Cloud Custodian Policy Health Checks

((_source="cloudcustodian-run-log" and _collector="Collector-name" error))
| parse field=_sourceName "*/*/*/*/*/*/*/*" as clogs, account_id, policies_name, year, month, date, _min, crunlog nodrop
| parse regex "An error occurred (?<error>.*)" nodrop
| parse regex "error:(?<error>.*)" nodrop
| count (error) group by policies_name, error, methodd
_source="cloudcustodian-run-log" and _collector="Collector-name" error !"Access Denied" !"AccessDenied"
| parse field=_sourceName "*/*/*/*/*/*/*/*" as clogs, account_id, policies_name, year, month, date, _min, crunlog nodrop
| parse regex "An error occurred (?<error>.*)" nodrop
| parse regex "error:(?<error>.*)" nodrop
| count (error) group by policies_name, error

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aakif Shaikh, CISSP, CEH, CHFI, CISA, GWAPT

Aakif Shaikh, CISSP, CEH, CHFI, CISA, GWAPT

Over 18 years of experience in a wide variety of technical domains within information security including information assurance, compliance, and risk management.