Network Firewall logs unusable


Hi, we are looking at Network Firewall logs but they are almost unusable, as it logs every packet and not sessions. Is it possible to define some 'alert' rule or run a query to "group" logs of same session?

asked a year ago150 views
1 Answer

If you are sending network firewall logs to CloudWatch Logs, you can use Amazon Athena to query the logs. Athena lets you use SQL type queries over CloudWatch logs in S3.

Here is a link to some more details on using Athena with network firewall logs:

For even more analysis, you can also use Contributor Insights or CloudWatch Insights to get metrics on common events and themes in your logs:

answered a year ago
reviewed a year ago
  • Creating custom dashboards and metrics is really a madness! Especially at enterprise level, coming from advanced tools like Checkpoint firewall or Imperva WAF, this is like goiing back to stone age!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions