How do you route AWS Web Application Firewall (WAF) logs to an S3 bucket? Can I do this quickly through the AWS console? Or should I use the lambda function (called by the CloudWatch timer event) to request WAF logs every n minutes?
UPDATE : I am interested in ACL logs (source IP address, URI, match rule, request headers, action, time, etc.).
UPDATE (05/15/2017)
AWS does not provide an easy way to view / analyze these logs. You can get a "random sample" using the get-sampled-requests command. Which is unacceptable ...
Gets detailed information about a given number of requests โ a sample โ that AWS WAF randomly selects from the first 5000 requires your AWS resource to be received within the time period that you select. You can specify a sample size of up to 500 queries, and you can specify any time range for the previous three hours.
http://docs.aws.amazon.com/cli/latest/reference/waf/get-sampled-requests.html
Also, I'm not the only one experiencing this problem:
https://forums.aws.amazon.com/thread.jspa?threadID=220202
source
share