Virtual Private Cloud (VPC) provides flow logs that record information about inbound and outbound traffic of an elastic network interface (ENI). Flow logs allow you to check access control list (ACL) rules, monitor network traffic, and troubleshoot network issues.
Features and supported regions
The flow log feature is in public preview. To use this feature,submit a ticket.
| Area | Supported region |
|---|---|
| Asia Pacific | China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), Japan (Tokyo), Singapore (Singapore), Australia (Sydney), Malaysia (Kuala Lumpur), and Indonesia (Jakarta) |
| Europe and Americas | US (Silicon Valley), US (Virginia), Germany (Frankfurt), and UK (London) |
| Middle East and India | India (Mumbai) and UAE (Dubai) |
Description
Flow logs can record the information about network traffic of a specified ENI, VPC, or vSwitch. After you enable the flow log feature for a VPC or a vSwitch, information about traffic of ENIs in the VPC or vSwitch is captured. Flow logs also capture information about the ENIs that are created after the flow log feature is enabled.
The traffic information captured by the flow log feature is written to flow log records in Log Service. Each flow log record includes a 5-tuple of a traffic flow captured within the specified time period. The maximum time period lasts approximately 10 minutes. During the time period, statistics about a traffic flow are captured and aggregated into a flow log record.
| Log field | Description |
|---|---|
| version | The version of the flow log. |
| vswitch-id | The ID of the vSwitch to which the ENI belongs. |
| vm-id | The ID of the cloud instance to which the ENI is bound. |
| vpc-id | The ID of the VPC to which the ENI belongs. |
| account-id | The ID of the Alibaba Cloud account. |
| eni-id | The ID of the ENI. |
| srcaddr | The source IP address. |
| srcport | The source port. |
| dstaddr | The destination IP address. |
| dstport | The destination port. |
| protocol | The Internet Assigned Numbers Authority (IANA) protocol number of traffic.
For more information, see Protocol Numbers. |
| direction | The direction of the traffic. Valid values:
|
| packets | The number of data packets. |
| bytes | The size of data packets. |
| start | The time when the capture starts. |
| end | The time when the capture ends. |
| log-status | The state of the flow log record. Valid values:
|
| action | The action associated with the traffic flow. Valid values:
|
Billing method
- The fee of log collection
The log collection fee is charged based on the amount of the collected logs.Note No log collection fee is charged during the public preview.
- The fee of Log Service
The logs generated by the flow log feature are stored in Log Service. You can view and analyze the logs in Log Service. You are charged for log storage and retrieval when you use Log Service.
Limits
The following table lists the limits of flow logs.
| Item | Limit | Adjustable |
|---|---|---|
| Number of flow logs that can be created in each region | 10 | N/A |
| VPCs that do not support flow logs | VPCs that contain ECS instances of the following instance families:
ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4. |
Upgrade or release an Elastic Compute Service (ECS) instance that does not support
advanced network features.
Note If the VPC to which a vSwitch or an elastic network interface (ENI) belongs contains
one of the specified ECS instance families and the flow log feature is enabled, you
must upgrade or release the ECS instance for the flow logs feature to function as
expected. For more information, see VPC advanced features.
|
| vSwitches that do not support flow logs | VPCs to which vSwitches belong contain instances of the following instance families:
ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4. |
|
| ENIs that do not support flow logs | VPCs to which ENIs belong contain instances of the following instance families:
ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4. |
Configuration procedure
- Activate Log Service
The traffic data captured by the flow log feature is stored in Alibaba Cloud Log Service. Therefore, you must activate Log Service before you create a flow log.
- Optional. Create an AccessKey pair
If you want to write data by using API or SDK, you must create an AccessKey pair. If you want to collect logs by using Logtail, you do not need to create an AccessKey pair.
- Create a project
You must create a project in Log Service. For more information, see Create a project.
- Create a Logstore
A Logstore is a set of resources created for a project. All data in a Logstore is retrieved from the same source. After you create a project, you must create a Logstore. For more information, see Create a Logstore.
- Create a resource to capture logs
Before you create a flow log, you must create a resource for which logs are captured. You can capture logs of a specified ENI, VPC, or vSwitch. For more information, see Create an ENI, Create a VPC, and Create a vSwitch.
- Create a flow flog
After you create a flow log, the flow log can capture the traffic data of network instances that are attached to a Cloud Enterprise Network (CEN) instance in different regions. For more information, see Create a flow log.
- View flow logs
After you create a flow log, you can view the flow log. You can use the captured traffic data to analyze cross-region data transmission, reduce costs, and troubleshoot network errors. For more information, see View a flow log.