Ready to get going? Start your 14 days free trial today

Start free trial

Have an account? Sign in

Send data via VPC Flow Logs to your Logstash instance provided by Logit.io

VPC Flow Log Setup

Ship logs from VPC to logstash

Configure S3 to send VPC flow logs to Logstash & Elasticsearch with our config example.

Step 1 - Confirm S3 BucketCopy

Ensure your logs are being sent to an S3 bucket. The following guide from Amazon will help you achieve this if you are not doing this already, you can choose the best way to achieve this, but cloudwatch or cloudtrail are a great place to start:

VPC Flow Logs

Step 2 - Ensure Adequate Bucket PermissionsCopy

The following permissions applied to the AWS IAM Policy being used:

  • s3:ListBucket to check if the S3 bucket exists and list objects in it.
  • s3:GetObject to check object metadata and download objects from S3 buckets.

Below is how your permissions should appear:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "SidID",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:ListBucket"
             ],
            "Resource": [
                "arn:aws:s3:::your-bucket/*"
            ]
        }
    ]
 }

Step 3 - Start Sending Logs to a StackCopy

To start sending logs from VPC Flow to your stack you need to setup and apply an AWS input on an available stack.

Logit.io will verify your input before it is applied this should be actioned in less than 24 hours, we will contact you to verify.

Login

Step 4 - VPC Flow Logs OverviewCopy

Using AWS VPC Flow Logs enables you to capture key information about the IP traffic interacting with network interfaces in your virtual private cloud. This data often includes protocols used for sending log data, source & destination IPs, account & network IDs, as well as log record statuses.

Amazon’s VPC technology is hugely flexible & is relied on by DevOps to ensure visibility when building a large number of public and private facing assets for testing and development.

The information stored in flow logs can allow your team to easily answer questions around repeat sessions, geographic patterns of network traffic & where attempts have been made to try and breach security vulnerabilities in your applications.

VPC flow logs can be easily indexed with our platform using Logstash, allowing you to visualise and report on activity across services & identify bottlenecks in Amazon Web Services. Efficiently monitoring this data is critical for maintaining compliance in AWS among cloud, microservices, and virtual infrastructure.

If you need any further assistance with analysing your VPC flow logs we're here to help you get started. Feel free to reach out by contacting our support team by visiting our dedicated Help Centreor via live chat & we'll be happy to assist.

If you need any further assistance with analysing your VPC flexibleow logs we're here to help you get started. Feel free to reach out by contacting our support team by visiting our dedicated Help Centre or via live chat & we'll be happy to assist.

Toggle View

Expand View

Return to Search