class Aws::NetworkFirewall::Types::LogDestinationConfig

Defines where AWS Network Firewall sends logs for the firewall for one log type. This is used in LoggingConfiguration. You can send each type of log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data Firehose delivery stream.

Network Firewall generates logs for stateful rule groups. You can save alert and flow log types. The stateful rules engine records flow logs for all network traffic that it receives. It records alert logs for traffic that matches stateful rules that have the rule action set to `DROP` or `ALERT`.

@note When making an API call, you may pass LogDestinationConfig

data as a hash:

    {
      log_type: "ALERT", # required, accepts ALERT, FLOW
      log_destination_type: "S3", # required, accepts S3, CloudWatchLogs, KinesisDataFirehose
      log_destination: { # required
        "HashMapKey" => "HashMapValue",
      },
    }

@!attribute [rw] log_type

The type of log to send. Alert logs report traffic that matches a
StatefulRule with an action setting that sends an alert log message.
Flow logs are standard network traffic flow logs.
@return [String]

@!attribute [rw] log_destination_type

The type of storage destination to send these logs to. You can send
logs to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis
Data Firehose delivery stream.
@return [String]

@!attribute [rw] log_destination

The named location for the logs, provided in a key:value mapping
that is specific to the chosen destination type.

* For an Amazon S3 bucket, provide the name of the bucket, with key
  `bucketName`, and optionally provide a prefix, with key `prefix`.
  The following example specifies an Amazon S3 bucket named
  `DOC-EXAMPLE-BUCKET` and the prefix `alerts`\:

  `"LogDestination": \{ "bucketName": "DOC-EXAMPLE-BUCKET",
  "prefix": "alerts" \}`

* For a CloudWatch log group, provide the name of the CloudWatch log
  group, with key `logGroup`. The following example specifies a log
  group named `alert-log-group`\:

  `"LogDestination": \{ "logGroup": "alert-log-group" \}`

* For a Kinesis Data Firehose delivery stream, provide the name of
  the delivery stream, with key `deliveryStream`. The following
  example specifies a delivery stream named
  `alert-delivery-stream`\:

  `"LogDestination": \{ "deliveryStream": "alert-delivery-stream"
  \}`
@return [Hash<String,String>]

@see docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/LogDestinationConfig AWS API Documentation

Constants

SENSITIVE