Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Ensure Rule: ELB Application and Classic Load Balancer Logging Enabled

This rule highlights the necessity of enabling logging for ELB application and classic load balancers.

RuleELB application and classic load balancer logging should be enabled
FrameworkRBI Cyber Security Framework
Severity
High

Rule Description:

Enabling logging for the Elastic Load Balancer (ELB) application and Classic Load Balancer is a requirement of the RBI (Reserve Bank of India) Cyber Security Framework. This rule ensures that logs for the load balancers are captured and retained for analysis, monitoring, and auditing purposes in compliance with the framework.

Troubleshooting Steps:

If logging for ELB application and Classic Load Balancer is not enabled, follow these troubleshooting steps:

  2. 1.
    Verify if the logging settings are properly configured for the load balancers.
  4. 2.
    Ensure that the correct log format is selected, such as Elastic Load Balancer Logs, Access Logs, or Application Logs.
  6. 3.
    Check if the log files are being written to the specified location or storage.
  8. 4.
    Verify if there are any permissions or IAM role issues preventing the logging functionality.
  10. 5.
    Review the load balancer configuration and associated policies to guarantee the logging settings are not being overridden.

Necessary Codes:

If the load balancer logging configuration needs to be updated, use the following AWS CLI command:

aws elbv2 modify-load-balancer-attributes --load-balancer-arn <load_balancer_arn> --attributes file://logging-attributes.json

Ensure you replace 

<load_balancer_arn>
with the actual ARN (Amazon Resource Name) of the load balancer. Create a JSON file named 
logging-attributes.json
with the desired logging configuration settings, including the Amazon S3 bucket name and optional S3 prefix.

Step-by-Step Guide for Remediation:

Follow these steps to enable logging for ELB application and Classic Load Balancer:

  2. 1.
    Log in to the AWS Management Console.
  4. 2.
    Navigate to the EC2 service.
  6. 3.
    In the left sidebar, click on "Load Balancers" under "LOAD BALANCING."
  8. 4.
    Select the target ELB application or Classic Load Balancer for which you want to enable logging.
  10. 5.
    Click on the "Attributes" tab at the bottom.
  12. 6.
    Find the "Access logs" section and click on the "Edit" button.
  14. 7.
    Enable logging by selecting the appropriate logging type (Elastic Load Balancer Logs, Access Logs, or Application Logs).
  16. 8.
    Specify the S3 bucket where the logs will be stored. Optionally, include a prefix for the log file names.
  18. 9.
    Click on the "Save" button to save the changes.
  20. 10.
    Verify that the logging settings have been applied by checking the relevant ELB logs in the specified S3 bucket.

Ensure that you regularly monitor the logs to detect any security issues, identify performance bottlenecks, or troubleshoot operational problems. The logs should be retained for the minimum required duration as mandated by the RBI Cyber Security Framework.

Note: Remember to comply with the RBI regulations and guidelines while setting up and configuring logging for ELB application and Classic Load Balancer.

Is your System Free of Underlying Vulnerabilities?
Find Out Now