An application outputs logs to a text file. The logs must be continuously monitored for security incidents. Which design will meet the requirements with MINIMUM effort?
A.
Create a scheduled process to copy the component's logs into Amazon S3. Use S3 events to trigger a Lambda function that updates Amazon CloudWatch metrics with the log data. Set up CloudWatch alerts based on the metrics.
B.
Install and configure the Amazon CloudWatch Logs agent on the application's EC2 instance. Create a CloudWatch metric filter to monitor the application logs. Set up CloudWatch alerts based on the metrics.
C.
Create a scheduled process to copy the application log files to AWS CloudTrail. Use S3 events to trigger Lambda functions that update CloudWatch metrics with the log data. Set up CloudWatch alerts based on the metrics.
D.
Create a file watcher that copies data to Amazon Kinesis when the application writes to the log file. Have Kinesis trigger a Lambda function to update Amazon CloudWatch metrics with the log data. Set up CloudWatch alerts based on the metrics.
Answer : Send the local text log files to CloudWatch Logs and configure a CloudWatch metric filter. Trigger cloudWatch alarms based on the metrics.
Explanation Answer – B One can send the log files to Cloudwatch Logs. Log files can also be sent from On-premise servers. You can then specify metrics to search the logs for any specific values. And then create alarms based on these metrics. Option A is invalid because this will be just a long over drawn process to achieve this requirement Option C is invalid because AWS Inspector cannot be used to monitor for security related messages. Option D is invalid because files cannot be exported to AWS Cloudtrail For more information on Cloudwatch logs agent, please visit the below URL https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/QuickStartEC2Instance.html
B is correct,
You can set your application to send logs and cloudwatch to receive them using the cloudwatrch agent. A Lambda is not necessary
https://aws.amazon.com/blogs/devops/new-how-to-better-monitor-your-custom-application-metrics-using-amazon-cloudwatch-agent/
B
Correct. You can see all of your logs, regardless of their source, as a single and consistent flow of events ordered in time by using CloudWatch Logs. You can query and sort your logs based on other dimensions, group them by specific fields, create custom computations by using a query language, and visualize log data on the dashboards.
For more information about CloudWatch Logs, see What is Amazon CloudWatch Logs?
For more information about CloudWatch metric filters, see Creating metrics from log events using filters.
It's wrongly worded question. No where the question says that Application is running on EC2 instance. Had the application been running on EC2 instances, it's no brainer that B is correct. But in the current form of Question, answer can be D as well.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
sarava
Highly Voted 3 years, 9 months agojosellama2000
Highly Voted 3 years, 9 months agoMike_1
3 years, 8 months agoRaphaello
Most Recent 1 year, 4 months agoosojg
1 year, 11 months agobbddmm
2 years, 1 month agopearl15
2 years, 5 months agoAndrii223
2 years agoxplusfb
2 years, 5 months agoskillz2investor
2 years, 7 months agoarae
2 years, 8 months agodcasabona
2 years, 11 months agoKurp
3 years agoremyy
3 years, 1 month agoRaySmith
3 years, 4 months agoamaltare
3 years, 4 months agoMoreOps
3 years, 4 months agofortune
3 years, 5 months agolotfi50
3 years, 5 months ago