## page was renamed from AWS/CloudWatch/FlowLog
## page was renamed from AWS/FlowLog
= AWS/FlowLog =
 * Find
   1. CloudWatch
   1. Logs > Logs Insights
   1. Search VPCFlowLogs


 * Flow logs is network packet flow logs, can be used for advanced troubleshooting and monitoring.

 * Once enabled, captured under '''CloudWatch'''  vpc-flow-log/vpc-00123456-acct-name
   * e.g. filter for Logs Insights {{{
filter protocol == '6' and dstPort == 443 and substr(srcAddr, 0,6) != '10.20' | stats count() by srcAddr

}}}

== Links ==
 * https://automato.io/blog/finding-bad-guys-using-aws-cloudwatch-logs-insights.html