This rule ensures that ELB application and classic load balancer logging is enabled for effective monitoring and troubleshooting.
Rule | ELB application and classic load balancer logging should be enabled |
Framework | NIST 800-53 Revision 5 |
Severity | ✔ High |
Rule Description:
The NIST 800-53 Revision 5 requires that Elastic Load Balancer (ELB) application and classic load balancer logging be enabled. This rule ensures that logs are generated and stored for monitoring and audit purposes. By enabling logging, you can have better visibility into the traffic, requests, and errors occurring in your load balancer.
Remediation Steps:
Follow the below steps to enable ELB application and classic load balancer logging:
Step 1: Access the AWS Management Console
Access the AWS Management Console using your credentials.
Step 2: Navigate to Load Balancers
Navigate to the "Load Balancers" section in the AWS Management Console.
Step 3: Select Load Balancer
Select the load balancer for which you want to enable logging.
Step 4: Enable Logging
For Application Load Balancer (ALB):
For Classic Load Balancer (CLB):
Step 5: Verify Logging
Verify that logging has been enabled by checking the load balancer's description page. The "Access logs" section should show the configured S3 bucket and prefix.
Troubleshooting Steps:
If you encounter any issues while enabling ELB application and classic load balancer logging, consider the following troubleshooting steps:
Additional Information:
Enabling ELB application and classic load balancer logging provides valuable insights into your application's traffic patterns, helps in identifying and troubleshooting any underlying issues, and assists in complying with regulatory requirements such as NIST 800-53 Revision 5. The logs generated include information about client requests, backend server responses, errors, and other relevant details.
Logging should be enabled for all load balancers in your environment that are subject to NIST 800-53 Revision 5. Regularly review and analyze the logs to identify any abnormal or suspicious patterns and take appropriate actions to maintain the security and performance of your applications.