All Products
Search

This Product

    Virtual Private Cloud:View the traffic data of an ECS instance in a VPC

    Document Center

    Virtual Private Cloud:View the traffic data of an ECS instance in a VPC

    Last Updated:Oct 26, 2023

    This topic describes how to view the traffic data of an Elastic Compute Service (ECS) instance in a virtual private cloud (VPC) by using flow logs.

    Prerequisites

    • A VPC is created and two vSwitches are created in the VPC. In this example, the vSwitches are named vSwitch 1 and vSwitch 2. For more information, see Create a VPC with an IPv4 CIDR block.

    • ECS 1 and ECS 2 are created in vSwitch 1. ECS 3 and ECS 4 are created in vSwitch 2. Applications are deployed on ECS 2 and ECS 4. For more information, see Create an instance by using the wizard.

    Background information

    The following scenario is used in this topic. ECS 2 and ECS 4 are connected to different vSwitches that belong to the same VPC. Large amounts of data are exchanged between ECS 2 and ECS 4. The IT department wants to view the traffic data in detail.流日志1

    Procedure

    配置步骤

    Step 1: Create a flow log

    1. Log on to the VPC console.
    2. In the left-side navigation pane, choose O&M and Monitoring > Flow Log.

    3. If you use the flow log feature for the first time, perform the following operations:

      • Click Authorize Now and click Confirm Authorization Policy. You must complete the authorization to ensure that the flow log can be imported to Simple Log Service.

      • Click Activate Now to enable the flow log feature.

    4. In the top navigation bar, select the region where you want to create the flow log.

      In this example, select the region where the VPC is deployed.

    5. On the Flow Log page, click Create a flow log.

    6. In the Create a flow log dialog box, set the following parameters and click OK.配置流日志

    Parameter

    Description

    Flow Log Name

    Enter a name for the flow log.

    In this example, ECS2_to_ECS4 is used.

    Resource Type

    Select the type of resource for which you want to capture traffic.

    In this example, ENI is selected.

    Resource Instance

    Select an ENI.

    • If you select the ENI of ECS2, you can view the traffic of ECS2 based on the flow log.

    • If you select the ENI of ECS4, you can view the traffic of ECS4 based on the flow log.

    Data Transfer Type

    Data Transfer Type: Select the type of traffic data that you want to capture. In this example, All is selected.

    Project

    Select the type of project to manage the captured traffic. In this example, Create Project is selected.

    Logstore

    Select the type of Logstore to store the captured traffic. In this example, Create Logstore is selected.

    Enable Log Analysis Report

    In this example, this feature is enabled. After you turn on the switch, Simple Log Service indexing is enabled and a dashboard for the Logstore is created. Then, you can consume the log data by using SQL queries and analyze the log data on the dashboard. Simple Log Service dashboards are free of charge. However, Simple Log Service indexing is billed based on data usage. For more information, see Simple Log Service billing.

    Sampling Interval (Minutes)

    Specify the sampling interval. You can specify 1 minute, 5 minutes, or 10 minutes. In this example, the sampling interval is 10 minutes.

    Description

    Enter a description for the flow log.

    Step 2: View the flow log

    View the traffic data generated when ECS 2 accesses ECS 4.

    1. On the Flow Log page, find the flow log and click the name of the Logstore in the Simple Log Service column.

      查看流日志

    2. Query the traffic data generated when ECS 2 accesses ECS 4 by performing the steps in the following figure.

      具体步骤

      Number

      Description

      1

      Enter the following SQL statement to aggregate and sort the traffic data generated when ECS 2 accesses ECS 4:

      eni-id: eni-hp3g87********po6zpp and dstaddr: "10.X.X.231" | select date_format(from_unixtime(__time__ - __time__% 60), '%H:%i:%S') as time, dstaddr,sum(bytes*8/("end"-start)) as bandwidth group by time,dstaddr order by time asc limit 1000

      The SQL statement specifies the following parameters: time, bandwidth (bit/s), and dstaddr (destination address). time and dstaddr are aggregate columns and are sorted in ascending order of time. In this case, 1,000 log entries are retrieved. The following section describes the parameters:

      • eni-id: the ENI ID of ECS 2.

      • dstaddr: the private IP address of ECS 4.

      • Set other parameters to the values shown in this example.

      Note

      To retrieve traffic data generated when ECS 4 accesses ECS 2, select ENI and then select ECS 4 when you create the flow log. When you enter an SQL statement, set eni-id to the ENI ID of ECS4 and set dstaddr to the private IP address of ECS2. Do not change other operations.

      2

      Select the time period that you want to query.

      3

      Click the Graph tab and click 流图 to select a chart type.

      4

      In the Common Settings section, set the following parameters:

      • Axis X Field: Set the value to time.

      • Axis Y Field: Set the value to bandwidth.

      • Aggregate Column: Set the value to dstaddr.

      • Format: Set the value to bps, Kbps, Mbps.

      Keep the default settings for other parameters.

      5

      Click Add to New Dashboard and set the following parameters in the dialog box that appears:

      • Operation: Create Dashboard is used in this example.

      • Layout Mode: Grid Layout is used in this example.

      • Dashboard Name: Enter a name for the dashboard. In this case, ECS2_to_ECS4 is entered.

      You can view information about the flow log on the dashboard.

      6

      Click Search & Analyze to view the traffic data generated when ECS 2 accesses ECS 4.