Cloud Flow Logs
Cloud Flow Logs provide critical visibility into the traffic moving within your virtual private clouds. Unlike on-premises hardware that "pushes" telemetry via UDP, cloud platforms typically store logs in object storage or message queues.
How Ingestion Works
Cloud ingestion is a collaborative process between the EDFN service and the NFO processing engine:
- EDFN (The Fetcher): Uses the credentials and proxy settings defined in EDFN Admin to securely "pull" log files from your cloud provider (S3, Azure Storage, or GCP Pub/Sub).
- NFO (The Processor): Once the logs are fetched, the NFO engine normalizes the cloud-specific JSON or CSV formats into standard flow records. This allows you to use the same security and monitoring modules for both cloud and on-premises data.
Supported Platforms
Select your cloud provider below for specific, step-by-step configuration instructions:
- AWS VPC Flow Logs: Ingest logs from Amazon S3 buckets, with optional SQS notification support for high-scale environments.
- Microsoft Azure NSG and VNet Flow Logs: Connect to Azure Storage Accounts to process Network Security Group logs.
- Google Cloud VPC Flow Logs: Real-time streaming ingestion via GCP Pub/Sub subscriptions.
- Oracle Cloud VCN Flow Logs: Ingest logs from OCI Object Storage using OCI API signing keys.
Key Benefits
- Unified Format: Map cloud-specific fields (like Azure "Rule Name" or AWS "Interface ID") to a consistent internal schema.
- Cost Efficiency: Filter out "noise" at the NFO level before sending data to expensive SIEM or log management tools.
- Hybrid Visibility: Correlate traffic crossing the boundary between your data center and your cloud VPCs.