Add a new section on how to collect AWS Network Firewall using Firehose #3885
Conversation
alaudazzi
added
docs
|
A documentation preview will be available soon. Request a new doc build by commenting
If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here. |
docs/en/observability/cloud-monitoring/aws/monitor-aws-firewall-firehose.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/cloud-monitoring/aws/monitor-aws-firewall-firehose.asciidoc
Outdated
Show resolved
Hide resolved
|
Here are a draft for the step four: [discrete]
[[firehose-cloudtrail-step-four]]
== Step 4: Enable logging
The AWS Network Firewall logs has logging support built in. It supports sending logs to Amazon S3, Amazon CloudWatch, and Amazon Kinesis Data Firehose.
To enable logging to Amazon Data Firehose:
- In the AWS console, navigate to the AWS Network Firewall service.
- Select the firewall you want to enable logging for.
- In the *Logging* section, click *Edit*.
- Select the *Send logs to* option and choose *Kinesis Data Firehose*.
- Select the Firehose stream you created in the previous step.
- Click *Save*.A note on the "Select the Send logs to option and choose Kinesis Data Firehose" step. Today, the AWS console still uses the old name "Kinesis Data Firehose" instead of the updated "Amazon Data Firehose".
So this is probably one of those cases where we need to abstract the guide away from the UI details. |
| . Set up logging. | ||
| + | ||
| Open the *Logging* section to edit your firewall settings. If you want to quickly check your Network Firewall logs before setting up Firehose, you can enable logging on CloudWatch, and then inspect the log events: | ||
| + | ||
| [role="screenshot"] | ||
| image::firehose-firewall-logging.png[Firewall setup logging] | ||
|
|
||
| . Visit CloudWatch and open your log group. If everything is working correctly, you will get the list of log events: | ||
| + | ||
| [role="screenshot"] | ||
| image::firehose-cloudwatch-log-events.png[CloudWatch Log events] | ||
|
|
||
| [discrete] | ||
| [[firehose-firewall-step-three]] |
There was a problem hiding this comment.
If you want to quickly check your Network Firewall logs before setting up Firehose, you can enable logging on CloudWatch, and then inspect the log events:
After rereading this part, I realized it isn't worth enabling logging on to CloudWatch. Enabling logging on CloudWatch brings value if we set up our test Network Firewall, and we want to double-check that our setup is sound and that it's actually logging data.
Since we assume the reader already has a working Network Firewall, I suggest setting up the logging to Firehose in step four.
|
Thank you for your comments @zmoog. I'll be on PTO for the next two weeks, in case you need support you can reach out to @dedemorton (thank you DeDe!) |
- Drop how to create a network firewall; it's too complex to include in guide. - Expand the guide with the missing content.
|
This pull request is now in conflict. Could you fix it @alaudazzi? 🙏 |
docs/en/observability/cloud-monitoring/aws/monitor-aws-firewall-firehose.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/cloud-monitoring/aws/monitor-aws-firewall-firehose.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/cloud-monitoring/aws/monitor-aws-firewall-firehose.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/cloud-monitoring/aws/monitor-aws-firewall-firehose.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/cloud-monitoring/aws/monitor-aws-firewall-firehose.asciidoc
Show resolved
Hide resolved
docs/en/observability/cloud-monitoring/aws/monitor-aws-firewall-firehose.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/cloud-monitoring/aws/monitor-aws-firewall-firehose.asciidoc
Outdated
Show resolved
Hide resolved
|
@bmorelli25 @dedemorton @zmoog |
LGTM! I'll open a different PR to link to the Terraform files. |
…se (#3885) * Start initial structure * Expand the aws network firewall guide - Drop how to create a network firewall; it's too complex to include in guide. - Expand the guide with the missing content. * Integrate reviewer's feedback --------- Co-authored-by: Maurizio Branca <[email protected]> Co-authored-by: Brandon Morelli <[email protected]> (cherry picked from commit 1f3f117)
…se (#3885) * Start initial structure * Expand the aws network firewall guide - Drop how to create a network firewall; it's too complex to include in guide. - Expand the guide with the missing content. * Integrate reviewer's feedback --------- Co-authored-by: Maurizio Branca <[email protected]> Co-authored-by: Brandon Morelli <[email protected]> (cherry picked from commit 1f3f117)
…se (#3885) (#3976) * Start initial structure * Expand the aws network firewall guide - Drop how to create a network firewall; it's too complex to include in guide. - Expand the guide with the missing content. * Integrate reviewer's feedback --------- Co-authored-by: Maurizio Branca <[email protected]> Co-authored-by: Brandon Morelli <[email protected]> (cherry picked from commit 1f3f117) Co-authored-by: Arianna Laudazzi <[email protected]>
…se (#3885) (#3975) * Start initial structure * Expand the aws network firewall guide - Drop how to create a network firewall; it's too complex to include in guide. - Expand the guide with the missing content. * Integrate reviewer's feedback --------- Co-authored-by: Maurizio Branca <[email protected]> Co-authored-by: Brandon Morelli <[email protected]> (cherry picked from commit 1f3f117) Co-authored-by: Arianna Laudazzi <[email protected]>
This PR:
Doc preview
Closes #3881