Figure out how to collect AWS Network Firewall using Amazon Data Firehose #84
Comments
zmoog
changed the title
Select a resource
Use an existing AWS Network FirewallCreate a new AWS Network Firewall for testing
Open the VPC service in the AWS consoleThe best option to create a VPC for a quick test is to use the wizard in the AWS console. Create a VPC and other networking resourcesThe default settings are fine, you only need to pick a good name for your VPC resources.
Create an AWS Network FirewallSet up the firewall policy
Deploy an EC2 to generate network traffic
Set up loggingTo enable logging, edit your firewall setting by opening the "Logging" section. If you want to quickly check your Network Firewall logs before setting up Firehose, you can enable logging on CloudWatch, and then inspect the log events:
Visit CloudWatch and open your log group. If everything is working correctly, you will see something like this:
|
Create a Firehose streamWe need a Firehose stream to collect the AWS Network Firewall logs and send them to a data stream on an Elastic stack. To create a Firehose stream, you can use the instructions at Monitor Amazon Web Services (AWS) with Amazon Data Firehose up to step 3. However, you must set two things differently.
Name Pick a name for your Firehose stream. Parameters Follow the instructions up to step 3 except for the "parameters". Use the following parameters:
|
Set up logging
|
VerifyWIP
|
Goal
Suppose I own an AWS account, and I want to export AWS Firewall log events from AWS to an Elastic cluster.
Context
What are the AWS Network Firewall logs?
Requirements & Limitations
Preparation
Steps
The text was updated successfully, but these errors were encountered: