All Products
Search

This Product

    Simple Log Service:VPC

    Document Center

    Simple Log Service:VPC

    Last Updated:Aug 02, 2024

    This topic describes the fields of Virtual Private Cloud (VPC) flow logs.

    Field

    Description

    __topic__

    The topic of the log. The value is fixed as flow_log.

    version

    The version of the flow log.

    vswitch-id

    The ID of the vSwitch to which the Elastic Network Interface (ENI) is bound.

    vm-id

    The ID of the Elastic Compute Service (ECS) instance to which the ENI is bound.

    vpc-id

    The ID of the VPC to which the ENI belongs.

    account-id

    The ID of the account.

    eni-id

    The ID of the ENI.

    region

    The region where the VPC resides.

    srcaddr

    The source address.

    srcport

    The source port.

    dstaddr

    The destination address.

    dstport

    The destination port.

    protocol

    The Internet Assigned Numbers Authority (IANA) protocol number of the traffic. For more information, see Protocol Numbers.

    direction

    The direction of the traffic. Valid values:

    • in: inbound traffic

    • out: outbound traffic

    packets

    The number of data packets.

    bytes

    The size of data packets.

    start

    The start time of the capture window.

    end

    The end time of the capture window.

    log-status

    The record status of the flow log. Valid values:

    • OK: Data is recorded.

    • NODATA: No inbound or outbound traffic is transmitted through the ENI during the capture window.

    • SKIPDATA: The status of some logs is not recorded during the capture window.

    action

    The action that is related to the traffic. Valid values:

    • ACCEPT: Security groups allow the traffic to be recorded.

    • REJECT: Security groups do not allow the traffic to be recorded.

    tcp-flags

    The TCP flags. The following list describes the mappings between TCP flags and masks:

    • SYN: 2

    • SYN,ACK: 18

    • RST: 4

    • PSH: 8

    • URG: 32

    • FIN: 1

    For more information about TCP flags, see RFC: 793.

    rafficPath

    The sampling path of the traffic. Valid values:

    • all: all traffic

    • ipv4Gateway: the traffic that passes through an IPv4 gateway to the Internet

    • natGateway: the traffic that passes through a NAT gateway

    • vpnGateway: the traffic that passes through a VPN gateway

    • gatewayEndpoint: the traffic that passes through a gateway endpoint to a cloud service

    • transitRouter: the traffic that passes through a transit router

    • virtualBorderRouter: the traffic that passes through a virtual border router (VBR) to a leased line

    Note

    The sampling path feature is disabled by default. To use this feature, contact your account manager.