VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. This integration allows you to send these logs to your Logz.io account.

Configuration

Before you begin, you’ll need:

  • s3:ListBucket and s3:GetObject permissions for the required S3 bucket

  • File names in ascending alphanumeric order. This is important because the S3 fetcher’s offset is determined by the name of the last file fetched. We recommend using standard AWS naming conventions to determine the file name ordering and to avoid log duplication.

Send your logs to an S3 bucket

Logz.io fetches your VPC Flow logs from an S3 bucket. VPC Flow logs are not stored in S3 by default, so you’ll need to set up AWS to send your Flow logs to S3.

For help with this, see Publishing Flow Logs to Amazon S3 from AWS.

Add a new S3 bucket using the dedicated Logz.io configuration wizard

Log into the app to use the dedicated Logz.io configuration wizard and add a new S3 bucket.

  1. Click + Add a bucket
  2. Select your preferred method of authentication - an IAM role or access keys.

The configuration wizard will open.

  1. Select the hosting region from the dropdown list.
  2. Provide the S3 bucket name
  3. Optional You have the option to add a prefix.
  4. Choose whether you want to include the source file path. This saves the path of the file as a field in your log.
  5. Save your information.

S3 bucket IAM authentication wizard S3 bucket keyaccess authentication wizard

Logz.io fetches logs that are generated after configuring an S3 bucket. Logz.io cannot fetch old logs retroactively.

Check Logz.io for your logs

Give your logs some time to get from your system to ours, and then open Open Search Dashboards.

If you still don’t see your logs, see log shipping troubleshooting.