All Products
Search
Document Center

Simple Log Service:VPC flow logs

Last Updated:Dec 23, 2024

Simple Log Service and Alibaba Cloud Virtual Private Cloud (VPC) jointly provide the flow log feature. You can use the feature to record the traffic of a VPC, the traffic of an elastic network interface (ENI) in the VPC, and the traffic of a vSwitch in the VPC. You can check access control rules, monitor network traffic, and troubleshoot network errors based on the flow logs. This topic describes the assets, billing, and limits of the flow log feature.

Feature description

You can use the flow log feature to capture the network traffic of a specific ENI, VPC, or vSwitch. If you enable the flow log feature for a VPC or a vSwitch, traffic that is transferred over the ENIs in the VPC or the vSwitch is captured. The ENIs that are created after the flow log feature is enabled are included.

The flow log feature captures traffic, records the traffic information in logs, and then sends the logs to Simple Log Service. Each log records a five-tuple of network traffic that is captured within a specific time window. The time window is approximately 10 minutes. During the time window, the flow log feature aggregates traffic data and sends the traffic data as logs to Simple Log Service. For more information about the fields in flow logs, see Log fields.

Assets

  • Custom project and Logstore

    Important
    • Do not delete the project or Logstore that is related to VPC flow logs. Otherwise, VPC flow logs cannot be sent to Simple Log Service.

    • When you create a custom Logstore, take note that billable items that are involved vary based on the billing mode of the Logstore. For more information, see Billable items.

    • If you select Enable Log Analysis Report when you enable the flow log feature, the data retention period of the Logstore that stores VPC flow logs is forcefully changed to seven days.

  • Dedicated dashboards

    By default, Simple Log Service generates three dashboards after you enable the feature.

    Note

    We recommend that you do not make changes to the dedicated dashboards because the dashboards may be upgraded or updated at any time. You can create a custom dashboard to visualize query results. For more information, see Create a dashboard.

    Dashboard

    Description

    Logstore Name-vpc_flow_log_traffic_cn

    Displays the overall traffic information about a VPC. The information includes Source Address Heat Map by Bytes, Top 10 Flow by Bytes, and Top 10 Action/Protocol by Bytes.

    Logstore Name-vpc_flow_log_rejection_cn

    Displays information about the traffic that is rejected by security groups and network access control lists (ACLs). The information includes Total REJECT Bytes, REJECT Bytes Ratio, Total REJECT Packets, and REJECT Packets Ratio.

    Logstore Name-vpc_flow_log_overview_cn

    Displays the overall information about a VPC. The information includes Total Actions, Total ACCEPT Bytes, Total REJECT Bytes, and Total ACCEPT Packets.

Billing

The flow log feature allows you to deliver only the network logs that are extracted to Simple Log Service. When you use the flow log feature, you are charged for Simple Log Service usage and network log extraction.

  • Fees for network log extraction

    You are charged based on the data amount of network logs that are extracted. The fees are included in the bills of VPC. For more information, see Billing of flow logs.

  • Fees for Simple Log Service usage

    • If the dedicated Logstore uses the pay-by-feature billing mode, you are charged for storage, read traffic, number of requests, data transformation, and data shipping after the flow logs are collected from VPC to Simple Log Service. The fees are included in the bills of Simple Log Service. For more information, see Billable items of pay-by-feature.

    • If the dedicated Logstore uses the pay-by-ingested-data billing mode, you are charged for storage of raw data that is written after the flow logs are collected from VPC to Simple Log Service. The fees are included in the bills of Simple Log Service. For more information, see Billable items of pay-by-ingested-data.

Limits

  • Supported regions

    The VPC that you use must reside in the same region as the project that you specify in Simple Log Service. The following table describes the regions in which the flow log feature is supported.

    Area

    Supported region

    Asia Pacific

    China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Nanjing - Local Region), China (Fuzhou - Local Region), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Wuhan - Local Region), China (Hong Kong), Japan (Tokyo), South Korea (Seoul), Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), Philippines (Manila), Thailand (Bangkok)

    Europe & Americas

    Germany (Frankfurt), UK (London), US (Silicon Valley), and US (Virginia)

    Middle East

    UAE (Dubai)

  • Resources

    Name/ID

    Description

    Default value

    Adjustable

    vpc_quota_flowlog_inst_nums_per_user

    Maximum number of flow logs that can be created by each account

    10

    You can increase the quota by performing the following operations:

  • You can use the flow log feature to capture the traffic of a VPC, the traffic of an ENI in the VPC, and the traffic of a vSwitch in the VPC. If you enable the flow log feature for a VPC, ENIs in the VPC, and vSwitches in the VPC, only one set of flow logs is generated.