Network Firewall logs unusable

0

Hi, we are looking at Network Firewall logs but they are almost unusable, as it logs every packet and not sessions. Is it possible to define some 'alert' rule or run a query to "group" logs of same session?

mimmus
asked 2 years ago884 views
1 Answer
1

If you are sending network firewall logs to CloudWatch Logs, you can use Amazon Athena to query the logs. Athena lets you use SQL type queries over CloudWatch logs in S3.

Here is a link to some more details on using Athena with network firewall logs: https://docs.aws.amazon.com/athena/latest/ug/querying-network-firewall-logs.html

For even more analysis, you can also use Contributor Insights or CloudWatch Insights to get metrics on common events and themes in your logs:

https://aws.amazon.com/blogs/mt/use-contributor-insights-to-analyze-aws-network-firewall/ https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html

AWS
axa
answered 2 years ago
AWS
EXPERT
Hernito
reviewed 2 years ago
  • Creating custom dashboards and metrics is really a madness! Especially at enterprise level, coming from advanced tools like Checkpoint firewall or Imperva WAF, this is like goiing back to stone age!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions