
When I want to log or trace traffic to one of my Network Load Balancers, I typically:
- Create a Flow Log to log traffic on the Network Interfaces being used by the Network Load Balancer
- Configure the Network Load Balancer to log is access logs to an S3 Bucket
At a high level, it would look something like this where I first want to confirm the traffic is coming in and going out of the Network Interface successfully, and then check to see if the Network Load Balancer access log is logging the traffic.
IMPORTANT
For some strange reason, a Network Load Balancer will only log events to the Access Log on the TLS Listener, not on the TCP Listener. Which almost always means traffic on port 443, not on port 80.
A flow log by default looks something like this. What I'm basically looking for here is if there is traffic on the port being used by the Network Load Balancer Listener, such as HTTP port 443 and if the status is ACCEPT OK.
version account-id interface-id srcaddr dstaddr srcport dstport protocol packets bytes start end action log-status
2 123456789012 eni-07a2b417b8527403c 35.203.211.127 172.31.47.140 54135 443 6 1 44 1696986432 1696986437 ACCEPT OK
2 123456789012 eni-07a2b417b8527403c 172.31.47.140 35.203.211.127 443 54135 6 1 44 1696986432 1696986437 ACCEPT OK
The Flow Log records start and end time using epoch. On a Linux system, the date command can be used to convert the epoch string into a friendly date time.
]$ echo $(date -d @1696986432 --utc)
Wed Oct 11 01:07:12 UTC 2023
]$ echo $(date -d @1696986437 --utc)
Wed Oct 11 01:07:17 UTC 2023
Then I would look for an event in the Network Load Balancer Access Log that is near the same date time with the same source / destination IP and port.
protocol datetime load balancer load balancer id source ip:port dest ip:port status codes datetime
tls 2.0 2023-10-12T01:08:08 net/network-load-balancer/19dd9f59a3a084d8 1478a1951aa0a25c 35.203.211.127:54135 172.31.94.59:443 43 - 0 0 46 - - - - - - - - - 2023-10-12T01:08:08
Did you find this article helpful?
If so, consider buying me a coffee over at