Amazon Flow Logs Activity
- Steve Challans
The Amazon Flow logs come in on UTC time format as many cloud providers use. So any activity needs to factor in the time difference for your timezone. Some parts of the dashboard only show data for the last 4 hours as cloud logs can generate massive volume of events. If longer search times are desired then its best to use the event search feature to search for logs over longer time period.
Selecting a chart component such as the pie segment, graph item will link through to the Text Details tabular output where you can search and perform additional filtering of the selected data and time period.
The specific log types in the widgets are for VPC flow activity
Logs Activity - This shows a chart of the log activity for today.
logs by system - This shows the event
logs Action - The action associated with the traffic, ACCEPT the traffic was accepted, REJECT the traffic was rejected either from the security group or network ACLs or the packet arrived after the connection was closed.
Logs DestAddr - The destination address for outgoing traffic, or the IPv4 or IPv6 address of the network interface for incoming traffic on the network interface. The IPv4 address of the network interface is always its private IPv4 address.
Logs Dest Port - The destination port of the traffic.
Logs Protocol - The IANA protocol number of the traffic. For more information, seeĀ Assigned Internet Protocol Numbers
Logs SrcAddr - The source address for incoming traffic, or the IPv4 or IPv6 address of the network interface for outgoing traffic on the network interface. The IPv4 address of the network interface is always its private IPv4 address
Logs Src Port - The source port of the traffic.
Some examples of the dashboard items are below
