NetworkFirewall / Client / describe_logging_configuration

describe_logging_configuration#

NetworkFirewall.Client.describe_logging_configuration(**kwargs)#

Returns the logging configuration for the specified firewall.

See also: AWS API Documentation

Request Syntax

response = client.describe_logging_configuration(
    FirewallArn='string',
    FirewallName='string'
)
Parameters:
  • FirewallArn (string) –

    The Amazon Resource Name (ARN) of the firewall.

    You must specify the ARN or the name, and you can specify both.

  • FirewallName (string) –

    The descriptive name of the firewall. You can’t change the name of a firewall after you create it.

    You must specify the ARN or the name, and you can specify both.

Return type:

dict

Returns:

Response Syntax

{
    'FirewallArn': 'string',
    'LoggingConfiguration': {
        'LogDestinationConfigs': [
            {
                'LogType': 'ALERT'|'FLOW',
                'LogDestinationType': 'S3'|'CloudWatchLogs'|'KinesisDataFirehose',
                'LogDestination': {
                    'string': 'string'
                }
            },
        ]
    }
}

Response Structure

  • (dict) –

    • FirewallArn (string) –

      The Amazon Resource Name (ARN) of the firewall.

    • LoggingConfiguration (dict) –

      Defines how Network Firewall performs logging for a Firewall.

      • LogDestinationConfigs (list) –

        Defines the logging destinations for the logs for a firewall. Network Firewall generates logs for stateful rule groups.

        • (dict) –

          Defines where Network Firewall sends logs for the firewall for one log type. This is used in LoggingConfiguration. You can send each type of log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data Firehose delivery stream.

          Network Firewall generates logs for stateful rule groups. You can save alert and flow log types. The stateful rules engine records flow logs for all network traffic that it receives. It records alert logs for traffic that matches stateful rules that have the rule action set to DROP or ALERT.

          • LogType (string) –

            The type of log to send. Alert logs report traffic that matches a StatefulRule with an action setting that sends an alert log message. Flow logs are standard network traffic flow logs.

          • LogDestinationType (string) –

            The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data Firehose delivery stream.

          • LogDestination (dict) –

            The named location for the logs, provided in a key:value mapping that is specific to the chosen destination type.

            • For an Amazon S3 bucket, provide the name of the bucket, with key bucketName, and optionally provide a prefix, with key prefix. The following example specifies an Amazon S3 bucket named DOC-EXAMPLE-BUCKET and the prefix alerts: "LogDestination": { "bucketName": "DOC-EXAMPLE-BUCKET", "prefix": "alerts" }

            • For a CloudWatch log group, provide the name of the CloudWatch log group, with key logGroup. The following example specifies a log group named alert-log-group: "LogDestination": { "logGroup": "alert-log-group" }

            • For a Kinesis Data Firehose delivery stream, provide the name of the delivery stream, with key deliveryStream. The following example specifies a delivery stream named alert-delivery-stream: "LogDestination": { "deliveryStream": "alert-delivery-stream" }

            • (string) –

              • (string) –

Exceptions