2 Answers
- Newest
- Most votes
- Most comments
1
Here is a blog that describes this in detail: https://aws.amazon.com/blogs/aws/learn-from-your-vpc-flow-logs-with-additional-meta-data/
When you create a new VPC Flow Log, in addition to existing fields, you can now choose to add the following meta-data:
pkt-srcaddr
: the packet-level IP address of the source. You typically use this field in conjunction with srcaddr
to distinguish between the IP address of an intermediate layer through which traffic flows, such as a NAT gateway.
0
Try enabling enriched flow logs as there are additional fields that are included - of interest are the source IP address of the flow before it has passed through NAT Gateway.
Relevant content
- asked a year ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago