AWS WAF Logs - Bronto Docs

AWS WAF can log every request that hits a web ACL — including the rule that matched, the action taken (allow, block, count, captcha), the source IP, and the request headers. The logs are the foundation for security analytics and rule tuning.

Recommended method

S3 Log Forwarder — configure logging on each web ACL with an S3 destination, then point the Bronto forwarder Lambda at the bucket.

Alternatives

Kinesis Firehose (Preview) — for very high request volumes.
CloudWatch Log Forwarder — when logs are routed to a CloudWatch Log Group instead.

See Ingesting AWS Data into Bronto for the full service-to-method mapping.

References

AWS WAF — logging

VPC Flow Logs Forwarding AWS Logs from S3

⌘I

​Recommended method

​Alternatives

​References

Recommended method

Alternatives

References