What should the SysOps administrator do to meet this requirement?

By:
On:
In: SOA-C02
Tagged:
With: 0 Comments
A SysOps administrator configured VPC flow logs by using the default format.The SysOps administrator specified Amazon CloudWatch Logs as the destination.This solution has worked successfully for several months.However, because of additional troubleshooting requirements, the SysOps administrator needs to include the tcp-flags field on the flow logs.

What should the SysOps administrator do to meet this requirement?

Create a new flow log. Include the tcp-flags field in the custom log format. Delete the original flow log.

In the CloudWatch Logs log group, modify the filter to include the tcp-flags field and the type field.

In CloudWatch Metrics, modify the metric configuration to include the tcp-flags field.

Modify the existing flow log. Include the tcp-flags field and the type field in the custom log format. Save the configuration.

Explanations:

Creating a new flow log with a custom log format that includes thetcp-flagsfield is required, as existing flow logs cannot be modified. The original flow log must be deleted to avoid duplication.

Modifying the CloudWatch Logs filter does not add additional fields to the VPC flow logs; the fields must be specified when creating the flow log.

CloudWatch Metrics configuration changes do not affect the fields collected by VPC flow logs. The fields must be configured within the flow log setup itself.

Existing flow logs cannot be modified to include additional fields; a new flow log must be created to add fields liketcp-flags.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 × three =