Explanation:
After a VPC flow log is created, its configuration (including the log format and the destination) cannot be modified. To include a new field such as tcp-flags or change the flow log format from default to custom, the administrator must create a new flow log with the desired format and then delete the existing flow log.
Ultimate access to all questions.
Question 29.
A SysOps administrator configured VPC flow logs by using the default format. The SysOps administrator specified Amazon CloudWatch Logs as the destination. This solution has worked successfully for several months. However, because of additional troubleshooting requirements, the SysOps administrator needs to include the tcp-flags field on the flow logs. What should the SysOps administrator do to meet this requirement?
A
Create a new flow log. Include the tcp-flags field in the custom log format. Delete the original flow log.
B
In the CloudWatch Logs log group, modify the filter to include the tcp-flags field and the type field.
C
In CloudWatch Metrics, modify the metric configuration to include the tcp-flags field.
D
Modify the existing flow log. Include the tcp-flags field and the type field in the custom log format. Save the configuration.
No comments yet.