Remediation
Perform the following to enable log file validation on a given trail:
From Consoleβ
- Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/cloudtrail.
- Click on
Trailson the left navigation pane. - Click on target trail.
- Within the
General detailssection clickedit. - Under the
Advanced settingssection. - Check the enable box under
Log file validation. - Click
Save changes.
From Command Lineβ
Enable log file validation on a trail:
aws cloudtrail update-trail --name <trail_name> --enable-log-file-validation
Note: periodic validation of logs using these digests can be performed by running the following command:
aws cloudtrail validate-logs --trail-arn <trail_arn> --start-time <start_time> --end-time <end_time>