All Products
Search
Document Center

:Create and manage a flow log

Last Updated:Aug 01, 2024

Virtual Private Cloud (VPC) provides the flow log feature. You can use the flow log feature to capture information about inbound and outbound traffic of an elastic network interface (ENI). You can use the flow log feature to check rules of network access control lists (ACLs), monitor network traffic, and troubleshoot network issues. This topic describes how to create and manage a flow log.

Prerequisites

Before you create a flow log, make sure that the following requirements are met:

Create a flow log

  1. Log on to the VPC console.

  2. In the left-side navigation pane, choose O&M and Monitoring > Flow Log.

  3. If this is the first time that you use the flow log feature, click Activate Now to enable the flow log feature.

    Note

    If you have created flow logs, the flow logs are displayed after you click Activate Now.

  4. In the top navigation bar, select the region where you want to create the flow log.

    For more information about regions that support the flow log feature, see Feature release and supported regions.

  5. On the Flow Log page, click Create a flow log.

  6. In the Create a flow log dialog box, configure the following parameters and click OK:

    Parameter

    Description

    Flow Log Name

    Specify a name for the flow log.

    Resource Type

    Select the type of the resource from which you want to capture traffic information, and then select the resource. Supported resource types:

    • VPC: captures traffic from all ENIs in the specified VPC.

    • vSwitch: captures traffic information from all ENIs that are associated with the specified vSwitch.

    • ENI: captures traffic information about the specified ENI.

    Resource Group

    Select the resource group to which the flow log belongs.

    Resource Instance

    Select a resource instance from which you want to capture traffic information.

    Tag Key

    Select or enter a tag key. You can specify up to 20 tag keys.

    A tag key can be up to 128 characters in length and cannot contain http:// or https://. It cannot start with acs: or aliyun.

    Tag Value

    Select or enter a tag value. You can specify up to 20 tag values

    A tag value can be up to 128 characters in length and cannot contain http:// or https://. It cannot start with acs: or aliyun.

    Data Transfer Type

    Select the type of traffic information that you want to capture. Valid values:

    • All Traffic: captures all traffic information from the specified resource.

    • Allowed Traffic: captures information about traffic that is allowed by security group rules and network ACL rules of the specified resource.

    • Denied Traffic: captures information about traffic that is denied by security group rules and network ACL rules of the specified resource.

    Project

    Specify a project to manage captured traffic information. Valid values:

    • Select Project: Select an existing project to store captured traffic information.

    • Create Project: Create a project to store captured traffic information.

    Logstore

    Specify a Logstore to store captured traffic information. Valid values:

    • Select Logstore: Select a Logstore from an existing project to store captured traffic information.

    • Create Logstore: Create a Logstore to store captured traffic information.

    Enable Log Analysis Report

    Select this option to enable Simple Log Service indexing and create a dashboard for the Logstore. Then, you can consume the log data by using SQL queries or analyze the log data in the dashboard.

    Log Service dashboards are free of charge. However, Log Service indexing is billed based on data usage. For more information, see Log Service billing.

    Sampling Interval (Minutes)

    Specify the sampling interval. You can specify 1 minute, 5 minutes, or 10 minutes. By default, the sampling interval is 10 minutes.

    Sampling Path

    Select a sampling path. By default, traffic from all paths is collected.

    • All Scenarios

    • Traffic Through IPv4 Gateway

    • Traffic Through NAT Gateway

    • Traffic Through VPN Gateway

    • Traffic Through Transit Router

    • Traffic That Accesses Cloud Service Through Gateway Endpoint

    • Traffic Through VBR

    Note

    The sampling path feature is disabled by default. To use this feature, contact your account manager.

    Description

    Enter a description for the flow log.

View a flow log

After you create a flow log, you can view the information about the flow log and the ENIs from which traffic information is captured.

  1. Log on to the VPC console.

  2. In the left-side navigation pane, choose O&M and Monitoring > Flow Log.

  3. In the top navigation bar, select the region to which the flow log belongs.

  4. You can view flow logs on the Flow Log page.

  5. In the Flow Log Collection Details panel, view the flow log ID, status, and collection scope.

  6. In the Flow Log Collection Details panel, click the Actions column to view the ENI collection range. Click the ENIs with Flow Logs Unsupported or All ENIs tab to view the information about the ENIs.

    • ENIs with Flow Logs Unsupported: The flow log does not capture traffic information about the ENIs.

    • All ENIs: The flow log captures traffic information about all the ENIs. For example, if a flow log captures traffic information about a VPC, this section displays all the ENIs in the VPC, including the ENIs from which traffic information can be captured and cannot be captured.

    Note

    You can view the information about the ENIs only when the ENIs have inbound or outbound traffic.

Analyze a flow log

You can check network ACL rules, monitor network traffic, and troubleshoot network issues by analyzing a flow log.

  1. Log on to the VPC console.

  2. In the left-side navigation pane, choose O&M and Monitoring > Flow Log.

  3. In the top navigation bar, select the region to which the flow log belongs.

  4. On the Flow Log page, find the flow log that you want to query, and click the name of the Logstore.

    日志

  5. In the Simple Log Service console, click Search & Analyze.

    After the flow log appears, you can view and analyze the flow log.

Modify a flow log

After you create a flow log, you can modify the name and description of the flow log.

Note

If a flow log is created by using the Simple Log Service console, the flow log can be viewed on the VPCs page but cannot be modified in a VPC.

Modify the name and description of a flow log

  1. Log on to the VPC console.
  2. In the left-side navigation pane, choose O&M and Monitoring > Flow Log.

  3. In the top navigation bar, select the region to which the flow log belongs.

  4. On the Flow Log page, find the flow log and click 修改 in the Instance ID/Name column to modify the flow log name.

  5. In the Description column, click 修改 to modify the flow log description.

Modify the sampling interval of a flow log

After you create a flow log, you can modify the sampling interval.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, choose O&M and Monitoring > Flow Log.

  3. In the top navigation bar, select the region to which the flow log belongs.

  4. On the Flow Log page, find the flow log and click Edit in the Sampling Interval (Minutes) column.

  5. You can set the sampling interval to 1 minute, 5 minutes, or 10 minutes from the drop-down list, and click OK.

    If you do not need to change the sampling interval, you can click Cancel in the Sampling Interval (Minutes) column.

Enable a flow log

You can enable a flow log that is in the Inactive state. After you enable the flow log, the flow log starts to capture traffic information about ENIs.

Note

If a flow log is created by using the Simple Log Service console, the flow log can be viewed on the VPCs page but cannot be enabled in a VPC.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, choose O&M and Monitoring > Flow Log.

  3. In the top navigation bar, select the region to which the flow log belongs.

  4. On the Flow Log page, find the flow log that you want to enable and click Enable in the Actions column.

    After the flow log is enabled, the status of the flow log changes to Active.启动流日志

Disable a flow log

You can temporarily stop a flow log from capturing traffic information about ENIs by disabling the flow log. After a flow log is disabled, the flow log is not deleted. You can enable the flow log that is in the Inactive state to start capturing traffic information about ENIs again.

Note

If a flow log is created in the Simple Log Service console, the flow log can be hosted in the VPC but cannot be stopped in the VPC.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, choose O&M and Monitoring > Flow Log.

  3. In the top navigation bar, select the region to which the flow log belongs.

  4. On the Flow Log page, find the flow log that you want to stop and click Stop in the Actions column.

    After the flow log is disabled, the status of the flow log changes to Inactive.停止流日志

Delete a flow log

You can delete a flow log that is in the Active or Inactive state. After you delete a flow log, you can still view captured traffic information in the Simple Log Service console.

Note

If a flow log is created by using the Simple Log Service console, the flow log can be viewed on the VPCs page but cannot be deleted in a VPC.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, choose O&M and Monitoring > Flow Log.

  3. In the top navigation bar, select the region to which the flow log belongs.

  4. On the Flow Log page, find the flow log that you want to delete and click Delete in the Actions column.

  5. In the Delete Flow Log message, click OK.

References