This is 1 of 2 blog posts on what you’ll need to do to set up FlowLog-Stats. This blog post gives instructions for enabling Flow Logs on AWS and should take <10 minutes. To learn how to give FlowLog-Stats read only access to these logs, please read more here.
Step One: Create a log group
In the Amazon AWS console, go to Services->CloudWatch. Then select
Logs on the left hand side. Click on Action->Create log group. Give this log group a name, such as naming it after the VPC.
Step Two: Create a Flow Log
In the Amazon AWS console, go to Services->VPC and select the VPC. In the lower pane of the console, click on the Flow Logs tab. Then, click on the
Create Flow Log button.
Note: Flow Logs can only be enabled on VPCs.
This brings up a dialog box for you to enter in the information about the Flow Log for this VPC.
Create a new
Role by clicking on the
Set up permission link , which will open a new window.
After creating, go back to the create Flow Log window or tab and select the role you just created. (Note: When you start typing in the role name, the role name will auto-populate.)
Destination log group type in the name of the log group you created in Step One. Then click on the
Create Flow Log button.
You’re done! You’ve now enabled Flow Log for this VPC and it will start collecting metrics on the network flows going through this VPC. If you haven’t given FlowLog-Stats read only access to these logs, please read more here.
Viewing Flow Logs in the AWS Console
You can view the Flow Logs in the AWS console. You might have to wait a few minutes before the logs shows up. Go to Service->CloudWatch and select
Logs on the left hand side. You will see the
Log Groups you created above. Click on it and you will see all of the network interfaces that are sending traffic.
You can click on one of these interfaces to see the logs
Yeah, it is pretty hard to see what is going on in here. You can use the
filter to filter out IP address or ports but you can only look at one interface’s traffic at a time.
If you are wondering what the fields are in each log entry, here is the documentation provided by AWS: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html#flow-log-records
We have found the Flow Logs information very useful but the interface to the data not to be very good. Another thing is, if you wanted to analyze this data, you definitely can not do it just in the web interface. You almost always have to start writing programs using the AWS SDK to pull this information in, digest it, then produce the analysis or reports you want. This is the very reason why we created FlowLog-Stats.com, it does all of the hard work for you. You just have to give access to it.