W E K A
3.14
3.14
  • WEKA v3.14 Documentation
  • Weka System Overview
    • About the WEKA System
    • SSD Capacity Management
    • Filesystems, Object Stores & Filesystem Groups
    • Weka Networking
    • Data Lifecycle Management
    • Weka Client & Mount Modes
    • Glossary
  • Getting Started with Weka
    • Quick Install Guide
    • Managing the Weka System
    • CLI Overview
    • GUI Overview
    • Serving IOs with WekaFS
  • Planning & Installation
    • Prerequisites for Installation
    • Bare Metal Installation
      • Planning a Weka System Installation
      • Setting Up the Hosts
        • SR-IOV Enablement
      • Obtaining the Weka Install File
      • Weka System Installation Process Using the CLI
      • Adding Clients
    • AWS Installation
      • Self-Service Portal
      • CloudFormation Template Generator
      • Deployment Types
      • AWS Outposts Deployment
      • Supported EC2 Instance Types
      • Adding Clients
      • Auto Scaling Group
      • Troubleshooting
  • Performance
    • Testing Weka Performance
      • Test Environment Details
  • WekaFS Filesystems
    • Managing Filesystems, Object Stores & Filesystem Groups
      • Managing Object Stores
      • Managing Filesystem Groups
      • Managing Filesystems
      • Attaching/Detaching Object Stores to/from Filesystems
      • KMS Management
    • Advanced Data Lifecycle Management
      • Advanced Time-based Policies for Data Storage Location
      • Data Management in Tiered Filesystems
      • Transition Between Tiered and SSD-Only Filesystems
      • Manual fetch and release of data
    • Mounting Filesystems
    • Snapshots
    • Snap-To-Object
    • Quota Management
  • Additional Protocols
    • NFS
    • SMB
      • SMB Management Using CLIs
      • SMB Management Using the GUI
    • S3
      • S3 Cluster Management
      • S3 Buckets Management
      • S3 Users and Authentication
      • S3 Information Lifecycle Management
      • Audit S3 APIs
      • S3 Limitations
      • S3 Examples using boto3
  • Operation Guide
    • Alerts
      • List of Alerts
    • Events
      • List of Events
    • Statistics
      • List of Statistics
    • System Congestion
    • Security
      • User Management
      • Organizations
    • Expanding & Shrinking Cluster Resources
      • Expand & Shrink Overview
      • Stages in Adding a Backend Host
      • Expansion of Specific Resources
      • Shrinking a Cluster
    • Background Tasks
    • Upgrading Weka Versions
  • Billing & Licensing
    • License Overview
    • Classic License
    • Pay-As-You-Go License
  • Support
    • Prerequisites and Compatibility
    • Getting Support for Your Weka System
    • The Weka Support Cloud
    • Diagnostics CLI Command
  • Appendix
    • Weka CSI Plugin
    • External Monitoring
    • Snapshot Management
  • REST API
Powered by GitBook
On this page
  • Overview
  • Managing S3 Audit in Weka
  • Enabling an Audit Webhook for S3 APIs
  • Disabling an Audit Webhook for S3 APIs
  • View the Audit Webhook Configuration
  • Example: How to use Splunk to audit S3
  • Step 1: Configuring the HEC
  • Step 2: Creating a Token
  • Step 3: Testing the Configuration
  • Step 4: Configuring the audit-webhook in Weka
  1. Additional Protocols
  2. S3

Audit S3 APIs

This page describes how to set up an HTTP webhook for S3 audit purposes.

Overview

S3 API calls can generate JSON events that many webhook target applications can receive as a stream of events and use them for auditing and analysis purposes. Such applications (see Splunk example below) should be configured to accept the events stream and provide it with an authentication token.

Enabling an audit webhook comes instead of the BucketLogging S3 APIs and follows a similar best-effort nature. The purpose of these audit logs is to give an idea of the nature of traffic.

Note: In the event of a disconnection from the webhook application, or if the S3 clusters' internal events buffer fills up, events will get thrown away. It is advised to monitor the external webhook target application's availability.

Managing S3 Audit in Weka

Enabling an Audit Webhook for S3 APIs

Command: weka s3 cluster audit-webhook enable

Use the following command line to enable an audit webhook for the S3 cluster:

weka s3 cluster audit-webhook enable <--endpoint endpoint> <--auth-token auth-token>

Parameters in Command Line

Name

Type

Value

Limitations

Mandatory

Default

endpoint

String

The webhook endpoint

None

Yes

auth-token

Boolean

The authentication token obtained from the webhook service

None

Yes

Disabling an Audit Webhook for S3 APIs

Command: weka s3 cluster audit-webhook disable

Use this command to disable the audit webhook.

View the Audit Webhook Configuration

Command: weka s3 cluster audit-webhook show

Use this command to view the audit webhook configuration.

Example: How to use Splunk to audit S3

Setting up an HTTP Event Collector (HEC)

Step 1: Configuring the HEC

Step 2: Creating a Token

Make sure to copy the created token for later use.

Step 3: Testing the Configuration

curl -k  https://hec.example.com:8088/services/collector/raw -H "Authorization: Splunk B5A79AAD-D822-46CC-80D1-819F80D7BFB0" -d '{"event": "hello world"}'
{"text": "Success", "code": 0}

Now you can search the index you've created in Splunk and see this event.

Step 4: Configuring the audit-webhook in Weka

As a cluster admin, run the following CLI command to enable the audit webhook:

weka s3 cluster audit-webhook enable --endpoint=https://splunk-server:8088/services/collector/raw --auth-token='\"Splunk B5A79AAD-D822-46CC-80D1-819F80D7BFB0\"'
PreviousS3 Information Lifecycle ManagementNextS3 Limitations

Last updated 3 years ago

Follow the steps in . Since the S3 event stream is provided in JSON format, choose _json as the data source type.

Follow the steps in to create a token that Weka will use to access the Splunk as HTTP webhook. You can create a new index or use an existing one for easy discovery/monitor/query.

To make sure the configuration works, send a test event as suggested .

Enable HTTP Event Collector on Splunk
Create an Event Collector token on Splunk
here