A company has a legacy application that outputs all logs to a local text file.
Logs from all applications running on AWS must be continually monitored for security-related messages. What can be done to allow the company to deploy the legacy application on Amazon EC2 and still meet the monitoring requirement?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: B.
Option A is incorrect because this would not be the optimum solution since it will be just a long overdrawn process to achieve the requirement.
Option B is CORRECT because one can send the log files to CloudWatch Logs.
You can then specify metrics to search the logs for any specific values and create alarms based on these metrics.
Option C is incorrect because AWS Inspector cannot be used to monitor security-related messages.
Option D is incorrect because files cannot be exported to AWS CloudTrail, and the solution requires additional AWS services such as Athena and Lambda with additional resources and costs.
For more information on the Cloudwatch logs agent, please visit the below URL:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/QuickStartEC2Instance.htmlOption A:
This option suggests creating a Lambda function that mounts the Elastic Block Store (EBS) volume with the logs from the legacy application and scans the logs for security incidents. The function will be triggered every 5 minutes using a scheduled CloudWatch event.
The Lambda function will have to access the EBS volume that holds the log files. This can be done by using an Amazon Elastic File System (EFS) mount target on the EC2 instance, which will allow the Lambda function to read the log files from the EBS volume. The function can then scan the log files for security incidents, and if it finds any, it can trigger CloudWatch alarms to alert the security team.
Option B:
This option suggests sending the local text log files to CloudWatch Logs and configuring a CloudWatch metric filter. CloudWatch alarms will be triggered based on the metrics.
The legacy application's log files can be sent to CloudWatch Logs using the CloudWatch Logs Agent or by using the AWS CLI. Once the log files are in CloudWatch Logs, a CloudWatch metric filter can be created to look for security-related messages. If the filter detects any security incidents, CloudWatch alarms can be triggered to alert the security team.
Option C:
This option suggests installing the Amazon Inspector agent on any EC2 instance running the legacy application. CloudWatch alerts will be generated based on any Amazon Inspector findings.
Amazon Inspector is a security assessment service that can be used to find security vulnerabilities in EC2 instances. The Amazon Inspector agent will need to be installed on the EC2 instances running the legacy application. Once installed, the agent will periodically perform security assessments and generate findings. CloudWatch alerts can be generated based on the findings to alert the security team.
Option D:
This option suggests exporting the local text log files to CloudTrail. A Lambda function can then be created to query the CloudTrail logs for security incidents using Athena.
CloudTrail is a service that records AWS API calls and events. The local text log files from the legacy application can be exported to CloudTrail by sending them to an S3 bucket. Once the logs are in CloudTrail, a Lambda function can be created to query the logs using Athena. The function can look for security incidents and trigger CloudWatch alarms if any are found.
Overall, option B and option C are the most straightforward and easy to implement solutions. Option A and option D require more configuration and setup, and may be more complex to manage.