AWS VPC Flow Logs
Forward your VPC flow Logs straight to Coralogix using our automatic configuration. To make the log collection a breeze, use our app in the AWS Serverless Application Repository.
Requirements
Ready-made S3 bucket that is clear of any Lambda triggers
AWS permissions to create Lambdas and IAM roles
Automatic Configuration
The following instructions demonstrate how to forward your VPC flow logs direcly to Coralogix using our automatic configuration. Once the deployment is complete, every new gzipped log file placed in the Lambda will be sent to Coralogix.
STEP 1. Setup delivery of your VPC Flow Logs to S3 bucket.
STEP 2. Navigate to the application page and fill in the required parameters.
STEP 3. Check the checkbox: I acknowledge that this app creates custom IAM roles and resource policies.
STEP 4. Click Deploy.
Parameters and Descriptions
| Variable | Description |
|---|---|
| Application Name | Stack name of the application created via AWS CloudFormation |
| If your log is JSON format, use its dynamic value. | |
Example: $.level1.level2.value | |
| NotificationEmail | Failure notification email address |
| S3BucketName | Name of the S3 bucket to watch |
| ApplicationName | Application name as it appears in your Coralogix UI |
| BlockingPattern | If you wish to block some of the logs adding a substring will act as selector. |
| Default is empty to send all logs. | |
| BufferSize | Buffer size for logs in the lambda function |
| CoralogixRegion | Region associated with your Coralogix account domain |
| CustomDomain | Coralogix custom domain. Leave empty if you do not use a custom domain. |
| Debug | Coralogix logger debug mode |
| FunctionArchitecture | Function supports x86_64 or arm64 |
| FunctionMemorySize | Max memory for the function itself |
| FunctionTimeout | Maximum time in seconds the function may be allowed to run |
| NewlinePattern | Pattern for lines splitting |
MultiLine Example: [\s(?={)|(?<=})\s,\s(?={)|(?<=})\s] | |
| ApiKey | Your Coralogix Send-Your-Data API key |
| * If you have created a secret in AWS Secrets Manager, use the secret that contains your Coralogix Send-Your-Data API key | |
| LayerARN | If using AWS Secrets Manager, this is the ARN of the Coralogix Lambda layer. |
| If not, leave empty. | |
| CreateSecret | If you have created a secret in AWS Secrets Manager containing your Coralogix Send-Your-Data API key, set to False. |
| SamplingRate | Sets the sampling rate |
| The rate is set to 1 by default, meaning that it collects every log message from the S3 bucket. Increase it to change the sampling rate [i.e. increase it to 2 to ship 1 of every 2 logs, etc]. | |
| SubsystemName | Subsystem name as it appears in your Coralogix UI |
| If your log is in JSON format, you can use its dynamic value. | |
Example: $.level1.level2.value | |
| S3KeyPrefix | S3 path prefix to watch |
| S3KeySuffix | S3 path suffix to watch |
Support
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].
AWS CloudTrail 
Light
light
dark
User Guides
Integrations
OpenTelemetry
Developer Portal