AWS (CloudTrail) Collection: Troubleshoot

Document created by RSA Information Design and Development Employee on May 9, 2016Last modified by RSA Information Design and Development Employee on May 4, 2017
Version 6Show Document
  • View in full screen mode

This topic highlights possible problems that you may encounter with AWS (CloudTrail) Collection and suggested solutions to these problems.

Note: In general, you receive more robust log messages by disabling SSL.

Log Message/
No bucket key found under 'arn:aws:s3:::bucket-name/AWSLogs/account-id/CloudTrail/region/'. Determine if the 'S3 Bucket Name' for CloudTrail is configured and that 'Account Id' and 'Region' are correct. Also determine if the CloudTrail account is configured with a 'Log File Prefix' and if so, it is also defined correctly for this event source.
Possible CauseThe S3 Bucket Name parameter and its associated parameters are not configured correctly.

For the event source that returned this message:

  1. Make sure that you specified an S3 Bucket Name.
  2. Make sure that you specified the correct Account Id and correct Region.
  3. If the CloudTrail account has a Log File Prefix, make sure that you specified it correctly.

    For example:


Log Message/

When you try to create a Plugins event source, you receive the following error message:

Parameter start_date: Invalid dateTime 2015-03-16T23:36:52.000Z :
Time must be specified in the past. Check that your appliances are time synched, or specify a time in the past.

Possible Cause

You selected an invalid Start Date, a date that Security Analytics determined was not in the past. For example:


There are two reasons why this occurred:

  • You selected a Start date that was in the future.
  • Your hosts are not time-synchronized.
SolutionMake sure that your hosts are time synced. Select a date in the past for the Start Date.
You are here
Table of Contents > AWS (CloudTrail) Collection Configuration Guide > Troubleshoot AWS (CloudTrail) Collection