By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Logging Network Firewall Stateful rule logs

0

maybe i already got an answer in my mind but still ill left this question here.

My team try to deploy AWS native network firewall insted of 3rd party firewall like Fortinet, Paloalto to our customer.

So we currently working on various case scenario with rules. and what make us bugging is standard rules like rules inside 5-tuple-rule groups seem to not have ability to left their rule id or something like that on log regardless of its alert or just flow.

Im sure this could be a huge pain in the a@# to the infra/security administrator when they dealing with trouble shooting some traffic flow related issues.

So what i want to know is is there any CLI hidden options to enable rule id or again Suricata custom rule is the answer?

Topics
Security, Identity, & ComplianceAWS Well-Architected Framework
Tags
AWS Network FirewallSecurity
Language
English
V
asked a year ago322 views
1 Answer
0
Accepted Answer

To log custom messages, you can use the "msg" keyword in Suricata rules, see here.

AWS
Vincent
answered a year ago
  • V
    a year ago

    thanks for the answer, another 'V'. i was expect suricata is only option in this scenario too :)

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content