All Products
Search
Document Center

Simple Log Service:Flow Log Center

Last Updated:Dec 19, 2024

Simple Log Service and Virtual Private Cloud (VPC) jointly launch the Flow Log Center application. You can use the application to query the policies of the VPC that is used, traffic of elastic network interfaces (ENIs), and traffic between CIDR blocks. This way, you can analyze the flow logs of your VPC in an efficient manner.

Features

Flow Log Center provides the monitoring center and inter-domain analysis features.

  • Monitoring center

    The monitoring center feature is used to analyze and monitor VPC flow logs.

    • The monitoring center feature provides the following dashboards: Overview, Policy Statistics, ENI Traffic, and Inter-ECS Traffic. For more information, see Dedicated dashboards.

    • The monitoring center feature provides a custom query page. You can use the page to query and analyze VPC flow logs. For more information, see Query and analyze logs.

  • Inter-domain analysis

    After you enable the inter-domain analysis feature, Simple Log Service automatically creates a data transformation job to transform collected VPC flow logs. The transformed VPC flow logs contain information about CIDR blocks. Then, you can analyze the traffic between different CIDR blocks.

    • The inter-domain analysis feature provides the following dashboards: Inter-domain Traffic, ECS-to-Domain Traffic, and Threat Intelligence. For more information, see Dedicated dashboards.

    • The inter-domain analysis feature provides a custom query page. You can use the page to query and analyze VPC flow logs that contain information about CIDR blocks. For more information, see Query and analyze logs.

Assets

  • Projects and Logstores

    You must create a custom project and Logstore to store VPC flow logs. After you configure inter-domain CIDR blocks, Simple Log Service automatically creates a data transformation job and a Logstore named flowlog-enriched-Instance ID to store the transformed VPC flow logs.

  • Dedicated dashboards

    Table 1. Dedicated dashboards

    Dashboard

    Associated Logstore

    Description

    Overview

    Custom Logstore

    Displays the overall information about VPC flow logs.

    Policy Statistics

    Custom Logstore

    Displays policy information. The information includes Accept, Reject, Accept - 5 Tuple, and Reject - 5 Tuple. A 5-tuple contains the source CIDR block, source port, protocol, destination CIDR block, and destination port.

    • ACCEPT: Security groups and network ACLs allow the traffic to be recorded.

    • REJECT: Security groups and network ACLs do not allow the traffic to be recorded.

    ENI Traffic

    Custom Logstore

    Displays information about the inbound traffic and outbound traffic of ENIs.

    Inter-ECS Traffic

    Custom Logstore

    Displays information about the traffic between Elastic Compute Service (ECS) instances.

    Inter-domain Traffic

    Logstore named flowlog-enriched-Instance ID

    Displays information about the traffic between different CIDR blocks.

    ECS-to-Domain Traffic

    Logstore named flowlog-enriched-Instance ID

    Displays information about the traffic that is sent from an ECS instance to a destination CIDR block.

    Threat Intelligence

    Logstore named flowlog-enriched-Instance ID

    Displays threat intelligence about source IP addresses and destination IP addresses.

Billing

The flow log feature allows you to deliver only the network logs that are extracted to Simple Log Service. When you use the flow log feature, you are charged for Simple Log Service usage and network log extraction.

  • Fees for network log extraction

    You are charged based on the data amount of network logs that are extracted. The fees are included in the bills of VPC. For more information, see Billing of flow logs.

  • Fees for Simple Log Service usage

    • If the dedicated Logstore uses the pay-by-feature billing mode, you are charged for storage, read traffic, number of requests, data transformation, and data shipping after the flow logs are collected from VPC to Simple Log Service. The fees are included in the bills of Simple Log Service. For more information, see Billable items of pay-by-feature.

    • If the dedicated Logstore uses the pay-by-ingested-data billing mode, you are charged for storage of raw data that is written after the flow logs are collected from VPC to Simple Log Service. The fees are included in the bills of Simple Log Service. For more information, see Billable items of pay-by-ingested-data.

Limits

Your VPC must reside in the same region as the Simple Log Service project that you use.