• /
  • EnglishEspañol日本語한국어Português
  • 로그인지금 시작하기

AWS Network Firewall Metrics Integration

New Relic infrastructure integrations now include an integration that sends your AWS Network Firewall metrics to New Relic. This document explains the integration's features, how to activate it, and what data is available for reporting.

Features

The AWS Network Firewall Metrics integration collects and sends telemetry data to New Relic from your AWS Network Firewall. You can monitor your AWS services, query incoming data, and build dashboards to observe everything at a glance.

Activate integration

To enable this integration, follow the instructions in our Amazon CloudWatch Metric Streams integration documentation.

Find and use data

To find your integration's metrics:

  1. Go to one.newrelic.com > All capabilities
  2. Select Metrics and events
  3. Filter by aws.networkfirewall.

Metric data

This New Relic infrastructure integration collects the following AWS Network Firewall metrics:

AWS Network Firewall Metric data

Metric (min, max, average, count, sum)

Unit

Description

DroppedPackets

Count

Number of packets dropped due to rule actions. Reporting criteria: There is a nonzero value.

InvalidDroppedPackets

Count

Number of packets dropped for failing packet validation due to issues with the packet. Reporting criteria: There is a nonzero value.

OtherDroppedPackets

Count

Number of packets dropped due to reasons other than those described by InvalidDroppedPackets or DroppedPackets. Reporting criteria: There is a nonzero value.

Packets

Count

Number of packets inspected for a firewall policy or stateless rule group for which a custom action is defined. This metric is only used for the dimension CustomAction. Reporting criteria: There is a nonzero value.

PassedPackets

Count

Number of packets that the Network Firewall firewall allowed through to their destinations. Reporting criteria: There is a nonzero value.

ReceivedPackets

Count

Number of packets received by the Network Firewall firewall. Reporting criteria: There is a nonzero value.

RejectedPackets

Count

Number of packets rejected due to Reject stateful rule actions. Reporting criteria: There is a nonzero value.

StreamExceptionPolicyPackets

Count

Number of packets matching the firewall policy's stream exception policy. Reporting criteria: There is a nonzero value.

TLSDroppedPackets

Count

Number of packets dropped by Network Firewall while inspecting SSL/TLS packets. Reporting criteria: There is a nonzero value.

TLSErrors

Count

Number of errors observed by Network Firewall while inspecting SSL/TLS packets. Reporting criteria: There is a nonzero value.

TLSPassedPackets

Count

Number of packets passed by Network Firewall while inspecting SSL/TLS packets. Reporting criteria: There is a nonzero value.

TLSReceivedPackets

Count

Number of SSL/TLS packets received by the Network Firewall firewall. Reporting criteria: There is a nonzero value.

TLSRejectedPackets

Count

Number of packets rejected by Network Firewall while inspecting SSL/TLS packets. Reporting criteria: There is a nonzero value.

TLSRevocationStatusOKConnections

Count

The number of SSL/TLS connections to TLS servers whose certificates have been confirmed as not revoked. Reporting criteria: There is a nonzero value.

TLSRevocationStatusRevokedConnections

Count

The number of SSL/TLS connections to TLS servers whose certificates have been confirmed as revoked. Reporting criteria: There is a nonzero value.

TLSRevocationStatusUnknownConnections

Count

The number of SSL/TLS connections to TLS servers whose certificates revocation status is unknown or could not be determined by the firewall. This can occur when the OCSP responder for a server certificate returns an unknown status, or when the firewall is unable to connect to the CRL or OCSP endpoints provided in the certificate. Reporting criteria: There is a nonzero value.

TLSTimedOutConnections

Count

Number of SSL/TLS connections that timed out during SSL/TLS inspection by Network Firewall. Reporting criteria: There is a nonzero value.

AWS Network Firewall dimensions

Dimension

Description

AvailabilityZone

Availability Zone in the Region where the Network Firewall firewall is active.

CustomAction

Dimension for a publish metrics custom action that you defined. You can define this for a rule action in a stateless rule group or for a stateless default action in a firewall policy.

Engine

Rules engine that processed the packet. The value for this is either Stateful or Stateless.

FirewallName

Name that you specified for the Network Firewall firewall.

Copyright © 2024 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.