Environment 

Deployment Tasks 

  • Collect audit events generated from Aqua CSP 
  • Send them to SolarWinds Loggly, a cloud-based log management and analysis solution 
  • Integrate Loggly with Aqua CSP 


Deployment Steps 


Step 1: Configure Loggly 

  • Ensure that you have access to Logglyand you can successfully log in to the service. 
  • Once logged in, select a "Log Source": 
  • Click on the Source Setup tab and choose the "HTTP/S Event Endpoint" option as your Log Source: 

 

You receive the "HTTP/S Event Endpoint"page which will provide CURL instructions to test events. 

You also receive a URL that you can use to configure your application to POST data directly to Loggly: 

 

We recommend sending a test eventprovided on this page, from your shell This ensures that the Loggly endpoint is working correctly. Both of the tests should return the following output: 

{"response""ok"} 

  • Take note of the URL that was generated by Loggly in the second step. This URL will be used to post Aqua audit events directly to Loggly. 

  • Keep this page open as you will visit it again to verify your connection. 

Step 2: Configure Aqua CSP with Loggly 

  • To ensure that Aqua sends  scan results to Logglyenable this by going to > Aqua UI > System > Settings > Scan Options >  
  • Make that "Send scan results to log management systems" is checked. [0, 1] 
  • Once enabled, configure Aqua with Loggly > Aqua UI > System > Integrations > Log management > Loggly >  
  • Make sure that the checkbox is "Enabled" >.  In the Service URL, enter the URL from Step 1; 

 

  • Test the connection between Aqua and Loggly and make sure that it is successful; 

 

  • Save the configuration before you continue: 

 

Step 3: Confirm that Aqua Audit Events Register in Loggly 

  • Once Loggly has been enabled in Aqua successfully, revisit the open "HTTP/S Event Endpoint" web page in Step 1This provides the CURL instructions to test events and a URL which you can use to configure your application to POST data directly to Loggly. 
  • Click "Verify now" to check and confirm that the audit events are being received successfully from Aqua: 

 

  • If successful, you will see the following output: 

 

Step 4: View Aqua Audit Events in Loggly 

  • Click on the "Show me my logs" hyperlink, which displays the Aqua audit events sent to Loggly; 

 

  • To encrypt the data being sent over to Loggly, change the URL from http to https. Note that the SSL handshake may increase latency. It will also use port 443 instead of port 80. [2] 

Related information