Logging AWS WAF web ACL traffic - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced

Logging AWS WAF web ACL traffic

This section explains logging and other data collection options that you can use with AWS WAF.

You can enable logging to get detailed information about traffic that is analyzed by your web ACL. Logged information includes the time that AWS WAF received a web request from your AWS resource, detailed information about the request, and details about the rules that the request matched. You can send web ACL logs to an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Data Firehose delivery stream.

Other data collection and analysis options

In addition to logging, you can enable the following options for data collection and analysis:

Note

Web ACL logging configuration only affects the AWS WAF logs. In particular, the redacted fields configuration for logging has no impact on request sampling or Security Lake data collection. Security Lake data collection is configured entirely through the Security Lake service. The only way to exclude fields from sampled requests is by disabling sampling for the web ACL.