diff --git a/docs/integrations/amazon-aws/rds.md b/docs/integrations/amazon-aws/rds.md index 27d7c56903..8c0348d98b 100644 --- a/docs/integrations/amazon-aws/rds.md +++ b/docs/integrations/amazon-aws/rds.md @@ -10,7 +10,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl'; [Amazon Relational Database Service (Amazon RDS)](https://aws.amazon.com/rds/) is a managed database service, optimized to run in the cloud. The RDS Amazon Web Service (AWS) simplifies the setup, operation, and scaling of relational database instances for use in applications throughout your infrastructure. -The Sumo Logic Amazon RDS app dashboards provide visibility into the performance and operations of your Amazon Relational Database Service (RDS). Preconfigured dashboards allow you to monitor critical metrics of your RDS instance(s) or cluster(s) including CPU, memory, storage, network transmits and receive throughput, read and write operations, database connection count, disk queue depth, and more. CloudTrail Audit dashboards help you monitor activities performed on your RDS infrastructure. MySQL Logs dashboards helps you monitor database errors, slow queries, audit sql queries and generic activities. PostgreSQL logs dashboard help you to monitor database errors, slow queries, database security, and query execution timings. MSSQL Logs dashboards helps you monitor error logs and basic infrastructure details. +The Sumo Logic Amazon RDS app dashboards provide visibility into the performance and operations of your Amazon Relational Database Service (RDS). Preconfigured dashboards allow you to monitor critical metrics of your RDS instance(s) or cluster(s) including CPU, memory, storage, network transmits and receive throughput, read and write operations, database connection count, disk queue depth, and more. CloudTrail Audit dashboards help you monitor activities performed on your RDS infrastructure. MySQL Logs dashboards helps you monitor database errors, slow queries, audit sql queries and generic activities. PostgreSQL logs dashboard help you to monitor database errors, slow queries, database security, and query execution timings. MSSQL Logs dashboards helps you monitor error logs and basic infrastructure details. Oracle CloudTrail and CloudWatch Logs dashboards provide monitoring for error logs and essential infrastructure details. ## Log and metrics types @@ -20,6 +20,7 @@ The Amazon RDS app uses the following logs and metrics: * [Publishing RDS CloudWatch Logs, RDS Database logs for Aurora MySQL, RDS MySQL, MariaDB](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.MySQLDB.PublishtoCloudWatchLogs.html). * [Publishing RDS CloudWatch logs, RDS Database logs for Aurora PostgreSQL, RDS PostgreSQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.PostgreSQL.html#USER_LogAccess.Concepts.PostgreSQL.PublishtoCloudWatchLogs) * [Publishing RDS CloudWatch logs, RDS Database logs for RDS MSSQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.SQLServer.html#USER_LogAccess.SQLServer.PublishtoCloudWatchLogs) +* [Publishing RDS CloudWatch logs, RDS Database logs for RDS Oracle](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.Oracle.html#USER_LogAccess.Oracle.PublishtoCloudWatchLogs) ### Sample CloudTrail log message
@@ -216,6 +217,7 @@ account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds*SlowQue | avg(query_time) as avgTime, sum(query_time) as totalTime, min(query_time) as minTime, max(query_time) as maxTime, avg(rows_examined) as avgRowsExamined, avg(rows_sent) as avgRowsSent, avg(Lock_Time) as avgLockTime, count as frequency group by sql_cmd, user, ip_addr | sort by avgTime | limit 100 ``` + ```sql title="Audit Logs (MySQL CloudWatch log based)" account=* region=* dbidentifier=* namespace=aws/rds _sourceHost=/aws/rds*Audit CONNECT | json "message" nodrop | if (_raw matches "{*", message, _raw) as message @@ -270,6 +272,35 @@ account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds/*Error | sort by _timeslice ``` +```sql title="Engine and Its DB Instance (Oracle CloudTrail log based)" +account=* region=* namespace=aws/rds "\"eventSource\":\"rds.amazonaws.com\"" !errorCode +| json "eventTime", "eventName", "eventSource", "awsRegion", "userAgent", "recipientAccountId", "userIdentity", "requestParameters", "responseElements", "errorCode", "errorMessage", "requestID", "sourceIPAddress" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop +| where event_source = "rds.amazonaws.com" +| json "requestParameters.engine", "responseElements.engine" as engine1, engine2 nodrop +| if (!isEmpty(engine1), engine1, engine2) as engine +| where !isEmpty(engine) and engine contains "oracle" +| json field=userIdentity "accountId", "arn", "userName", "type" as accountId, arn, username, type nodrop +| parse field=arn ":assumed-role/*" as user nodrop | parse field=arn "arn:aws:iam::*:*" as accountId, user nodrop +| json field=requestParameters "dBInstanceIdentifier", "resourceName", "dBClusterIdentifier" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop +| json field=responseElements "dBInstanceIdentifier" as dBInstanceIdentifier3 nodrop +| parse field=resourceName "arn:aws:rds:*:db:*" as f1, dBInstanceIdentifier2 nodrop +| if (resourceName matches "arn:aws:rds:*:db:*", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier +| where !isEmpty(dBInstanceIdentifier) +| count as freq by engine, dBInstanceIdentifier +| sort by dBInstanceIdentifier, engine asc +| fields -freq +``` + + +```sql title="ORA Messages Over Time (Oracle CloudWatch log based)" +account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds/*alert ORA-* +| json "message" nodrop | if (_raw matches "{*", message, _raw) as message +| parse regex field=message "(?ORA-\d{5}): (?.*)" multi +| timeslice 1s +| count as eventCount by oraerr, _timeslice +| transpose row _timeslice column oraerr +``` + ## Collecting logs and metrics for the Amazon RDS app Sumo Logic supports collecting metrics using two source types: @@ -332,10 +363,18 @@ We recommend not to set `log_statement` to any value other than none (default va ::: #### MSSQL + - Amazon RDS [MSSQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.SQLServer.html) supports [publishing the following MSSQL logs to CloudWatch](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.SQLServer.html#USER_LogAccess.SQLServer.PublishtoCloudWatchLogs): - Agent - Error +#### Oracle + +- Amazon RDS [Oracle](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.Oracle.html) supports [publishing the following Oracle logs to CloudWatch](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.Oracle.html#USER_LogAccess.Oracle.PublishtoCloudWatchLogs): + - Alert logs + - Audit files + - Listener logs + Sumo Logic supports several methods for collecting logs from Amazon CloudWatch. You can choose either of them to collect logs: - **AWS Kinesis Firehose for Logs**. Configure an [AWS Kinesis Firehose for Logs](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source/#create-an-aws-kinesis-firehose-for-logssource) (Recommended); or @@ -458,9 +497,9 @@ import AppInstall from '../../reuse/apps/app-install.md'; We highly recommend you view these dashboards in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability) of the AWS Observability solution. -### 1. Amazon RDS Overview +### Overview -The **Amazon RDS Overview** dashboard provides insights into RDS resource statistics and utilization throughout your infrastructure, including CPU, memory, latency, storage, and network throughput. +The **Amazon RDS - Overview** dashboard provides insights into RDS resource statistics and utilization throughout your infrastructure, including CPU, memory, latency, storage, and network throughput. Use this dashboard to: * Get a high-level overview of your Amazon RDS infrastructure. @@ -469,9 +508,9 @@ Use this dashboard to: Amazon RDS dashboard -### 2. Amazon RDS CloudTrail Audit Events +### CloudTrail Audit Events -The **Amazon RDS CloudTrail Audit Events** dashboard provides insights into audit events of your database instances and clusters. +The **Amazon RDS - CloudTrail Audit Events** dashboard provides insights into audit events of your database instances and clusters. Use this dashboard to: * Monitor Amazon RDS-related audit logs using CloudTrail Events. @@ -481,9 +520,9 @@ Use this dashboard to: Amazon RDS dashboard -### 3. Amazon RDS Non-Describe CloudTrail Audit Events +### Non-Describe CloudTrail Audit Events -**Amazon RDS Non-Describe CloudTrail Audit Events** dashboard provides statistical and detailed insights into Non-Describe DB Instance, SnapShot, Cluster, and Security group events. +The **Amazon RDS- Non-Describe CloudTrail Audit Events** dashboard provides statistical and detailed insights into Non-Describe DB Instance, SnapShot, Cluster, and Security group events. Use this dashboard to: * Monitor Amazon RDS-related non-describe audit logs using CloudTrail Events. @@ -493,9 +532,9 @@ Use this dashboard to: Amazon RDS dashboard -### 01. Amazon RDS Overview By Database Instance +### Overview By Database Instance -**Amazon RDS Overview By Database Instance** dashboard provides insights into resource statistics and utilization per database instance throughout your infrastructure. Panels display data for CPU, memory, latency, storage, and network throughput per database instance. +The **Amazon RDS - Overview By Database Instance** dashboard provides insights into resource statistics and utilization per database instance throughout your infrastructure. Panels display data for CPU, memory, latency, storage, and network throughput per database instance. Use this dashboard to: * Quickly identify performance or resource utilization issues in your RDS clusters. @@ -503,9 +542,9 @@ Use this dashboard to: Amazon RDS dashboard -### 02. Amazon RDS Performance Insights +### Performance Insights -The **Amazon RDS Performance Insights** dashboard provides intuitive performance data from throughout your RDS infrastructure across CPU load, non-CPU load, active sessions, and performance trends. +The **Amazon RDS - Performance Insights** dashboard provides intuitive performance data from throughout your RDS infrastructure across CPU load, non-CPU load, active sessions, and performance trends. Use this dashboard to: * Monitor Amazon RDS DB instance loads to analyze and troubleshoot database performance. @@ -516,7 +555,7 @@ Use this dashboard to: ### 03. Amazon RDS Aurora Generic -The **Amazon RDS Aurora Generic** dashboard provides generic AWS Aurora performance statistics across your infrastructure for uptime, replica lag, latency, network throughput, volume, and storage. +The **Amazon RDS - Aurora Generic** dashboard provides generic AWS Aurora performance statistics across your infrastructure for uptime, replica lag, latency, network throughput, volume, and storage. Use this dashboard to: * Monitor common health and performance metrics of your RDS Amazon Aurora MySQL/PostgreSQL cluster. @@ -527,9 +566,9 @@ Use this dashboard to: Amazon RDS dashboard -### 04. Amazon RDS Aurora MySQL +### Aurora MySQL -**Amazon RDS Aurora MySQL** dashboard provides intuitive Aurora MySQL performance data from across your infrastructure for latency, throughput, active and blocked transactions, queries, login failures, and replica lag. +The **Amazon RDS - Aurora MySQL** dashboard provides intuitive Aurora MySQL performance data from across your infrastructure for latency, throughput, active and blocked transactions, queries, login failures, and replica lag. Use this dashboard to: * Monitor the health and performance of your RDS Amazon Aurora MySQL instances and cluster. @@ -540,9 +579,9 @@ Use this dashboard to: Amazon RDS dashboard -### 05. Amazon RDS Aurora MySQL Global Database and BackTrack Activity +### Aurora MySQL Global Database and BackTrack Activity -**Amazon RDS Aurora MySQL Global Database and BackTrack Activity** dashboard provides insights into Aurora MySQL performance data from across your infrastructure for Global Database activity and Backtrack activity. +The **Amazon RDS - Aurora MySQL Global Database and BackTrack Activity** dashboard provides insights into Aurora MySQL performance data from across your infrastructure for Global Database activity and Backtrack activity. Use this dashboard to: @@ -554,7 +593,7 @@ Use this dashboard to: Amazon RDS dashboard -### 06. Amazon RDS - MySQL Logs - Overview +### MySQL Logs - Overview The **Amazon RDS - MySQL Logs - Overview** dashboard provides a high-level analysis of database activity with details on authentication, connections, users, and slow query events using RDS CloudWatch logs. @@ -566,7 +605,7 @@ Use this dashboard to: Amazon RDS dashboard -### 07. Amazon RDS - MySQL Logs - Error Logs Analysis +### MySQL Logs - Error Logs Analysis The **Amazon RDS - MySQL Logs - Error Logs Analysis** dashboard provides details for error logs, including failed authentications, error outliers, top and recent warnings, log levels, and aborted connections. This dashboard relies on MySQL error logs, which are by [default enabled](#collect-amazon-rds-cloudwatch-logs) for Amazon MySQL. To view the data on the panels you need to first ingest MySQL logs into Sumo Logic. @@ -579,7 +618,7 @@ Use this dashboard to: Amazon RDS dashboard -### 08. Amazon RDS - MySQL Logs - Slow Query Analysis +### MySQL Logs - Slow Query Analysis The **Amazon RDS - MySQL Logs - Slow Query Analysis** dashboard provides details on slow queries, including the number of slow queries, trends, execution times, time comparisons, command types, users, and IP addresses. This dashboard relies on Slow Query Logs which needs to be [enabled](#collect-amazon-rds-cloudwatch-logs) and ingested into Sumo Logic. @@ -593,7 +632,7 @@ Use this dashboard to: Amazon RDS dashboard -### 09. Amazon RDS - MySQL Logs - Audit Logs Analysis +### MySQL Logs - Audit Logs Analysis The **Amazon RDS - MySQL Logs - Audit Logs Analysis** dashboard provides an analysis of audit logs, including successful, failed DB connections, most active users, clients, and databases along with various SQL commands being executed on the RDS instances and clusters. This dashboard works on audit logs which need to be [turned on](https://aws.amazon.com/blogs/database/auditing-an-amazon-aurora-cluster/) and [enabled](#collect-amazon-rds-cloudwatch-logs) to be [uploaded to theAmazon CloudWatch](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.CloudWatch.html). These logs are specifically enabled to audit activities of interest from an audit and compliance perspective. @@ -608,7 +647,7 @@ Use this dashboard to: Amazon RDS dashboard -### 10. Amazon RDS - MySQL Logs - Audit Log SQL Statements +### MySQL Logs - Audit Log SQL Statements The **Amazon RDS - MySQL Logs - Audit Log SQL Statement** dashboard provides an analysis of audit logs, including types of top SQL commands being executed on the RDS instances and clusters. This dashboard works on audit logs which need to be [turned on](https://aws.amazon.com/blogs/database/auditing-an-amazon-aurora-cluster/) and [enabled](#collect-amazon-rds-cloudwatch-logs) to be [uploaded to Amazon CloudWatch](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.CloudWatch.html). These logs are specifically enabled to audit activities of interest from an audit and compliance perspective. @@ -618,7 +657,7 @@ Use this dashboard to: Amazon RDS dashboard -### 11. Amazon RDS - MySQL Logs - General Log Analysis +### MySQL Logs - General Log Analysis The **Amazon RDS - MySQL Logs - Generic Log Analysis** dashboard provides details for general logs, including command types and trends, user activity and management, host activity, connections, and SQL statements. This dashboard works on General Query logs which need to be [enabled](#collect-amazon-rds-cloudwatch-logs) and ingested into Sumo Logic. @@ -630,7 +669,7 @@ Use this dashboard to: Amazon RDS dashboard -### 12. Amazon RDS - PostgreSQL Logs - Overview +### PostgreSQL Logs - Overview The **Amazon RDS - PostgreSQL Logs - Overview** dashboard provides a high level analysis of database activity with details on errors, slow logs, and authentication using RDS CloudWatch logs. @@ -642,7 +681,7 @@ Use this dashboard to: Amazon RDS dashboard -### 13. Amazon RDS - PostgreSQL Logs - Errors +### PostgreSQL Logs - Errors The **Amazon RDS - PostgreSQL Logs - Errors** dashboard provide details on error occurring on your PostgreSQL instance by keeping track of log severity using `postgresql.log`. @@ -654,7 +693,7 @@ Use this dashboard to: Amazon RDS dashboard -### 14. Amazon RDS - PostgreSQL Logs - Slow Query Overview +### PostgreSQL Logs - Slow Query Overview The **Amazon RDS - PostgreSQL Logs - Slow Query Overview** dashboard provides an overview of the slow query logs. AWS RDS will report slow logs with statement taking more than threshold value given through `log_min_duration_statement`. This dashboard can be filtered with different values for query execution time through `slow_query_latency_ms`. @@ -667,7 +706,7 @@ Use this dashboard to: Amazon RDS dashboard -### 15. Amazon RDS - PostgreSQL Logs - Slow Query Details +### PostgreSQL Logs - Slow Query Details The **Amazon RDS - PostgreSQL Logs - Slow Query Details** dashboard provides details on slow log query. Also, this dashboards displays the distribution of slow queries along with parameters like database and query type. @@ -678,7 +717,7 @@ Use this dashboard to: Amazon RDS dashboard -### 16. Amazon RDS - PostgreSQL Logs - Security +### PostgreSQL Logs - Security The **Amazon RDS - PostgreSQL Logs - Security** dashboard provides details with respect to login failures and threat intel along with activity by default user. @@ -690,7 +729,7 @@ Use this dashboard to: Amazon RDS dashboard -### 17. Amazon RDS - PostgreSQL Logs - Query Execution Time +### PostgreSQL Logs - Query Execution Time The **Amazon RDS - PostgreSQL Logs - Query Execution