AWSNLBAccessLogs

AWSNLBAccessLogs Schema #

Table description #

TableSection TableType TableSectionName Description
Usx Regular Microsoft Sentinel This connector allows you to ingest AWS Elastic Load Balancer (ALB, NLB and GLB) logs into Microsoft Sentinel. These logs contain detailed records for requests handled by your load balancers, including client IPs, latencies, request paths, and status codes. These logs are useful for monitoring traffic patterns, investigating anomalies, and ensuring security compliance.

Table retention #

HotDays ColdDays TotalInteractiveDays
14 16 30

Schema #

Name Description Type
_BilledSize Double
_IsBillable String
ALPNBEProtocol Application-layer protocol negotiated on the backend. String
ALPNClientPrefList List of application protocols preferred by the client during ALPN. String
ALPNFEProtocol Application-layer protocol negotiated on the frontend (e.g., HTTP/1.1, h2). String
ChosenCertArn ARN of the TLS certificate selected during the handshake. String
ChosenCertSerial Serial number of the TLS certificate used in the connection. String
ClientIPPort IP address and port of the client initiating the request. String
ConnectionTime Duration of the connection in milliseconds. String
DomainName Domain name requested by the client via SNI (Server Name Indication). String
IncomingTLSAlert Details of any incoming TLS alert message. String
Listener Listener configuration used for the connection (protocol and port). String
Nlb Identifier or name of the Network Load Balancer. String
NLBType Type of Network Load Balancer (e.g., ‘gateway’, ‘application’). String
ReceivedBytes Number of bytes received from the client. String
SentBytes Number of bytes sent to the client. String
SourceSystem String
TargetIPPort IP address and port of the target receiving the request. String
TenantId Unique identifier of the tenant into which the data connector ingests data. String
TimeGenerated Timestamp when the log entry was generated. DateTime
TLSCipher Cipher suite used for the TLS connection. String
TLSConnectionCreationTime Time taken to establish the complete TLS connection, including handshake. String
TlsHandshakeTime Time taken to complete the TLS handshake in milliseconds. String
TLSNamedGroup Elliptic curve or Diffie-Hellman group used in the handshake. String
TLSProtocolVersion Version of the TLS protocol used (e.g., TLS 1.2, TLS 1.3). String
Type The name of the table String
Version Version of the NLB log format. String

Schema changes #

Date Action
2026-01-02 Table added to tracking