We are looking to implement a logger for our firewall, in the cloud, to log attempted requests and general traffic to and from the server. For general traffic to and from the server the AWS firewall will pass us that traffic and we can log it using a wide range of current tools. This will not show us any denied requests to the server from the AWS firewall. I don't want to use an agent based firewall, but understand if I must. We mainly are a windows server environment. We do on occasion have a few red hat Linux servers. That is around 5% of our total infrastructure. So what is the easiest and cost effective solution to log denied firewall attempts in AWS enviroment?
Redhat – Options for firewall logging in AWS on EC2 instances
amazon ec2amazon-web-servicesredhatwindows-server-2008-r2
Best Answer
As far as the AWS firewall (SecurityGroup) you wont be able to get any logging from that. For specific instances I'm sure a tech could work with you from amazon assuming you have Premium Support. If you need to log attempted denied firewall attempts you'll need to have a software based firewall. There are already some options to use in AWS if you look at the marketplace you can see the prices for different software.
For example something like Vyatta Virtual Router/Firewall/VPN could work for you. I haven't used any of the software firewalls in the cloud as I have no need to log failed attempts.