search

aws-solutions / aws-waf-security-automations

This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.
https://aws.amazon.com/solutions/aws-waf-security-automations
Apache License 2.0
845 stars 361 forks source link

HTTPFlood Log parser is not working #89

Closed gopisaba closed 1 year ago

gopisaba commented 5 years ago

Deployed this solution in our environment but the HTTPFlood Protection is not working as expected. I could see the custom resource lambda function creates the s3 bucket notification on the WAF logging bucket like {'Key': {'FilterRules': [{'Name': 'suffix','Value': 'gz'}]}} but the Kinesis is not updating the WAF logs in s3 buckets as gz instead they are json files with no extensions. Even If I try changing the notification to get the right files, still the function looks only for gzip files. 

[ERROR] 2019-05-31T12:10:57.418Z eb1f69f9-52ff-443b-854e-ce88598d4446 [get_outstanding_requesters] Error to read input file

[ERROR] 2019-05-31T12:10:57.418Z eb1f69f9-52ff-443b-854e-ce88598d4446 Not a gzipped file (b'{"')
hvital commented 5 years ago

Thanks for sharing your feedback. We're going to investigate this and post and update to this thread once we have more information.

PS: can you manually set the kinesis firehose to compress the output before saving it on S3?

aijunpeng commented 1 year ago

We have deprecated classic version <=2.3.3. closing the ticket