Time** dashboard provides details around the time its taking to execute queries on your PostgreSQL instance. @@ -700,7 +739,7 @@ Use this dashboard to: Amazon RDS dashboard -### 18. Amazon RDS - MSSQL Logs - Error Logs - Logon Analysis +### MSSQL Logs - Error Logs - Logon Analysis The **Amazon RDS - MSSQL Logs - Error Logs - Logon Analysis** dashboard provides information about the error logs, including failed authentications and logon errors. This dashboard relies on MSSQL error logs, which need to be [enabled](#collect-amazon-rds-cloudwatch-logs) for the Amazon MSSQL. You need to first ingest MSSQL logs into Sumo Logic to view data on the dashboard panels. @@ -710,7 +749,7 @@ Use this dashboard to: Amazon RDS dashboard -### 19. Amazon RDS - MSSQL Logs - Error Logs - Infrastructure Overview +### MSSQL Logs - Error Logs - Infrastructure Overview The **Amazon RDS - MSSQL Logs - Error Logs - Infrastructure Overview** dashboard provides information about the hardware, authentication mode, collation, process, recent termination of SQL server, and recent creation of databases. This dashboard relies on MSSQL error logs, which need to be [enabled](#collect-amazon-rds-cloudwatch-logs) and ingested into Sumo Logic. @@ -721,3 +760,35 @@ Use this dashboard to: * Track recent terminations of SQL Server instances and monitor the creation of new databases. Amazon RDS dashboard + +### Oracle Logs - Alert Logs Analysis + +The **Amazon RDS - Oracle Logs - Alert Logs Analysis** dashboard provides details on Oracle errors, including counts of various error types, ORA messages, Oracle instance states, and other data derived from the Oracle Alert log. + +Use this dashboard to: +* Monitor Amazon Oracle RDS errors through CloudWatch Events. +* Monitor ORA and TNS message events. +* Monitor log switch activities, archival errors, tablespace extension issues, failures, warnings, and errors occurring on the Oracle RDS instance. + +Amazon RDS dashboard + +### Oracle Logs - Audit Logs Analysis + +The **Amazon RDS - Oracle Logs - Audit Logs Analysis** dashboard provides details on syslog audit trail, including successful and failed activities, and top usage by client, database user, and privileges used. + +Use this dashboard to: +* Monitor successful and failed Amazon Oracle RDS events. +* Monitor top usage by client, database user, and privileges on Oracle RDS instance. + +Amazon RDS dashboard + + +### Oracle Logs - Listener Troubleshooting + +The **Amazon RDS - Oracle Logs - Listener Troubleshooting** dashboard provides insights into Oracle listener process activity, including database connections by host and application, connection failures, command execution statuses and trends, and additional data from the Oracle Listener log. + +Use this dashboard to: +* Monitor listener process activity on Oracle RDS instance. +* Monitor database connections by host and application, track connection failures, analyze command execution statuses and trends, and gather insights from the Oracle Listener log. + +Amazon RDS dashboard diff --git a/static/img/integrations/amazon-aws/Amazon-RDS-CloudTrail-Audit-Events.png b/static/img/integrations/amazon-aws/Amazon-RDS-CloudTrail-Audit-Events.png index 3ae9b0f3c3..77eb8f455c 100644 Binary files a/static/img/integrations/amazon-aws/Amazon-RDS-CloudTrail-Audit-Events.png and b/static/img/integrations/amazon-aws/Amazon-RDS-CloudTrail-Audit-Events.png differ diff --git a/static/img/integrations/amazon-aws/Amazon-RDS-Oracle-Logs-Alert-Logs-Analysis.png b/static/img/integrations/amazon-aws/Amazon-RDS-Oracle-Logs-Alert-Logs-Analysis.png new file mode 100644 index 0000000000..a426a7d7ec Binary files /dev/null and b/static/img/integrations/amazon-aws/Amazon-RDS-Oracle-Logs-Alert-Logs-Analysis.png differ diff --git a/static/img/integrations/amazon-aws/Amazon-RDS-Oracle-Logs-Audit-Logs-Analysis.png b/static/img/integrations/amazon-aws/Amazon-RDS-Oracle-Logs-Audit-Logs-Analysis.png new file mode 100644 index 0000000000..4503bfbb77 Binary files /dev/null and b/static/img/integrations/amazon-aws/Amazon-RDS-Oracle-Logs-Audit-Logs-Analysis.png differ diff --git a/static/img/integrations/amazon-aws/Amazon-RDS-Oracle-Logs-Listener-Troubleshooting.png b/static/img/integrations/amazon-aws/Amazon-RDS-Oracle-Logs-Listener-Troubleshooting.png new file mode 100644 index 0000000000..407306ae61 Binary files /dev/null and b/static/img/integrations/amazon-aws/Amazon-RDS-Oracle-Logs-Listener-Troubleshooting.png differ