Logging Amazon WAF web ACL traffic - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Logging Amazon WAF web ACL traffic

This section explains the logging options for your Amazon WAF web ACLs.

You can enable logging to get detailed information about traffic that is analyzed by your web ACL. Logged information includes the time that Amazon WAF received a web request from your Amazon resource, detailed information about the request, and details about the rules that the request matched. You can send web ACL logs to an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Data Firehose delivery stream.

In addition to logs that you can enable for your web ACLs, Amazon also uses service logs of website or application traffic processed by Amazon WAF to provide support for and protect the security of Amazon customers and services.

Note

Web ACL logging configuration only affects the Amazon WAF logs. In particular, the redacted fields configuration for logging has no impact on request sampling or Security Lake data collection. You can exclude fields from collection or sampling by configuring web ACL data protection. Other than data protection, Security Lake data collection is configured entirely through the Security Lake service.

Topics
Other data collection and analysis options

In addition to logging, you can enable the following options for data collection and analysis: