VPC Flow Log Setup
Ship logs from VPC to logstash
Configure S3 to send VPC flow logs to Logstash & Elasticsearch with our config example.
Follow this step by step guide to get 'logs' from your system to Logit.io:
Step 1 - Confirm S3 Bucket
Ensure your logs are being sent to an S3 bucket. The following guide from Amazon will help you achieve this if you are not doing this already, you can choose the best way to achieve this, but cloudwatch or cloudtrail are a great place to start:
Step 2 - Ensure Adequate Bucket Permissions
The following permissions applied to the AWS IAM Policy being used:
s3:ListBucket
to check if the S3 bucket exists and list objects in it.s3:GetObject
to check object metadata and download objects from S3 buckets.
Below is how your permissions should appear:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SidID",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::your-bucket/*"
]
}
]
}
Step 3 - Start Sending Logs to a Stack
To start sending logs from VPC Flow to your stack you need to setup and apply an AWS input on an available stack.
Logit.io will verify your input before it is applied this should be actioned in less than 24 hours, we will contact you to verify.
Step 4 - Check Logit.io for your logs
Now you should view your data:
If you don't see logs take a look at How to diagnose no data in Stack below for how to diagnose common issues.
Step 5 - how to diagnose no data in Stack
If you don't see data appearing in your Stack after following the steps, visit the Help Centre guide for steps to diagnose no data appearing in your Stack or Chat to support now.
Step 6 - VPC Flow Logs Overview
Using AWS VPC Flow Logs enables you to capture key information about the IP traffic interacting with network interfaces in your virtual private cloud. This data often includes protocols used for sending log data, source & destination IPs, account & network IDs, as well as log record statuses.
Amazon’s VPC technology is hugely flexible & is relied on by DevOps to ensure visibility when building a large number of public and private facing assets for testing and development.
The information stored in flow logs can allow your team to easily answer questions around repeat sessions, geographic patterns of network traffic & where attempts have been made to try and breach security vulnerabilities in your applications.
VPC flow logs can be easily indexed with our platform using Logstash, allowing you to visualise and report on activity across services & identify bottlenecks in Amazon Web Services. Efficiently monitoring this data is critical for maintaining compliance in AWS among cloud, microservices, and virtual infrastructure.
If you need any further assistance with analysing your VPC flow logs we're here to help you get started. Feel free to reach out by contacting our support team by visiting our dedicated Help Centreor via live chat & we'll be happy to assist.
If you need any further assistance with analysing your VPC flexibleow logs we're here to help you get started. Feel free to reach out by contacting our support team by visiting our dedicated Help Centre or via live chat & we'll be happy to assist.