About Log Streaming
Log Streaming collects events from various log sources for your Wide-area Private Cloud (WPC) and stores them in your AWS S3 bucket.
Log Streaming collects events from various log sources for your Wide-area Private Cloud (WPC) and stores them in your AWS S3 bucket.
Principle of Operation
The Log streaming feature regularly checks various logs for the types of information and events mentioned in the list below.
Traffic flow events of allowed and blocked traffic flows between Traffic Sources and Traffic Destinations. Refer to Access Visibility Terms.
Log events due to WPC configuration changes made using the Administration Portal. Note: Excludes changes done using API. Refer to About Audit Log.
Aggregated statistics from DNS logs both the registered domain and subdomain levels. Refer to About DNS Log.
Successful and failed OpenVPN tunnel connection attempts, as well as disconnection events.
Generated events when content filtering (Cyber Shield Domain Filtering) blocks access to content.
Generated events when the Intrusion Protection System (Cyber Shield Traffic Filtering) blocks a traffic flow.
If log events are present for your WPC, it creates a log file of those events in JSON format, compresses the log file, and stores it in your configured AWS S3 bucket.
The tools you use for SIEM, traffic visibility, etc., can retrieve these log files from your AWS S3 bucket for processing.
Prerequisite
An AWS S3 bucket in your AWS account with proper permissions. Refer to Tutorial: Configure AWS S3 bucket for CloudConnexa Log Streaming.