AWS VPC Flow

Preparation

Before creating VPC flow logs for ingestion by AE, an S3 bucket for log storage and an SNS topic and subscription for log delivery notifications must be designated and/or created. Please refer to AWS Prerequisites before continuing further.

VPC Flow Logs

Now is the time to create the VPC flow log. Navigate to a VPC of interest, then to Flow logs and Create flow log

Give the flow log a name, set Destionation to Send to an Amazon S3 bucket and input the ARN of the appropriate bucket you designated and/or created in AWS Prerequisites

For Log record format select Custom format and use:

${version} ${start} ${pkt-srcaddr} ${srcaddr} ${dstaddr} ${pkt-dstaddr} ${srcport} ${dstport} ${protocol} ${bytes} ${instance-id} ${action} ${tcp-flags}

VPC flow logs should now start flowing into AE.

vpc-create-flow-log

Preparation​

VPC Flow Logs​

Preparation

VPC Flow Logs