Send WAF logs to rSysLog (direct connection to 514 port over UDP) through Amazon Kinesis Data Firehouse

Question

We are required to send WAF logs to an external server running rSysLog with several tools already set and configured for traffic analysis.

I perceived that externalization of log data streams are made with the option of using Kinesis Data Firehouse for logging in the WebACL settings.

However, when I tried to create a delivery data stream, I don't see any option for common SysLog protocol.

Is it not really possible to do that? I didn't see mention in Amazon AWS official documentation and tricks around the internet seem to be in the opposite side, from rSysLog to Kinesis services and using an intermediate software that doesn't seem to work in another way.

Answer

Hello,

There are a few documents that may be helpful in accomplishing this.

[This article](https://docs.aws.amazon.com/waf/latest/developerguide/logging-kinesis.html) on setting up Kinesis Firehose as a logging destination, and [this one](https://docs.aws.amazon.com/waf/latest/developerguide/logging-management.html) on managing webACL logging.

Additionally, [this guide](https://dzone.com/articles/integrating-syslog-w-kinesis-anticipating-use-of-t) walks through setting up syslog integration w/ Kinesis. That last link also outlines testing procedures, which may come in handy.

Hope that helps!

Send WAF logs to rSysLog (direct connection to 514 port over UDP) through Amazon Kinesis Data Firehouse

Relevanter Inhalt