allow cloudwatch logs destination for traffic logs, currently only supported target is s3 #260
Comments
|
Thank you for the suggestion. Currently querying CloudWatch logs is not in the scope of the solution as the main purpose of the log analysis feature is to automate detection and blocking of malicious IPs via a built-in Lambda or Athena log parser against logs in S3, instead of providing a way to query logs. If I missed anything, feel free to provide details and how you want to customize the solution for your use case. |
|
@aijunpeng I'm referring to this setting |
|
What do you want to do with CW logs? Run custom queries against them? |
|
Debug acl blocks in an easier way than athena queries |
|
I would need more details about debugging acl blocks in an easier way. Currently in the WAF solution, Athena queries are already implemented and customers don't need to write their own queries. |
|
I forgot about this issue until I had to set this up again for another client. It needs to support more log sources not just s3, at least cloudwatch with a desired log-group expiration for compliance or passing the log-group name at setup time, if the log-group is created by the toolset, default X days expiration and overwrite with other INT value. firehose is very flow specific can probably be left out My client uses cloudwatch insights to query quickly the waf logs. |
|
Thank you for providing more information. I understand you want to add CloudWatch log group as a log source. We can add your request to our backlog for evaluation. Meanwhile I'd like to clarify a couple of things:
|
|
Yes cloudwatch as option for log source |
would be great to have a way to setup traffic logs destination to be cloudwatch or kinesis as currently only s3 destination is supported, it is okay but is not always the intended source specially for quick testing waf acls is easier to query logs on cloudwatch than athena
The text was updated successfully, but these errors were encountered: