All Products
Search
Document Center

Simple Log Service:CEN flow logs

Last Updated:Dec 23, 2024

Simple Log Service and Cloud Enterprise Network (CEN) jointly launch the flow log feature that is used to capture the cross-region traffic data between transit routers and traffic data over Virtual Border Router (VBR) connections. This helps you analyze bandwidth usage, troubleshoot network errors, and reduce traffic costs. This topic describes the assets, billing, and limits of the flow log feature.

Introduction

The flow log feature aggregates traffic data that is captured within a specified time window and writes the aggregated traffic data as flow logs to Simple Log Service. You can query and analyze the logs in the Simple Log Service console.

The traffic data that is captured varies based on the object from which the traffic data is captured.

Assets

  • Custom project and Logstore

    Important
    • Do not delete the project or Logstore that is related to flow logs. Otherwise, flow logs cannot be sent to Simple Log Service.

    • When you create a custom Logstore, note that billable items that are involved vary based on the billing mode of the Logstore. For more information, see Billable items.

  • Dedicated dashboards

    None

Billing

After you enable the flow log feature for a transit router, you are charged the following fees:

  • Fee of network log extraction

    The fee is generated based on the amount of log data that is extracted. The fee is included in the bills of CEN transit routers.

    Note

    Network log extraction is currently free of charge. Alibaba Cloud will announce updates if any.

  • Fee of Simple Log Service usage

    • The traffic data that is captured by the flow log feature is stored as flow logs in Simple Log Service. You can view and analyze the logs in Simple Log Service. If the custom Logstore uses the pay-by-feature billing mode, you are charged for storage and indexes. The fees are included in the bills of Simple Log Service. For more information, see Billable items of pay-by-feature.

    • The traffic data that is captured by the flow log feature is stored as flow logs in Simple Log Service. You can view and analyze the logs in Simple Log Service. If the custom Logstore uses the pay-by-ingested-data billing mode, you are charged for storage. The fees are included in the bills of Simple Log Service. For more information, see Billable items of pay-by-ingested-data.

Limits

  • Flow logs cannot capture multicast traffic information.

  • If you have an existing flow log and want to use fields of a later flow log version, you need to delete the flow log and create a new one.

    When you create a flow log, it is created in the latest version by default. The latest flow log version supports all fields of earlier flow log versions. You can view the version of a flow log in the CEN console.2024-06-06_11-19-02

  • If a single TCP connection contains only packets that are used for connection establishment, connection reset, or connection closure, the flow log of the transit router does not record the connection.

    For example, if a TCP connection has not completed three-way handshakes or the client request is reset by the firewall, the connection is not recorded in the flow log. This design aims to prevent excessive flow log entries generated by TCP scanners.