Enable ELB Application and Classic Load Balancer Logging Rule
This rule requires enabling logging for ELB application and classic load balancer for increased security measures.
| Rule | ELB application and classic load balancer logging should be enabled |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ High |
Rule Description:
Enabling logging for ELB (Elastic Load Balancer) application and classic load balancers is necessary to comply with NIST 800-171 Revision 2 guidelines. Logging allows for the monitoring and analysis of network traffic, aiding in the detection of any suspicious activities or potential security breaches. By logging the load balancer data, organizations can ensure compliance with NIST standards and enhance their overall security posture.
Troubleshooting Steps (if applicable):
- 1.Ensure that your AWS account has the necessary permissions to enable logging for ELB.
- 2.Verify that the load balancer(s) are properly configured and functioning correctly.
- 3.Check if any error messages are displayed in the AWS Management Console.
- 4.Review the AWS CloudTrail logs for any relevant error codes or messages.
- 5.Contact AWS Support if the issue persists and further troubleshooting is required.
Necessary Codes (if applicable):
No specific codes are required for this rule.
Step-by-Step Guide for Remediation:
Follow the steps below to enable logging for both ELB application and classic load balancers:
- 1.
Sign in to the AWS Management Console:
- Visit the AWS Management Console website (https://console.aws.amazon.com/).
- Enter your login credentials (username and password).
- Click on the "Sign In" button to access the console.
- 2.
Navigate to the EC2 Dashboard:
- Once logged in, search for "EC2" in the AWS Management Console search bar.
- Click on the "EC2" service to open the EC2 Dashboard.
- 3.
Select the Load Balancer:
- In the EC2 Dashboard, locate and click on "Load Balancers" from the sidebar menu.
- Choose the ELB application or classic load balancer for which you want to enable logging.
- 4.
Enable Access Logs:
- In the selected load balancer's details page, scroll down to the "Attributes" section.
- Click on the "Edit Attributes" button next to "Access logs".
- 5.
Configure Logging:
- In the "Access Logs" settings, select the option to enable logging.
- Enter or select the desired S3 bucket to store the log files.
- Specify a prefix (optional) for the log file names.
- Determine the interval at which the logs should be written, either hourly or daily.
- 6.
Save Changes:
- After configuring the logging settings, click on the "Save" button to save the changes.
- 7.
Verify Logging:
- Confirm that the logging is enabled and working as expected.
- Check the specified S3 bucket for the presence of new log files.
- Monitor the logs periodically to ensure they are being generated accurately.
Conclusion:
Enabling logging for ELB application and classic load balancers is crucial to adhere to NIST 800-171 Revision 2 requirements. By following the step-by-step guide provided above, you can successfully enable logging and meet the compliance guidelines. Regularly monitoring the log files in the designated S3 bucket will enhance your organization's cybersecurity posture and help detect any potential security incidents.