Hi, I am trying to configure filebeat to get logs from Cisco Umbrella but something don't work.
The logs are in a bucket Cisco managed.
If I try to list the bucket I am successful, with:
/usr/local/bin/aws s3 ls s3://umbrella-managed-<MyCompanyID>-<idKey>
is authenticated and work flawlessy.
If I configure the umbrella filebeat module in this way:
`umbrella: enabled: true var.input: s3 # AWS SQS queue url var.queue_url: https://sqs.eu-south-1.amazonaws.com/2395044/ # Access ID to authenticate with the S3 input var.access_key_id: <myKeyID> # Access key to authenticate with the S3 input var.secret_access_key: <mySecretAccessKey> # The duration that the received messages are hidden from ReceiveMessage request #var.visibility_timeout: 300s # Maximum duration before AWS API request will be interrupted #var.api_timeout: 120s`
I get a bunch of errors:
2020-11-26T19:00:25.335+0100 ERROR [input.s3] s3/collector.go:107 SQS ReceiveMessageRequest failed: InvalidClientTokenId: The security token included in the request is invalid.
I think I am missing the CiscoQueue, where can I find this queue ?