NetworkFirewall / Client / describe_logging_configuration
describe_logging_configuration#
- NetworkFirewall.Client.describe_logging_configuration(**kwargs)#
Returns the logging configuration for the specified firewall.
See also: AWS API Documentation
Request Syntax
response = client.describe_logging_configuration( FirewallArn='string', FirewallName='string' )
- Parameters:
FirewallArn (string) –
The Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
FirewallName (string) –
The descriptive name of the firewall. You can’t change the name of a firewall after you create it.
You must specify the ARN or the name, and you can specify both.
- Return type:
dict
- Returns:
Response Syntax
{ 'FirewallArn': 'string', 'LoggingConfiguration': { 'LogDestinationConfigs': [ { 'LogType': 'ALERT'|'FLOW'|'TLS', 'LogDestinationType': 'S3'|'CloudWatchLogs'|'KinesisDataFirehose', 'LogDestination': { 'string': 'string' } }, ] } }
Response Structure
(dict) –
FirewallArn (string) –
The Amazon Resource Name (ARN) of the firewall.
LoggingConfiguration (dict) –
Defines how Network Firewall performs logging for a Firewall.
LogDestinationConfigs (list) –
Defines the logging destinations for the logs for a firewall. Network Firewall generates logs for stateful rule groups.
(dict) –
Defines where Network Firewall sends logs for the firewall for one log type. This is used in LoggingConfiguration. You can send each type of log to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.
Network Firewall generates logs for stateful rule groups. You can save alert, flow, and TLS log types.
LogType (string) –
The type of log to record. You can record the following types of logs from your Network Firewall stateful engine.
ALERT
- Logs for traffic that matches your stateful rules and that have an action that sends an alert. A stateful rule sends alerts for the rule actions DROP, ALERT, and REJECT. For more information, see StatefulRule.FLOW
- Standard network traffic flow logs. The stateful rules engine records flow logs for all network traffic that it receives. Each flow log record captures the network flow for a specific standard stateless rule group.TLS
- Logs for events that are related to TLS inspection. For more information, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.
LogDestinationType (string) –
The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.
LogDestination (dict) –
The named location for the logs, provided in a key:value mapping that is specific to the chosen destination type.
For an Amazon S3 bucket, provide the name of the bucket, with key
bucketName
, and optionally provide a prefix, with keyprefix
. The following example specifies an Amazon S3 bucket namedDOC-EXAMPLE-BUCKET
and the prefixalerts
:"LogDestination": { "bucketName": "DOC-EXAMPLE-BUCKET", "prefix": "alerts" }
For a CloudWatch log group, provide the name of the CloudWatch log group, with key
logGroup
. The following example specifies a log group namedalert-log-group
:"LogDestination": { "logGroup": "alert-log-group" }
For a Firehose delivery stream, provide the name of the delivery stream, with key
deliveryStream
. The following example specifies a delivery stream namedalert-delivery-stream
:"LogDestination": { "deliveryStream": "alert-delivery-stream" }
(string) –
(string) –
Exceptions