Explanation:
After you create a VPC flow log, you cannot change its configuration (such as the log format or the fields included). To include additional fields like tcp-flags, which is only available in custom formats, you must create a new flow log with the desired configuration and delete the old one if it is no longer needed. Options B and C do not affect the data being captured at the source. Option D is incorrect because existing flow logs cannot be modified in that manner.
Ultimate access to all questions.
Question 29. A SysOps administrator configured VPC flow logs by using the default format. The SysOps administrator specified Amazon CloudWatch Logs as the destination. This solution has worked successfully for several months. However, because of additional troubleshooting requirements, the SysOps administrator needs to include the tcp-flags field on the flow logs. What should the SysOps administrator do to meet this requirement?
A
Create a new flow log. Include the tcp-flags field in the custom log format. Delete the original flow log.
B
In the CloudWatch Logs log group, modify the filter to include the tcp-flags field and the type field.
C
In CloudWatch Metrics, modify the metric configuration to include the tcp-flags field.
D
Modify the existing flow log. Include the tcp-flags field and the type field in the custom log format. Save the configuration.
E
N/A
F
N/A
No comments yet.