Logging AWS WAF protection pack or web ACL traffic - AWS WAF, AWS Firewall Manager, AWS Shield Advanced, and AWS Shield network security director

Introducing a new console experience for AWS WAF

You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see Working with the updated console experience.

Logging AWS WAF protection pack or web ACL traffic

This section explains the logging options for your AWS WAF protection pack or web ACLs.

You can enable logging to get detailed information about traffic that is analyzed by your web ACL. Logged information includes the time that AWS WAF received a web request from your AWS resource, detailed information about the request, and details about the rules that the request matched. You can send protection pack or web ACL logs to an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Data Firehose delivery stream.

In addition to logs that you can enable for your protection pack or web ACLs, AWS also uses service logs of website or application traffic processed by AWS WAF to provide support for and protect the security of AWS customers and services.

Note

The protection pack or web ACL logging configuration only affects the AWS WAF logs. In particular, the redacted fields configuration for logging has no impact on request sampling or Security Lake data collection. You can exclude fields from collection or sampling by configuring protection pack or web ACL data protection. Other than data protection, Security Lake data collection is configured entirely through the Security Lake service.

Topics
Other data collection and analysis options

In addition to logging, you can enable the following options for data collection and analysis:

  • Amazon Security Lake – You can configure Security Lake to collect protection pack or web ACL data. Security Lake collects log and event data from various sources for normalization, analysis, and management. For information about this option, see What is Amazon Security Lake? and Collecting data from AWS services in the Amazon Security Lake user guide.

    AWS WAF doesn't charge you for using this option. For pricing information, see Security Lake Pricing and How Security Lake pricing is determined in the Amazon Security Lake user guide.

  • Request sampling – You can configure your protection pack or web ACL to sample the web requests that it evaluates, to get an idea of the type of traffic that your application is receiving. For information about this option, see Viewing a sample of web requests.