Log AWS VPC Flows

Log AWS VPC Flows

As I transition to working in “the cloud” more I am embracing the new technologies and methodologies. However, I’m also trying to replicate what I do in on-prem environments when it makes sense. One way I like to collect and analyze data is using NetFlow. NetFlow provides network conversation details at a higher and summarized level. This has led to quicker recovery time on numerous occasions, or avoided issues entirely. It isn’t exactly the same, but I have figured out how to log AWS VPC flows to provide the data. Here’s a brief walk through of the setup.   Create Flow Logs The first step is to select the VPC and then the “Create Flow Log” menu item from the “Actions” drop down.   See them attached to VPC After confirming its creation I saw the log ID listed in the “Flow Logs” tab.   View Configured Flow Logs Hopping over to the CloudWatch logs I could see my newly created log group.   Log View After selecting the log, I could...
Read More
Preparing for the Capture

Preparing for the Capture

Packet captures give us a very detailed and in-depth look at network traffic. They can be used to establish baselines, discover network devices, diagnose application and performance issues, or identify security threats. The previous post described what packets are and their function at a high level. It also gave an overview of the process used to capture them. Once you have identified your purpose for performing a capture, you can begin preparing for it. Caution: This is where things get technical pretty fast. A good knowledge of basic networking concepts will help from this point forward. This post will also be a little lengthier. Preparing for a capture follows the same basic process regardless of the purpose, albeit a few tweaks here and there: Select the capture point(s) Choose the capture method Apply the appropriate filter(s) and configurationPost-prep actions Begin the capture Perform the task to generate target traffic if...
Read More