Simple Log Service and Virtual Private Cloud (VPC) jointly launch the Flow Log Center application. You can use the application to query the policies of the VPC that is used, traffic of elastic network interfaces (ENIs), and traffic between CIDR blocks. This way, you can analyze the flow logs of your VPC in an efficient manner.
Features
Flow Log Center provides the monitoring center and inter-domain analysis features.
Monitoring center
The monitoring center feature is used to analyze and monitor VPC flow logs.
The monitoring center feature provides the following dashboards: Overview, Policy Statistics, ENI Traffic, and Inter-ECS Traffic. For more information, see Dedicated dashboards.
The monitoring center feature provides a custom query page. You can use the page to query and analyze VPC flow logs. For more information, see Query and analyze logs.
Inter-domain analysis
After you enable the inter-domain analysis feature, Simple Log Service automatically creates a data transformation job to transform collected VPC flow logs. The transformed VPC flow logs contain information about CIDR blocks. Then, you can analyze the traffic between different CIDR blocks.
The inter-domain analysis feature provides the following dashboards: Inter-domain Traffic, ECS-to-Domain Traffic, and Threat Intelligence. For more information, see Dedicated dashboards.
The inter-domain analysis feature provides a custom query page. You can use the page to query and analyze VPC flow logs that contain information about CIDR blocks. For more information, see Query and analyze logs.
Assets
Projects and Logstores
You must create a custom project and Logstore to store VPC flow logs. After you configure inter-domain CIDR blocks, Simple Log Service automatically creates a data transformation job and a Logstore named flowlog-enriched-Instance ID to store the transformed VPC flow logs.
Dedicated dashboards
Table 1. Dedicated dashboards Dashboard
Associated Logstore
Description
Overview
Custom Logstore
Displays the overall information about VPC flow logs.
Policy Statistics
Custom Logstore
Displays policy information. The information includes Accept, Reject, Accept - 5 Tuple, and Reject - 5 Tuple. A 5-tuple contains the source CIDR block, source port, protocol, destination CIDR block, and destination port.
ACCEPT: Security groups and network ACLs allow the traffic to be recorded.
REJECT: Security groups and network ACLs do not allow the traffic to be recorded.
ENI Traffic
Custom Logstore
Displays information about the inbound traffic and outbound traffic of ENIs.
Inter-ECS Traffic
Custom Logstore
Displays information about the traffic between Elastic Compute Service (ECS) instances.
Inter-domain Traffic
Logstore named flowlog-enriched-Instance ID
Displays information about the traffic between different CIDR blocks.
ECS-to-Domain Traffic
Logstore named flowlog-enriched-Instance ID
Displays information about the traffic that is sent from an ECS instance to a destination CIDR block.
Threat Intelligence
Logstore named flowlog-enriched-Instance ID
Displays threat intelligence about source IP addresses and destination IP addresses.
Billing
The flow log feature allows you to deliver only the network logs that are extracted to Simple Log Service. When you use the flow log feature, you are charged for Simple Log Service usage and network log extraction.
Fees for network log extraction
You are charged based on the data amount of network logs that are extracted. The fees are included in the bills of VPC. For more information, see Billing of flow logs.
Fees for Simple Log Service usage
If the dedicated Logstore uses the pay-by-feature billing mode, you are charged for storage, read traffic, number of requests, data transformation, and data shipping after the flow logs are collected from VPC to Simple Log Service. The fees are included in the bills of Simple Log Service. For more information, see Billable items of pay-by-feature.
If the dedicated Logstore uses the pay-by-ingested-data billing mode, you are charged for storage of raw data that is written after the flow logs are collected from VPC to Simple Log Service. The fees are included in the bills of Simple Log Service. For more information, see Billable items of pay-by-ingested-data.
Limits
Your VPC must reside in the same region as the Simple Log Service project that you use.