Differences between revisions 1 and 5 (spanning 4 versions)
Revision 1 as of 2021-11-22 23:23:13
Size: 359
Editor: PieterSmit
Comment:
Revision 5 as of 2022-06-01 01:57:10
Size: 632
Editor: PieterSmit
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
## page was renamed from AWS/CloudWatch/FlowLog
## page was renamed from AWS/FlowLog
Line 2: Line 4:
 * Find
   1. CloudWatch
   1. Logs > Logs Insights
   1. Search VPCFlowLogs
Line 9: Line 17:

== Links ==
 * https://automato.io/blog/finding-bad-guys-using-aws-cloudwatch-logs-insights.html

AWS/FlowLog

  • Find

    1. CloudWatch

    2. Logs > Logs Insights

    3. Search VPCFlowLogs
  • Flow logs is network packet flow logs, can be used for advanced troubleshooting and monitoring.

  • Once enabled, captured under CloudWatch vpc-flow-log/vpc-00123456-acct-name

    • e.g. filter for Logs Insights 

      filter protocol == '6' and dstPort == 443 and substr(srcAddr, 0,6) != '10.20' | stats count() by srcAddr

AWS/CloudWatch/FlowLogsInsightsFilterPatterns (last edited 2022-06-01 01:57:10 by PieterSmit)