359
Comment:
|
← Revision 5 as of 2022-06-01 01:57:10 ⇥
632
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
## page was renamed from AWS/CloudWatch/FlowLog ## page was renamed from AWS/FlowLog |
|
Line 2: | Line 4: |
* Find 1. CloudWatch 1. Logs > Logs Insights 1. Search VPCFlowLogs |
|
Line 9: | Line 17: |
== Links == * https://automato.io/blog/finding-bad-guys-using-aws-cloudwatch-logs-insights.html |
AWS/FlowLog
- Find
Logs > Logs Insights
- Search VPCFlowLogs
- Flow logs is network packet flow logs, can be used for advanced troubleshooting and monitoring.
Once enabled, captured under CloudWatch vpc-flow-log/vpc-00123456-acct-name
e.g. filter for Logs Insights
filter protocol == '6' and dstPort == 443 and substr(srcAddr, 0,6) != '10.20' | stats count() by srcAddr