This topic describes the flow log function of Cloud Enterprise Networks (CENs). By using the flow log function, you can capture the traffic data of the network instances in different regions of a CEN. You can also use the data aggregated in flow logs to analyze cross-region traffic flows, minimize traffic costs, and troubleshoot network faults.

Note
  • To add your account to the whitelist for the flow log function, open a ticket.
  • Flow logs only capture cross-region traffic data of mutual access. Traffic between two VPCs in a region, or traffic among VPCs, VBRs, and on-premises data centers in a region, are not captured.
  • The flow log function is supported in China (Hangzhou), China (Shanghai), China (Zhangjiakou), China (Shenzhen), China (Beijing), China (Hohhot), China (Hong Kong), UK (London), US (Silicon Valley), US (Virginia), Germany (Frankfurt), India (Mumbai), Singapore, Indonesia (Jakarta), Australia (Sydney), and Malaysia (Kuala Lumpur).

Background information

Each flow log consists of the following traffic data: a source IP address, a source port, a destination IP address, a destination port, and the protocol that is used.

To capture traffic data with flow logs, you must create a flow log for each region where traffic information is to be captured and specify the Project and Logstore of the corresponding region. The captured traffic data is stored in Alibaba Cloud Log Service. You can view and analyze the captured traffic data in the Alibaba Cloud Log Service. The flow log function is currently in the beta testing phase. During this phase, you are only charged for the storage and retrieval of traffic data in Log Service.

The traffic data captured by the flow log function is written to Log Service as flow log records. Each flow log record captures specified traffic data in a specified capture window, which is about 10 minutes. During this period, data is aggregated and then released to the flow log record.

The following table describes the fields of a flow log record.
Field Description
account-id Account ID.
cen-id The ID of the CEN instance.
src_region The source region.
srcaddr The source IP address.
srcport The source port.
dst_region The destination region.
dstaddr The destination IP address.
dstport The destination port.
protocol The protocol type.
direction The direction of the traffic. Valid values:
  • in: indicates inbound traffic.
  • out: indicates outbound traffic.
packets The number of data packets.
bytes The size of data packets.
rtt The latency.
start The start time of the capture window.
end The end time of the capture window.
log-status The status of the flow log record. Valid values:
  • OK: indicates that traffic data was successfullly recorded.
  • NODATA: indicates that no traffic data was detected during the capture window.
  • SKIPDATA: indicates that some flow log records were skipped during the capture window.

Limits

The following table describes the limits that apply when you use the flow log function.
Resource Limit Quota increase supported?
The maximum number of flow logs that can be created for a CEN instance in a region 1 No
The maximum number of flow logs that can be created for each account 30 No

Procedure

The following figure shows the procedure for configuring the flow log function.Procedure
  1. Activate Log Service.

    The traffic data captured by the flow log function is stored in Alibaba Cloud Log Service. Therefore, you need to activate Log Service before you create a flow log.

  2. Optional. Create an AccessKey.

    If you want to write data to Log Service through APIs or SDKs, you must first create an AccessKey (AK). However, if you want to collect logs by using Logtail, you do not need to create an AK.

  3. Create a Project.

    You must create a Project in Log Service. For more information, see Create a project.

  4. Create a Logstore.

    A Logstore is a collection of resources created in a Project. All data in a Logstore is from the same data source. After creating a Project, you must create a Logstore. For more information, see Create a Logstore.

  5. Create a flow log.

    You can create a flow log through the CEN console. For more information, see Create a flow log.

  6. View the flow log

    You can view the captured traffic data in the flow log. You can use the captured traffic data to analyze cross-region traffic flows, minimize traffic costs, and troubleshoot network faults. For more information, see View flow logs.

Related documentation