AWS 网络防火墙 - 如何记录被阻止的连接

Question

Question问题

Is there a way to log the connections blocked by the AWS Network Firewall, or filter the logs of blocked connections?有没有办法记录被 AWS 网络防火墙阻止的连接，或者过滤被阻止的连接的日志？

Background背景

Currently having setup the rules, and would like to know which IP or domains have been blocked.目前正在设置规则，想知道哪些 IP 或域名被屏蔽了。

Looking at Logging.network traffic from AWS Network Firewall but not clear if it is possible.查看来自 AWS 网络防火墙的 Logging.network 流量，但不清楚是否可行。

You can record flow logs and alert logs from your Network Firewall stateful engine.您可以记录来自网络防火墙状态引擎的流日志和警报日志。
Flow logs are standard.network traffic flow logs.流日志是标准的网络流量日志。 Each flow log record captures the.network flow for a specific 5-tuple.每个流日志记录捕获特定 5 元组的网络流。

Alert logs report traffic that matches your stateful rules that have an action that sends an alert.警报日志报告与您的有状态规则相匹配的流量，这些规则具有发送警报的操作。 A stateful rule sends alerts for the rule actions DROP and ALERT.有状态规则为规则操作 DROP 和 ALERT 发送警报。

From the flow logs, it is not clear if it is passed or blocked.从流日志中，不清楚它是通过还是阻止。

{
    "firewall_name": "network-firewall-sagemaker-studio-anfw",
    "availability_zone": "us-east-1a",
    "event_timestamp": "1628236046",
    "event": {
        "timestamp": "2021-08-06T07:47:26.000068+0000",
        "flow_id": 1108238612337889,
        "event_type": "netflow",
        "src_ip": "51.222.5.114",
        "src_port": 57528,
        "dest_ip": "10.2.2.60",
        "dest_port": 8088,
        "proto": "TCP",
        "netflow": {
            "pkts": 1,
            "bytes": 40,
            "start": "2021-08-06T07:46:24.365793+0000",
            "end": "2021-08-06T07:46:24.365793+0000",
            "age": 0,
            "min_ttl": 239,
            "max_ttl": 239
        },
        "tcp": {
            "tcp_flags": "02",
            "syn": true
        }
    }
}

Answer 1

Yes, you can get.network logs.是的，您可以获得.network 日志。

AWS Network Firewall is a managed service that you can use to deploy essential.network protections for your Amazon Virtual Private Cloud instances. AWS 网络防火墙是一项托管服务，您可以使用它为您的 Amazon Virtual Private Cloud 实例部署必要的网络保护。 AWS Network Firewall works together with AWS Firewall Manager so you can build policies based on AWS Network Firewall rules and then centrally apply those policies across your VPCs and accounts. AWS Network Firewall 与 AWS Firewall Manager 协同工作，因此您可以根据 AWS Network Firewall 规则构建策略，然后在您的 VPC 和账户中集中应用这些策略。 https://docs.aws.amazon.com/athena/latest/ug/querying.network-firewall-logs.html https://docs.aws.amazon.com/athena/latest/ug/querying.network-firewall-logs.html

How to create amazon cloudwatch logs https://docs.aws.amazon.com.network-firewall/latest/developerguide/logging-cw-logs.html如何创建亚马逊 cloudwatch 日志https://docs.aws.amazon.com.network-firewall/latest/developerguide/logging-cw-logs.html

AWS Network Firewall logging destinations https://docs.aws.amazon.com.network-firewall/latest/developerguide/firewall-logging-destinations.html AWS 网络防火墙日志记录目的地https://docs.aws.amazon.com.network-firewall/latest/developerguide/firewall-logging-destinations.html

Answer 2

In your firewall, Log configuration.在您的防火墙中，记录配置。 Please enable logs for Alerts , you can then choose where the Alert ( Logs from blocked requests) should be shipped.请为Alerts启用日志，然后您可以选择警报（来自被阻止请求的日志）的发送位置。 You will have options like s3 or cloudwatch log group.您将拥有 s3 或 cloudwatch 日志组等选项。 Good luck.祝你好运。

AWS 网络防火墙 - 如何记录被阻止的连接

问题描述

Question问题

Background背景

2 个解决方案

解决方案1
0 2021-08-23 09:01:09

解决方案2
0 2022-04-06 16:33:37

AWS 网络防火墙 - 如何记录被阻止的连接

问题描述

Question问题

Background背景

2 个解决方案

解决方案1 0 2021-08-23 09:01:09

解决方案2 0 2022-04-06 16:33:37

解决方案1
0 2021-08-23 09:01:09

解决方案2
0 2022-04-06 16:33:37