Logging and monitoring in Amazon WAF - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Logging and monitoring in Amazon WAF

Monitoring is an important part of maintaining the reliability, availability, and performance of Amazon WAF and your Amazon solutions. You should collect monitoring data from all parts of your Amazon solution so that you can more easily debug a multi-point failure if one occurs. Amazon provides several tools for monitoring your Amazon WAF resources and responding to potential events:

Amazon CloudWatch alarms

Using CloudWatch alarms, you watch a single metric over a time period that you specify. If the metric exceeds a given threshold, CloudWatch sends a notification to an Amazon SNS topic or Amazon Auto Scaling policy. For more information, see Monitoring with Amazon CloudWatch.

Amazon CloudTrail logs

CloudTrail provides a record of actions taken by a user, role, or an Amazon service in Amazon WAF. Using the information collected by CloudTrail, you can determine the request that was made to Amazon WAF, the IP address from which the request was made, who made the request, when it was made, and additional details. For more information, see Logging API calls with Amazon CloudTrail.

Amazon WAF web ACL traffic logging

Amazon WAF offers logging for the traffic that your web ACLs analyze. The logs include information such as the time that Amazon WAF received the request from your protected Amazon resource, detailed information about the request, and the action setting for the rule that the request matched. For more information, see Logging Amazon WAF web ACL traffic.