From d9442e63b8a17086142c7ca90b9d9e80ecb0e89a Mon Sep 17 00:00:00 2001 From: sabiurr Date: Tue, 12 Jul 2022 12:46:36 -0400 Subject: [PATCH] Add handling for transit-gateway flow logs from cloudwatch + s3 logs (#585) * Add transit gateway cloudwatch logs handling * Add s3 bucket tg log parsing * Remove log * Change bucket key to transit-gateway --- aws/logs_monitoring/parsing.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/aws/logs_monitoring/parsing.py b/aws/logs_monitoring/parsing.py index 41e0ed14c..bb7cc8be5 100644 --- a/aws/logs_monitoring/parsing.py +++ b/aws/logs_monitoring/parsing.py @@ -174,6 +174,8 @@ def s3_handler(event, context, metadata): key = urllib.parse.unquote_plus(event["Records"][0]["s3"]["object"]["key"]) source = parse_event_source(event, key) + if "transit-gateway" in bucket: + source = "transitgateway" metadata[DD_SOURCE] = source metadata[DD_SERVICE] = get_service_from_tags(metadata) @@ -313,6 +315,7 @@ def find_cloudwatch_source(log_group): "cloudtrail", "msk", "elasticsearch", + "transitgateway", ]: if source in log_group: return source @@ -461,6 +464,8 @@ def awslogs_handler(event, context, metadata): # i.e. 123456779121_CloudTrail_us-east-1 if "_CloudTrail_" in logs["logStream"]: source = "cloudtrail" + if "tgw-attach" in logs["logStream"]: + source = "transitgateway" metadata[DD_SOURCE] = parse_event_source(event, source) metadata[DD_SERVICE] = get_service_from_tags(metadata)