Hi, I am trying to configure filebeat to get logs from Cisco Umbrella but something don't work.
The logs are in a bucket Cisco managed.
If I try to list the bucket I am successful, with:
/usr/local/bin/aws s3 ls s3://umbrella-managed-<MyCompanyID>-<idKey>
is authenticated and work flawlessy.
If I configure the umbrella filebeat module in this way:
`umbrella:
enabled: true
var.input: s3
# AWS SQS queue url
var.queue_url: https://sqs.eu-south-1.amazonaws.com/2395044/
# Access ID to authenticate with the S3 input
var.access_key_id: <myKeyID>
# Access key to authenticate with the S3 input
var.secret_access_key: <mySecretAccessKey>
# The duration that the received messages are hidden from ReceiveMessage request
#var.visibility_timeout: 300s
# Maximum duration before AWS API request will be interrupted
#var.api_timeout: 120s`
I get a bunch of errors:
2020-11-26T19:00:25.335+0100 ERROR [input.s3] s3/collector.go:107 SQS ReceiveMessageRequest failed: InvalidClientTokenId: The security token included in the request is invalid.
I think I am missing the CiscoQueue, where can I find this queue ?
Thank you