • Log Source Template (CloudWatch Fetcher) which provides a centralized interface for configuration.

When CloudWatch detects system events, resource state changes, API calls, or security-relevant activities with potential impact to your AWS environment, it generates detailed logs that enable monitoring, troubleshooting, and security analysis.

hashtag
Supported Events

  • AWS CloudWatch versions:

    • AWS CloudWatch (all current versions)

  • AWS resources monitored:

    • Amazon EC2 Instances: Instance operations, state changes, system logs, application logs

    • Amazon EBS Volumes: Volume operations, attachment events, snapshot activities

    • Elastic Load Balancers: Request logs, health check events, connection patterns, error responses

    • Amazon RDS DB Instances: Database operations, query logs, error logs, slow query logs, audit logs

  • CloudWatch log types:

    • CloudTrail Logs: API activity, user actions, service events, resource changes

    • VPC Flow Logs: Network traffic, connection attempts, accepted/rejected flows

    • Lambda Function Logs: Function invocations, execution details, errors, custom application logs

    • API Gateway Logs: API requests, response codes, latency metrics, integration errors

    • ECS/EKS Container Logs: Container output, application logs, orchestration events

    • CloudWatch Insights Queries: Custom query results, metric extractions, log analytics

    • Application Logs: Custom application logging from any AWS service

    • System Logs: Operating system events, service status, system metrics

    • Security Logs: Authentication attempts, authorization decisions, security group changes

    • CloudFormation Logs: Stack operations, resource provisioning, template validation

    • Route 53 Query Logs: DNS queries, resolver endpoints, query patterns

Last updated

Was this helpful?