×
Cloud Computing Cloud Services Technologies Virtualization

Steps to Enable and Analysis VPC Flow Logs

In this blog, we will show you the steps to enable and analysis VPC Flow Logs.

FLOW LOGS OVERVIEW

  • Flow logs are used to check the list of traffic( s ) that are accepted or rejected by the security group.
  • We can enable the flow logs at Interface Level, Subnet Level & VPC Level.
  • The VPC flow logs contain version, account-id, interface-id, src addr, dest addr, src port, dest port, protocol, packets bytes, start, end, action, and log status.
  • If we enable the flow logs at VPC level, it will enable to all the network interface connecting with it.

ENVIRONMENT OVERVIEW

 

  • We have created a VPC with 2 subnets in a different availability zone.

Steps to Enable and Analysis VPC Flow Logs

 

Steps to Enable and Analysis VPC Flow Logs

 

  • Also, We have created a windows EC2 instance for this demo.

Steps to Enable and Analysis VPC Flow Logs

 

ENABLING FLOW LOGS

 

  • Open the VPC dashboard and click on Your VPC’s.

Steps to Enable and Analysis VPC Flow Logs

 

  • Select the VPC and click on the Flow Logs tab.

Steps to Enable and Analysis VPC Flow Logs

 

  • Click on Create Flow log.

Steps to Enable and Analysis VPC Flow Logs

 

  • Select the Filter Type as All and select the destination as CloudWatch.

Steps to Enable and Analysis VPC Flow Logs

 

  • Provide the destination group name and click on setup permission link.

Steps to Enable and Analysis VPC Flow Logs

 

  • For the demo purpose, leave the default settings and click on the Allow button.

Steps to Enable and Analysis VPC Flow Logs

 

  • Select the IAM Role named flowlogsRole from the drop-down list. Then click on create button.

Steps to Enable and Analysis VPC Flow Logs

 

  • Flow log created successfully.

Steps to Enable and Analysis VPC Flow Logs

 

Steps to Enable and Analysis VPC Flow Logs

 

VERIFICATION

  • For the testing purpose, we try to telnet a few ports to gather logging.

Steps to Enable and Analysis VPC Flow Logs

Steps to Enable and Analysis VPC Flow Logs

 

  • Go to cloud watch and click on logs option.

Steps to Enable and Analysis VPC Flow Logs

 

  • You will able to see the VPC log group in the cloud watch.

Steps to Enable and Analysis VPC Flow Logs

 

  • Now you can able to see the VPC flow logs as shown below.

Steps to Enable and Analysis VPC Flow Logs

 

  • We tested 3306 and 3389 ports and you can see the flow logs result below.

Steps to Enable and Analysis VPC Flow Logs

 

Thanks for reading this blog. We hope it was useful for you to learn about VPC Flow logs in AWS Environment.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.