I cannot seem to find a way to see allowed and denied traffic within my Google Cloud Platform logs. Is it true the GCP Firewall does not log allowed/denied traffic?
Asked
Active
Viewed 3,290 times
3 Answers
3
From the GCP firewall documentation:
GCP firewall cannot log as an action. It can only accept or reject a connection. GCP does not collect statistics per rule at this time.
Caps
- 131
- 4
2
This is now possible by enabling firewall rules logging. The logging is enabled in individual basis (for each firewall rule one is interested).
Carlos
- 1,395
- 9
- 15
0
If none of the rules match it goes to the lowest priority default rule which is denies all requests without logging them.
You can create a deny all rule with logging at a priority slightly higher than the default (and lower than all your other rules).
This will show all the requests that got denied. It may also create a lot of logs if you suffer a DOS attack or high traffic.
Something like this
deny_all_with_logging_rules = {
deny-all-with-logging-rule = {
description = "Log all denied requests that bounce of the firewall"
direction = "INGRESS"
action = deny
priority = 9999
source_ranges = []
rules = []
enable_logging = {
include_metadata = true
}
},
See also this article on getting alerts https://medium.com/google-cloud/notification-of-firewall-denies-c3476a0ea79b
intotecho
- 123
- 5