Bootstrap FreeKB - Amazon Web Services (AWS) - Log traffic to Network Load Balancer (NLB)
Amazon Web Services (AWS) - Log traffic to Network Load Balancer (NLB)
Updated:   |  Amazon Web Services (AWS) articles

When I want to log or trace traffic to one of my Network Load Balancers, I typically:

At a high level, it would look something like this where I first want to confirm the traffic is coming in and going out of the Network Interface successfully, and then check to see if the Network Load Balancer access log is logging the traffic.

IMPORTANT

For some strange reason, a Network Load Balancer will only log events to the Access Log on the TLS Listener, not on the TCP Listener. Which almost always means traffic on port 443, not on port 80.

A flow log by default looks something like this. What I'm basically looking for here is if there is traffic on the port being used by the Network Load Balancer Listener, such as HTTP port 443 and if the status is ACCEPT OK.

version account-id   interface-id          srcaddr        dstaddr        srcport dstport protocol packets bytes start      end        action log-status
2       123456789012 eni-07a2b417b8527403c 35.203.211.127 172.31.47.140  54135   443     6        1       44    1696986432 1696986437 ACCEPT OK
2       123456789012 eni-07a2b417b8527403c 172.31.47.140  35.203.211.127 443     54135   6        1       44    1696986432 1696986437 ACCEPT OK

 

The Flow Log records start and end time using epoch. On a Linux system, the date command can be used to convert the epoch string into a friendly date time.

]$ echo $(date -d @1696986432 --utc)
Wed Oct 11 01:07:12 UTC 2023

]$ echo $(date -d @1696986437 --utc)
Wed Oct 11 01:07:17 UTC 2023

 

Then I would look for an event in the Network Load Balancer Access Log that is near the same date time with the same source / destination IP and port.

protocol datetime            load balancer                              load balancer id source ip:port       dest ip:port     status codes                  datetime
tls 2.0  2023-10-12T01:08:08 net/network-load-balancer/19dd9f59a3a084d8 1478a1951aa0a25c 35.203.211.127:54135 172.31.94.59:443 43 - 0 0 46 - - - - - - - - - 2023-10-12T01:08:08

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter c3bc69 in the box below so that we can be sure you are a human.