Start TrialStart Free TrialStart Free TrialBook Your DemoSign In

VPC Flow Log Setup

Ship logs from VPC to logstash

Configure S3 to send VPC flow logs to Logstash & Elasticsearch with our config example.

Send Your DataLogsAWSVPC Flow Log Setup Guide

Follow this step by step guide to get 'logs' from your system to Logit.io:

Step 1 - Confirm S3 Bucket

Ensure your logs are being sent to an S3 bucket. The following guide from Amazon will help you achieve this if you are not doing this already, you can choose the best way to achieve this, but cloudwatch or cloudtrail are a great place to start:

VPC Flow Logs

Step 2 - Ensure Adequate Bucket Permissions

The following permissions applied to the AWS IAM Policy being used:

  • s3:ListBucket to check if the S3 bucket exists and list objects in it.
  • s3:GetObject to check object metadata and download objects from S3 buckets.

Below is how your permissions should appear:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "SidID",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:ListBucket"
             ],
            "Resource": [
                "arn:aws:s3:::your-bucket/*"
            ]
        }
    ]
 }

Step 3 - Start Sending Logs to a Stack

To start sending logs from VPC Flow to your stack you need to setup and apply an AWS input on an available stack.

Logit.io will verify your input before it is applied this should be actioned in less than 24 hours, we will contact you to verify.

Login

Step 4 - Check Logit.io for your logs

Now you should view your data:

Launch Dashboard

If you don't see logs take a look at How to diagnose no data in Stack below for how to diagnose common issues.

Step 5 - how to diagnose no data in Stack

If you don't see data appearing in your Stack after following the steps, visit the Help Centre guide for steps to diagnose no data appearing in your Stack or Chat to support now.

Step 6 - VPC Flow Logs Overview

Using AWS VPC Flow Logs enables you to capture key information about the IP traffic interacting with network interfaces in your virtual private cloud. This data often includes protocols used for sending log data, source & destination IPs, account & network IDs, as well as log record statuses.

Amazon’s VPC technology is hugely flexible & is relied on by DevOps to ensure visibility when building a large number of public and private facing assets for testing and development.

The information stored in flow logs can allow your team to easily answer questions around repeat sessions, geographic patterns of network traffic & where attempts have been made to try and breach security vulnerabilities in your applications.

VPC flow logs can be easily indexed with our platform using Logstash, allowing you to visualise and report on activity across services & identify bottlenecks in Amazon Web Services. Efficiently monitoring this data is critical for maintaining compliance in AWS among cloud, microservices, and virtual infrastructure.

If you need any further assistance with analysing your VPC flow logs we're here to help you get started. Feel free to reach out by contacting our support team by visiting our dedicated Help Centreor via live chat & we'll be happy to assist.

If you need any further assistance with analysing your VPC flexibleow logs we're here to help you get started. Feel free to reach out by contacting our support team by visiting our dedicated Help Centre or via live chat & we'll be happy to assist.

Return to Search
Sign Up

© 2023 Logit.io Ltd, All rights reserved.