Send WAF logs to rSysLog (direct connection to 514 port over UDP) through Amazon Kinesis Data Firehouse

0

We are required to send WAF logs to an external server running rSysLog with several tools already set and configured for traffic analysis.

I perceived that externalization of log data streams are made with the option of using Kinesis Data Firehouse for logging in the WebACL settings.

However, when I tried to create a delivery data stream, I don't see any option for common SysLog protocol.

Is it not really possible to do that? I didn't see mention in Amazon AWS official documentation and tricks around the internet seem to be in the opposite side, from rSysLog to Kinesis services and using an intermediate software that doesn't seem to work in another way.

1 réponse
0

Hello,

There are a few documents that may be helpful in accomplishing this.

This article on setting up Kinesis Firehose as a logging destination, and this one on managing webACL logging.

Additionally, this guide walks through setting up syslog integration w/ Kinesis. That last link also outlines testing procedures, which may come in handy.

Hope that helps!

mraml
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions