Setting up FlowLog-Stats (1/2): Enabling Flow Logs on AWS

This is 1 of 2 blog posts on what you’ll need to do to set up FlowLog-Stats. This blog post gives instructions for enabling Flow Logs on AWS and should take <10 minutes. To learn how to give FlowLog-Stats read only access to these logs, please read more here.

Step One: Create a log group

In the Amazon AWS console, go to Services->CloudWatch. Then select Logs on the left hand side. Click on Action->Create log group. Give this log group a name, such as naming it after the VPC.

flowlog-1.5-create-cloudwatch-log-group

Step Two: Create a Flow Log

In the Amazon AWS console, go to Services->VPC and select the VPC. In the lower pane of the console, click on the Flow Logs tab. Then, click on the Create Flow Log button.

Note: Flow Logs can only be enabled on VPCs.

flowlog-1-vpc-dashboard.png

This brings up a dialog box for you to enter in the information about the Flow Log for this VPC.

flowlog-2-create-flow-log-dialog-box.png

Create a new  Role by clicking on the Set up permission link , which will open a new window.

flowlog-3-create-role

After creating, go back to the create Flow Log window or tab and select the role you just created. (Note: When you start typing in the role name, the role name will auto-populate.)

For the Destination log group type in the name of the log group you created in Step One.  Then click on the Create Flow Log button.

You’re done! You’ve now enabled Flow Log for this VPC and it will start collecting metrics on the network flows going through this VPC. If you haven’t given FlowLog-Stats read only access to these logs, please read more here.

 

 


Viewing Flow Logs in the AWS Console

You can view the Flow Logs in the AWS console.  You might have to wait a few minutes before the logs shows up.  Go to Service->CloudWatch and select Logs on the left hand side.  You will see the Log Groups you created above.  Click on it and you will see all of the network interfaces that are sending traffic.

log-group.png

You can click on one of these interfaces to see the logs

interface-logs.png

Yeah, it is pretty hard to see what is going on in here.  You can use the filter to filter out IP address or ports but you can only look at one interface’s traffic at a time.

If you are wondering what the fields are in each log entry, here is the documentation provided by AWS: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html#flow-log-records

We have found the Flow Logs information very useful but the interface to the data not to be very good.  Another thing is, if you wanted to analyze this data, you definitely can not do it just in the web interface.  You almost always have to start writing programs using the AWS SDK to pull this information in, digest it, then produce the analysis or reports you want.  This is the very reason why we created FlowLog-Stats.com, it does all of the hard work for you.  You just have to give access to it.

 

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s