Configuring Amazon Web Services FlowLogs¶
The integration between Amazon Web Services (AWS) and Scrutinizer provides insight into network traffic destined for AWS such as:
- Top AWS users
- Top AWS applications
- Overall traffic load of AWS hosted applications
After configuring Amazon Web Services Flow Log integration with Scrutinizer, the following AWS specific flow reports are available in Scrutinizer.
- Action with Interface
- Action with Interface and Dst
- Action with Interface and Src
- Pair Interface
- Pair Interface Action
A minimum of Scrutinizer v18.16 is required for the configuration to successfully complete and for the AWS reports to be available.
Version 18.16 is the last version of Scrutinizer that will support collecting logs via Kinesis
Before starting the AWS configuration in Scrutinizer, the following in information needs to be collected.
AWS S3 Bucket containing Flow Logs
- The VPC(s) you want to monitor need to be configured to send Flow Logs to this S3 bucket.
- You can ingest from multiple S3 buckets
- Flow Logs will be deleted from the S3 bucket as Scrutinizer ingests them
AWS ID and secret with full access permission to the S3 bucket containing your logs
The region the S3 bucket is in?
AWS Configuration in Scrutinizer¶
Navigate to Admin > Settings > AWS Flow Logs S3
Click “Add” to create a new Flow Log source in Scrutinizer
- Each row in the interface will appear as a separate flow “exporter” in the Scrutinizer reporting interface.
- It will appear in the interface with the Name provided here
Provide a unique name for this Flow Log source
Select the collector that will communicate with AWS for this bucket
Enter the bucket name, region, ID, and Secret
Save the entry