Logging AWS WAF web ACL traffic - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced

Logging AWS WAF web ACL traffic

You can enable logging to get detailed information about traffic that is analyzed by your web ACL. Logged information includes the time that AWS WAF received a web request from your AWS resource, detailed information about the request, and details about the rules that the request matched. You can send your logs to an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Data Firehose.

Note

The logging configuration only affects the AWS WAF logs. In particular, the redacted fields configuration for logging has no impact on request sampling. The only way to exclude fields from sampled requests is by disabling sampling for the web ACL.

If you can't find a log record in your logs

On rare occasions, it's possible for AWS WAF log delivery to fall below 100%, with logs delivered on a best effort basis. The AWS WAF architecture prioritizes the security of your applications over all other considerations. In some situations, such as when logging flows experience traffic throttling, this can result in records being dropped. This shouldn't affect more than a few records. If you notice a number of missing log entries, contact the AWS Support Center.