This topic describes the flow log function of Cloud Enterprise Networks (CENs). By using the flow log function, you can capture the traffic data of the network instances in different regions of a CEN. You can also use the data aggregated in flow logs to analyze cross-region traffic flows, minimize traffic costs, and troubleshoot network faults.
- To add your account to the whitelist for the flow log function, open a ticket.
- Flow logs only capture cross-region traffic data of mutual access. Traffic between two VPCs in a region, or traffic among VPCs, VBRs, and on-premises data centers in a region, are not captured.
- The flow log function is supported in China (Hangzhou), China (Shanghai), China (Zhangjiakou), China (Shenzhen), China (Beijing), China (Hohhot), China (Hong Kong), UK (London), US (Silicon Valley), US (Virginia), Germany (Frankfurt), India (Mumbai), Singapore, Indonesia (Jakarta), Australia (Sydney), and Malaysia (Kuala Lumpur).
Each flow log consists of the following traffic data: a source IP address, a source port, a destination IP address, a destination port, and the protocol that is used.
To capture traffic data with flow logs, you must create a flow log for each region where traffic information is to be captured and specify the Project and Logstore of the corresponding region. The captured traffic data is stored in Alibaba Cloud Log Service. You can view and analyze the captured traffic data in the Alibaba Cloud Log Service. The flow log function is currently in the beta testing phase. During this phase, you are only charged for the storage and retrieval of traffic data in Log Service.
The traffic data captured by the flow log function is written to Log Service as flow log records. Each flow log record captures specified traffic data in a specified capture window, which is about 10 minutes. During this period, data is aggregated and then released to the flow log record.
|cen-id||The ID of the CEN instance.|
|src_region||The source region.|
|srcaddr||The source IP address.|
|srcport||The source port.|
|dst_region||The destination region.|
|dstaddr||The destination IP address.|
|dstport||The destination port.|
|protocol||The protocol type.|
|direction|| The direction of the traffic. Valid values:
|packets||The number of data packets.|
|bytes||The size of data packets.|
|start||The start time of the capture window.|
|end||The end time of the capture window.|
|log-status||The status of the flow log record. Valid values:
|Resource||Limit||Quota increase supported?|
|The maximum number of flow logs that can be created for a CEN instance in a region||1||No|
|The maximum number of flow logs that can be created for each account||30||No|
- Activate Log Service.
The traffic data captured by the flow log function is stored in Alibaba Cloud Log Service. Therefore, you need to activate Log Service before you create a flow log.
- Optional. Create an AccessKey.
If you want to write data to Log Service through APIs or SDKs, you must first create an AccessKey (AK). However, if you want to collect logs by using Logtail, you do not need to create an AK.
- Create a Project.
You must create a Project in Log Service. For more information, see Create a project.
- Create a Logstore.
A Logstore is a collection of resources created in a Project. All data in a Logstore is from the same data source. After creating a Project, you must create a Logstore. For more information, see Create a Logstore.
- Create a flow log.
You can create a flow log through the CEN console. For more information, see Create a flow log.
- View the flow log
You can view the captured traffic data in the flow log. You can use the captured traffic data to analyze cross-region traffic flows, minimize traffic costs, and troubleshoot network faults. For more information, see View flow logs.