Monitor AWS Secure Shell File Transfer Protocol

Overview

The Secure Shell (SSH) File Transfer Protocol (SFTP) Plugin of SnappyFlow collects SFTP metrics and logs from CloudWatch and visualize them within SnappyFlow dashboard. This integration is designed to give you comprehensive insights about SFTP.

Prerequisite

To collect metrics from SFTP, it is necessary to have an IAM Role with CloudWatch access and sfPoller set up within your AWS environment. Click here to learn more about setting up sfPoller in your AWS environment.

Create CloudWatch Access for IAM Role

1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

2. Follow the below steps to create a policy in the IAM console.

   • Navigate to Access Management > Policies

   • In the Create policy window, go to the JSON tab

   • Copy and paste the below-mentioned JSON code into the policy editor

     {
     "Version": "2012-10-17",
     "Statement": [
         {
          "Effect": "Allow",
          "Principal": {
          "Service": "transfer.amazonaws.com"
           },
          "Action": "sts:AssumeRole",
         },
       ],
     }

   • Click the Next: Tags > Next: Review button

   • In the Review policy window, give the Name and Description (Optional) for the policy and review the list of permissions

   • Click the Create policy button

   • Attach the policy to a dedicated IAM Role for read-only access

Configure sfPoller to Collect Metrics

Follow the below step to add endpoints and plugins in sfPoller.

1. Go to the Application tab of sfPoller and navigate to your Project > Application.

2. Select the Application, it will take you to the Endpoint page.

3. In the Endpoint page, select the Add Endpoint button, add the following data, and save.

   • Service Type: Select AWS Service
   • Account Name: aws
   • Endpoint Type: SFTP
   • Name: Give a meaningful name to the endpoint
   • Instance Name: Give the server id as instance name
     

4. In the Plugins window, select the +Add button.

5. In the Add Plugin window, select the below details.

   • Plugin Type: Metric
   • Plugin: cloudwatch-sftp
   • Interval: Choose an interval value. The minimum value for the interval is 300
   • Status: By default, the status is Enabled
     

6. Select the Save button.

7. Again select the +Add button and in the Add Plugin window, add below details to collect logs of SFTP.

   • Plugin Type: Logger

   • Plugin: cloudwatch-sftp-logs

   • Log Group: Give the name of cloudwatch log group to which the stream events are being sent

   • Interval: Choose an interval value. The minimum value for the interval is 300

   • Status: By default, the status is Enabled
     

   
   

8. Select the Save button.

9. Click the global Save button in the window's top right corner to save all the changes made so far.

View SFTP Metrics and Logs

Follow the below steps to view the metrics collected from SFTP.

1. Go to the Application tab in SnappyFlow and navigate to your Project > Application > Dashboard.

2. You can view the SFTP metrics in the Metrics section and logs in the Log Management section.
   

   note

   Once plugin is added to sfPoller, they will be automatically detected within the Metrics and log management section. However, if the plugins are not detected, you can import template to view the corresponding metrics and logs.

   
   
   

3. To access the unprocessed data gathered from the plugins, navigate to the Browse data section and choose the Index: Metric, Instance: Endpoint, Plugin, and Document Type.

Template Details

Template	Plugin	Document Type	Description
SFTP	cloudwatch-sftp	serverDesription, serverMetrics, userDescription	Collects metrics from SFTP
-	cloudwatch-sftp-logs	eventStreams	Collects logs from SFTP

Metric List

Server Description

Metric	Description
SFTPUserCount	Number of active SFTP users connected to the server.
serverArn	ARN of the server.
SFTPState	Condition of the server that was described.
SFTP	Describes whether the protocol is present in the server.
Protocols	Protocols configured in the server.
SFTPPreAuthenticationFailures	Number of failed pre-authentication attempts by SFTP users.
SFTPAuthenticationFailures	Number of failed authentication attempts by SFTP users.

Server Metrics

Metric	Description
sumFilesOut	Number of file transferred out of server.
sumFilesIn	Number of file transferred into server.
sumBytesOut	Number of bytes transferred out of server.
sumBytesIn	Number of bytes transferred into server.
sumOnUploadExecutionsStarted	Number of uploads started in the server.
sumOnUploadExecutionsSuccess	Number of uploads successfully happened in the server.
sumOnUploadExecutionsFailed	Number of uploads failed in the server.

User Description

Metric	Description
UserName	Name of SFTP user.
HomeDirectory	Home Directory of the SFTP user.
HomeDirectoryType	Home Directory Type of SFTP user.
SshPublicKeyCount	SSH Public Key Count of the SFTP user.
Role	Role of the SFTP user.
UserArn	ARN of the SFTP user.

Event Streams

Metric	Description
SFTPTransferCount	Number of file transfers initiated by SFTP users.
SFTPPreAuthenticationFailures	Number of failed pre-authentication attempts by SFTP users.
SFTPAuthenticationFailures	Number of failed authentication attempts by SFTP users.