This page describes how to set up an HTTP webhook for S3 audit purposes.
S3 API calls can generate JSON events that many webhook target applications can receive as a stream of events and use them for auditing and analysis purposes. Such applications (see Splunk example below) should be configured to accept the events stream and provide it with an authentication token.
If the application cannot receive the events, the events are kept in the S3 cluster until the connection to the application is back, and events are synced.
Note: In the event of a long-term disconnect from the webhook application, the S3 clusters' internal events buffer may fill up. Events will get thrown away if the internal buffer is filled. For this reason, the external webhook target application's availability should be monitored.
Managing S3 Audit in Weka
Enabling an Audit Webhook for S3 APIs
Command:weka s3 cluster audit-webhook enable
Use the following command line to enable an audit webhook for the S3 cluster:
Follow the steps in Create an Event Collector token on Splunk to create a token that Weka will use to access the Splunk as HTTP webhook. You can create a new index or use an existing one for easy discovery/monitor/query.
Make sure to copy the created token for later use.
Step 3: Testing the Configuration
To make sure the configuration works, send a test event as suggested here.