:doc:`NetworkFirewall <../../network-firewall>` / Client / describe_logging_configuration

******************************
describe_logging_configuration
******************************



.. py:method:: NetworkFirewall.Client.describe_logging_configuration(**kwargs)

  

  Returns the logging configuration for the specified firewall.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeLoggingConfiguration>`_  


  **Request Syntax**
  ::

    response = client.describe_logging_configuration(
        FirewallArn='string',
        FirewallName='string'
    )
    
  :type FirewallArn: string
  :param FirewallArn: 

    The Amazon Resource Name (ARN) of the firewall.

     

    You must specify the ARN or the name, and you can specify both.

    

  
  :type FirewallName: string
  :param FirewallName: 

    The descriptive name of the firewall. You can't change the name of a firewall after you create it.

     

    You must specify the ARN or the name, and you can specify both.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'FirewallArn': 'string',
          'LoggingConfiguration': {
              'LogDestinationConfigs': [
                  {
                      'LogType': 'ALERT'|'FLOW'|'TLS',
                      'LogDestinationType': 'S3'|'CloudWatchLogs'|'KinesisDataFirehose',
                      'LogDestination': {
                          'string': 'string'
                      }
                  },
              ]
          },
          'EnableMonitoringDashboard': True|False
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **FirewallArn** *(string) --* 

        The Amazon Resource Name (ARN) of the firewall.

        
      

      - **LoggingConfiguration** *(dict) --* 

        Defines how Network Firewall performs logging for a  Firewall.

        
        

        - **LogDestinationConfigs** *(list) --* 

          Defines the logging destinations for the logs for a firewall. Network Firewall generates logs for stateful rule groups.

          
          

          - *(dict) --* 

            Defines where Network Firewall sends logs for the firewall for one log type. This is used in  LoggingConfiguration. You can send each type of log to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.

             

            Network Firewall generates logs for stateful rule groups. You can save alert, flow, and TLS log types.

            
            

            - **LogType** *(string) --* 

              The type of log to record. You can record the following types of logs from your Network Firewall stateful engine.

               

              
              * ``ALERT`` - Logs for traffic that matches your stateful rules and that have an action that sends an alert. A stateful rule sends alerts for the rule actions DROP, ALERT, and REJECT. For more information, see  StatefulRule.
               
              * ``FLOW`` - Standard network traffic flow logs. The stateful rules engine records flow logs for all network traffic that it receives. Each flow log record captures the network flow for a specific standard stateless rule group.
               
              * ``TLS`` - Logs for events that are related to TLS inspection. For more information, see `Inspecting SSL/TLS traffic with TLS inspection configurations <https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-configurations.html>`__ in the *Network Firewall Developer Guide*.
              

              
            

            - **LogDestinationType** *(string) --* 

              The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.

              
            

            - **LogDestination** *(dict) --* 

              The named location for the logs, provided in a key:value mapping that is specific to the chosen destination type.

               

              
              * For an Amazon S3 bucket, provide the name of the bucket, with key ``bucketName``, and optionally provide a prefix, with key ``prefix``. The following example specifies an Amazon S3 bucket named ``DOC-EXAMPLE-BUCKET`` and the prefix ``alerts``: ``"LogDestination": { "bucketName": "DOC-EXAMPLE-BUCKET", "prefix": "alerts" }``
               
              * For a CloudWatch log group, provide the name of the CloudWatch log group, with key ``logGroup``. The following example specifies a log group named ``alert-log-group``: ``"LogDestination": { "logGroup": "alert-log-group" }``
               
              * For a Firehose delivery stream, provide the name of the delivery stream, with key ``deliveryStream``. The following example specifies a delivery stream named ``alert-delivery-stream``: ``"LogDestination": { "deliveryStream": "alert-delivery-stream" }``
              

              
              

              - *(string) --* 
                

                - *(string) --* 
          
        
        
      
    
      

      - **EnableMonitoringDashboard** *(boolean) --* 

        A boolean that reflects whether or not the firewall monitoring dashboard is enabled on a firewall.

         

        Returns ``TRUE`` when the firewall monitoring dashboard is enabled on the firewall. Returns ``FALSE`` when the firewall monitoring dashboard is not enabled on the firewall.

        
  
  **Exceptions**
  
  *   :py:class:`NetworkFirewall.Client.exceptions.InvalidRequestException`

  
  *   :py:class:`NetworkFirewall.Client.exceptions.InternalServerError`

  
  *   :py:class:`NetworkFirewall.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`NetworkFirewall.Client.exceptions.ThrottlingException`

  