Open zmoog opened 2 months ago
The best option to create a VPC for a quick test is to use the wizard in the AWS console.
The default settings are fine, you only need to pick a good name for your VPC resources.
To enable logging, edit your firewall setting by opening the "Logging" section.
If you want to quickly check your Network Firewall logs before setting up Firehose, you can enable logging on CloudWatch, and then inspect the log events:
Visit CloudWatch and open your log group. If everything is working correctly, you will see something like this:
We need a Firehose stream to collect the AWS Network Firewall logs and send them to a data stream on an Elastic stack.
To create a Firehose stream, you can use the instructions at Monitor Amazon Web Services (AWS) with Amazon Data Firehose up to step 3. However, you must set two things differently.
Name
Pick a name for your Firehose stream.
Parameters
Follow the instructions up to step 3 except for the "parameters".
Use the following parameters:
Name | Value |
---|---|
es_datastream_name |
logs-aws.firewall_logs-default |
WIP
Goal
Suppose I own an AWS account, and I want to export AWS Firewall log events from AWS to an Elastic cluster.
Context
What are the AWS Network Firewall logs?
Requirements & Limitations
Preparation
Steps