Updating a firewall's logging configuration - AWS Network Firewall

Updating a firewall's logging configuration

To update your firewall's logging configuration through the AWS Management Console, use the procedure in this section. For the API, see the API action, UpdateLoggingConfiguration.


Firewall logging is only available for traffic that you forward to the stateful rules engine. You forward traffic to the stateful engine through stateless rule actions and stateless default actions in the firewall policy. For information about these actions settings, see Stateless default actions in your firewall policy and Defining rule actions in AWS Network Firewall.

To update a firewall's logging configuration through the console
  1. Sign in to the AWS Management Console and open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, under Network Firewall, choose Firewalls.

  3. In the Firewalls page, choose the name of the firewall that you want to edit. This takes you to the firewall's details page.

  4. Choose the tab Firewall details, then in the Logging section, choose Edit.

  5. Adjust the Log type selections as needed. You can configure logging for alert and flow logs. To turn off logging for a firewall, deselect both Alert and Flow options.

    • Alert – Sends logs for traffic that matches any stateful rule whose action is set to Alert or Drop. For more information about stateful rules and rule groups, see Rule groups in AWS Network Firewall.

    • Flow – Sends logs for all network traffic that the stateless engine forwards to the stateful rules engine.

  6. For each selected log type, choose the destination type, then provide the information for the logging destination that you prepared following the guidance in Firewall logging destinations.

    In order to change the destination for an existing Log type, you must first turn off logging for the policy. Then, edit the policy and specify the new destination(s) for the Log type.

  7. Choose Save to save your changes and return to the firewall's detail page.