Amazon Web Services flow logs

Overview

The integration between Amazon Web Services (AWS) and Plixer Scrutinizer provides insight into network traffic destined for AWS, such as top AWS users, top AWS applications, as well as overall traffic load of AWS hosted applications. After configuring Amazon Web Services Flow Log integration with Plixer Scrutinizer, the following reports become available in Plixer Plixer Scrutinizer:

  • Action
  • Action with Interface
  • Action with Interface and Dst
  • Action with Interface and Src
  • Interface
  • Pair Interface
  • Pair Interface Action

Prerequisites

The following information is required to configure AWS flow logs integration:

  1. AWS S3 bucket containing flow logs

Hint

The VPC(s) you want to monitor need to be configured to send flow logs to this S3 bucket. Plixer Scrutinizer can ingest from multiple S3 buckets. Flow logs will be deleted from the S3 bucket as Plixer Scrutinizer collects them.

  1. AWS ID and secret with full access permission to the S3 bucket containing your logs.
  2. The region that hosts the S3 bucket.

Configuring AWS flow logs

  1. Navigate to the Admin > Settings > AWS Flow Logs S3 page.
  2. Click “Add” to create a new flow log source in Plixer Plixer Scrutinizer. Each row in the interface will appear as a separate exporter with the name provided in the next step.
  3. Provide a unique name for the Flow Log source.
  4. Select the collector that will communicate with AWS to receive data for this bucket.
  5. Enter the bucket name, region, ID, and Secret.
  6. Save the entry.

Helpful tips

Amazon flow logs are updated every 10 minutes. If you are not seeing an exporter:

  • check the collector log for errors;
  • go to the AWS interface and make sure you see flow logs in the configured bucket;
  • edit the S3 profile in Plixer Plixer Scrutinizer and use the “Test” button to make sure the configuration is correct;
  • make sure the exporter is not disabled under Admin > Definitions > Manage Exporters.