Logging and monitoring in Amazon WAF Classic - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Logging and monitoring in Amazon WAF Classic

Warning

Amazon WAF Classic support will end on September 30, 2025.

Note

This is Amazon WAF Classic documentation. You should only use this version if you created Amazon WAF resources, like rules and web ACLs, in Amazon WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your web ACLs, see Migrating your Amazon WAF Classic resources to Amazon WAF.

For the latest version of Amazon WAF, see Amazon WAF.

Monitoring is an important part of maintaining the reliability, availability, and performance of Amazon WAF Classic and your Amazon solutions. You should collect monitoring data from all parts of your Amazon solution so that you can more easily debug a multi-point failure if one occurs. Amazon provides several tools for monitoring your Amazon WAF Classic resources and responding to potential events:

Amazon CloudWatch Alarms

Using CloudWatch alarms, you watch a single metric over a time period that you specify. If the metric exceeds a given threshold, CloudWatch sends a notification to an Amazon SNS topic or Amazon Auto Scaling policy. For more information, see Monitoring with Amazon CloudWatch.

Amazon CloudTrail Logs

CloudTrail provides a record of actions taken by a user, role, or an Amazon service in Amazon WAF Classic. Using the information collected by CloudTrail, you can determine the request that was made to Amazon WAF Classic, the IP address from which the request was made, who made the request, when it was made, and additional details. For more information, see Logging API calls with Amazon CloudTrail.