Amazon AWS S3 REST API Log Source Parameters for Amazon AWS Network Firewall
If JSA does not automatically detect the log source, add an Amazon AWS Network Firewall log source on the JSA Console by using the Amazon AWS REST API protocol.
When using the Amazon AWS S3 REST API protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect Amazon AWS S3 REST API events from Amazon AWS Network Firewall:
Parameter |
Value |
|---|---|
Log Source type |
Amazon AWS Network Firewall |
Protocol Configuration |
Amazon AWS S3 REST API |
Log Source Identifier |
Type a unique name for the log source. The Log Source Identifier can be any valid value and does not need to reference a specific server. The Log Source Identifier can be the same value as the Log Source Name. If you have more than one Amazon AWS Network Firewall log source that is configured, you might want to identify the first log source as awsnetworkfirewall1, the second log source as awsnetworkfirewall2, and the third log source as awsnetworkfirewall3. |
Event Format |
If you have a JSA Flow Processor available and licensed to receive flow logs, select AWS Network Firewall. If you do not have a JSA Flow Processor available and licensed to receive flow logs, select LINEBYLINE. |
For a complete list of Amazon AWS S3 REST API protocol parameters and their values, see Amazon AWS S3 REST API Protocol Configuration Options.