AWS VPC Flow Logs Monitoring - Network Traffic & Security Analysis

Monitor AWS VPC network traffic with comprehensive VPC Flow Logs monitoring for network traffic analysis, security monitoring, and network visibility. This guide explains how to stream AWS VPC Flow Logs directly to OpenObserve using Amazon Kinesis Firehose for AWS network monitoring, cloud security, and network performance analysis.

Overview

Capture and forward AWS VPC Flow Logs to OpenObserve via Kinesis Firehose for real-time network visibility, network traffic monitoring, and security analysis.

Steps to Integrate

Prerequisites

OpenObserve account (Cloud or Self-Hosted)
AWS account with access to VPC and Firehose
S3 bucket for failed log backup (recommended)

Step 1: Get OpenObserve Ingestion URL and Access Key

In OpenObserve: go to Data Sources → Recommended → AWS
Copy the ingestion URL and Access Key

Get OpenObserve Ingestion URL and Access Key

Update the URL to have the stream name of your choice:
https://<your-openobserve-domain>/aws/default/<stream_name>/_kinesis_firehose

Step 2: Create Firehose Delivery Stream

In AWS Kinesis Firehose, Create delivery stream with Source: Direct PUT and Destination: HTTP Endpoint.
Provide OpenObserve's HTTP Endpoint URL and Access Key, and set an S3 backup bucket.
Give the stream a meaningful name and Create it.

Create Firehose Delivery Stream

Step 3: Enable VPC Flow Logs

Go to VPC → Your VPC → Flow Logs → Create Flow Log
Set:
- Filter: All
- Destination: Kinesis Data Firehose
- Delivery stream: Select the stream you created in step 2
- Log format: All fields
Create the flow log

Step 4: Verify Logs in OpenObserve

Go to Logs → select your log stream → Set time range → Click Run Query

Troubleshooting

No logs?

Ensure Firehose is ACTIVE and logs are reaching it
Check S3 bucket for failed deliveries
Confirm URL and Access Key are correct