class Aws::NetworkFirewall::Types::LogDestinationConfig
Defines where AWS Network Firewall
sends logs for the firewall for one log type. This is used in LoggingConfiguration
. You can send each type of log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data Firehose delivery stream.
Network Firewall
generates logs for stateful rule groups. You can save alert and flow log types. The stateful rules engine records flow logs for all network traffic that it receives. It records alert logs for traffic that matches stateful rules that have the rule action set to `DROP` or `ALERT`.
@note When making an API call, you may pass LogDestinationConfig
data as a hash: { log_type: "ALERT", # required, accepts ALERT, FLOW log_destination_type: "S3", # required, accepts S3, CloudWatchLogs, KinesisDataFirehose log_destination: { # required "HashMapKey" => "HashMapValue", }, }
@!attribute [rw] log_type
The type of log to send. Alert logs report traffic that matches a StatefulRule with an action setting that sends an alert log message. Flow logs are standard network traffic flow logs. @return [String]
@!attribute [rw] log_destination_type
The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data Firehose delivery stream. @return [String]
@!attribute [rw] log_destination
The named location for the logs, provided in a key:value mapping that is specific to the chosen destination type. * For an Amazon S3 bucket, provide the name of the bucket, with key `bucketName`, and optionally provide a prefix, with key `prefix`. The following example specifies an Amazon S3 bucket named `DOC-EXAMPLE-BUCKET` and the prefix `alerts`\: `"LogDestination": \{ "bucketName": "DOC-EXAMPLE-BUCKET", "prefix": "alerts" \}` * For a CloudWatch log group, provide the name of the CloudWatch log group, with key `logGroup`. The following example specifies a log group named `alert-log-group`\: `"LogDestination": \{ "logGroup": "alert-log-group" \}` * For a Kinesis Data Firehose delivery stream, provide the name of the delivery stream, with key `deliveryStream`. The following example specifies a delivery stream named `alert-delivery-stream`\: `"LogDestination": \{ "deliveryStream": "alert-delivery-stream" \}` @return [Hash<String,String>]
@see docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/LogDestinationConfig AWS API Documentation
Constants
- SENSITIVE