When you configure CloudFront RTMP to send log data to an S3 bucket and create a log collection job in USM Anywhere, you can use the CloudFront RTMP plugin to translate the raw log data into normalized events for analysis.
|Device type||Dynamic content storage and streaming|
Integrating CloudFront RTMP
When you enable logging for a distribution, you specify the Amazon S3 bucket that you want CloudFront to use for file storage.
Follow the procedure described in Collect Other Logs from an Amazon S3 Bucket, choosing CloudFront RTMP for the plugin to monitor the S3 bucket.
Available Plugin Fields
The following plugin fields are important attributes extracted from the syslog message. The USM Anywhere reports use these fields, and you can also reference them when creating custom reports. In addition to reporting, the USM Anywhere correlation rules make use of these fields.
customfield_0 → cs-uri-stem*
customfield_1 → cs-uri-query*
customfield_2 → c-cf-status‡
customfield_3 → x-cf-client-id‡
* customfield_0 and 1 contain the actual values for cs-uri-stem and cs-uri-query.
‡ customfield_2 and 3 contain the actual values for c-cf-status and x-cf-client-id.
For troubleshooting, refer to the vendor documentation: