Network Firewall logs unusable

0

Hi, we are looking at Network Firewall logs but they are almost unusable, as it logs every packet and not sessions. Is it possible to define some 'alert' rule or run a query to "group" logs of same session?

mimmus
已提问 2 年前884 查看次数
1 回答
1

If you are sending network firewall logs to CloudWatch Logs, you can use Amazon Athena to query the logs. Athena lets you use SQL type queries over CloudWatch logs in S3.

Here is a link to some more details on using Athena with network firewall logs: https://docs.aws.amazon.com/athena/latest/ug/querying-network-firewall-logs.html

For even more analysis, you can also use Contributor Insights or CloudWatch Insights to get metrics on common events and themes in your logs:

https://aws.amazon.com/blogs/mt/use-contributor-insights-to-analyze-aws-network-firewall/ https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html

AWS
axa
已回答 2 年前
AWS
专家
Hernito
已审核 2 年前
  • Creating custom dashboards and metrics is really a madness! Especially at enterprise level, coming from advanced tools like Checkpoint firewall or Imperva WAF, this is like goiing back to stone age!

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则