{"id":22441222,"url":"https://github.com/pete911/flowlogs","last_synced_at":"2025-04-13T19:40:19.994Z","repository":{"id":266482595,"uuid":"898419628","full_name":"pete911/flowlogs","owner":"pete911","description":"dynamically create or delete aws flow logs","archived":false,"fork":false,"pushed_at":"2025-04-11T06:40:14.000Z","size":211,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-11T08:48:49.506Z","etag":null,"topics":["aws","flowlogs","go","golang"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pete911.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-12-04T11:08:14.000Z","updated_at":"2025-04-11T06:40:15.000Z","dependencies_parsed_at":null,"dependency_job_id":"7d5620f9-c908-4d16-b1da-483320e3f784","html_url":"https://github.com/pete911/flowlogs","commit_stats":null,"previous_names":["pete911/flowlogs"],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pete911%2Fflowlogs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pete911%2Fflowlogs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pete911%2Fflowlogs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pete911%2Fflowlogs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pete911","download_url":"https://codeload.github.com/pete911/flowlogs/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248770092,"owners_count":21158908,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","flowlogs","go","golang"],"created_at":"2024-12-06T02:13:27.492Z","updated_at":"2025-04-13T19:40:19.961Z","avatar_url":"https://github.com/pete911.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AWS Flow Logs\n\nDynamically create or delete aws flow logs for EC2 instances, security groups, subnet or VPC.\n\nCLI creates AWS Flow Logs for specific group (EC2 instance(s) - grouped by the same name), security group, subnet or VPC).\n\nLogs can be searched either via cli `flowlogs query \u003cinstance|sg|subnet|vpc|nat\u003e \u003cflags\u003e` or in CloudWatch Logs Insights\nby select log group with `/fl-cli/` prefix.\n\n## usage\n\nIf you have multiple accounts you need to prefix command with `AWS_PROFILE=\u003cyour profile\u003e flowlogs ...`.\n\n- create `flowlogs create \u003cinstance|sg|subnet|vpc|nat\u003e`\n- list `flowlogs list` flowlogs created by this cli\n- delete `flowlogs delete \u003cinstance|sg|subnet|vpc|nat|all\u003e` (use all argument to clean up all flowlogs)\n- query `flowlogs query \u003cinstance|sg|subnet|vpc|nat\u003e`\n\n```\nflowlogs create vpc\n# wait couple of minute for AWS to aggregate flow logs\nflowlogs query vpc\nTIME      NI ID                  NI ADDRESS  NI PORT  FLOW        ADDRESS          PORT   ACTION  PACKETS  BYTES  PROTOCOL  TCP FLAGS  TRAFFIC PATH\n21:43:55  eni-xxxxxxxxxxxxxxxxx  10.0.0.1    8075     \u003c-ingress-  147.185.133.190  55053  REJECT  1        44     TCP       SYN        \n21:43:55  eni-xxxxxxxxxxxxxxxxx  10.0.0.1    22       -egress--\u003e  103.55.49.10     41360  ACCEPT  4        240    TCP       SYN, ACK   internet gateway\n21:42:54  eni-xxxxxxxxxxxxxxxxx  10.0.0.1    23       \u003c-ingress-  211.143.253.166  29207  REJECT  1        40     TCP       SYN        \n21:42:54  eni-xxxxxxxxxxxxxxxxx  10.0.0.1    17933    \u003c-ingress-  83.222.191.42    61000  REJECT  1        40     TCP       SYN        \n...\n```\n\nUse `--pretty` flag to add network interface type and name columns.\n\n**Available query flags**\n ```\n--accept                accepted traffic\n--addr string           address - source, destination or packet\n--dst-addr string       destination address\n--dst-port int          destination port, negative value means all ports (default -1)\n--egress                egress flow logs\n--ingress               ingress flow logs\n--limit int             number of returned results (default 100)\n--minutes int           minutes 'ago' to search logs (default 60)\n--ni-id string          network interface id\n--pkt-dst-addr string   packet destination address\n--pkt-src-addr string   packet source address\n--port int              port - source or destination, negative value means all ports (default -1)\n--pretty                whether to enhance flow logs with names\n--protocol string       protocol\n--reject                rejected traffic\n--src-addr string       source address\n--src-port int          source port, negative value means all ports (default -1)\n```\n\n## install\n\n### brew\n\n- add tap `brew tap pete911/tap`\n- install `brew install flowlogs`\n\n### binary\n\nDownload binary from [releases page](https://github.com/pete911/flowlogs/releases). Unzip and move the binary to your PATH.\n\n## release\n\nReleases are published when the new tag is created e.g.\n`git tag -m \"\u003cmessage\u003e\" v1.0.0 \u0026\u0026 git push --follow-tags`\n\n## design/architecture\n\nCLI creates CloudWatch log group in the `/fl-cli/\u003cid\u003e` format. It also creates IAM role and flow log either per VPC, \nsubnet or ENI (when instance or sg argument is used). \n\n### aws flow logs\n\nFlow logs are grouped by ENI. If the flow direction is ingress, destination address and destination port belong to the\nENI that produced the logs. If the flow direction is egress, ENI would be source address and source port.\n\n```\n+---- eni xyz ----+\n|                 |\n| +--------------------------------------+\n| | +- ingress -+          +-----------+ |\n| | | dst Addr  |\u003c---------| src Addr  | |\n| | | dst Port  |          | src Port  | |\n| | +-----------+          +-----------+ |\n| +--------------------------------------+\n|                 |\n| +--------------------------------------+\n| | +- egress --+          +-----------+ |\n| | | src Addr  |---------\u003e| dst Addr  | |\n| | | src Port  |          | dst Port  | |\n| | +-----------+          +-----------+ |\n| +--------------------------------------+\n+-----------------|\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpete911%2Fflowlogs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpete911%2Fflowlogs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpete911%2Fflowlogs/lists"}