Overview - Operation, maintenance and monitoring| Alibaba Cloud Documentation Center

Features and supported regions

The flow log feature is in public preview. To use this feature, submit a ticket apply for the public preview qualification.

The following table describes the regions that support the flow log feature.


Area	Supported region
Asia Pacific	China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Hangzhou), China (Shanghai), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), Japan (Tokyo), Singapore (Singapore), Australia (Sydney), Malaysia (Kuala Lumpur), and Indonesia (Jakarta)
Europe & Americas	US (Silicon Valley), US (Virginia), Germany (Frankfurt), and UK (London)
Middle East & India	India (Mumbai) and UAE (Dubai)

Features

Flow logs can record information about network traffic of a specified ENI, VPC, or vSwitch. After you enable the flow log feature for a VPC or a vSwitch, information about traffic of ENIs in the VPC or vSwitch is captured. Flow logs also capture information about the ENIs that are created after the flow log feature is enabled.

The traffic information captured by the flow log feature is written to flow log records in Log Service. Each flow log record includes a 5-tuple of a traffic flow captured within the specified time period. The maximum time period lasts approximately 10 minutes. During this time period, statistics about a traffic flow are captured and aggregated into a flow log record.

The following table describes the fields of a flow log record.


Field	Description
version	The version of the flow log.
vswitch-id	The ID of the vSwitch to which the ENI belongs.
vm-id	The ID of the cloud instance with which the ENI is associated.
vpc-id	The ID of the VPC to which the ENI belongs.
account-id	The ID of the Alibaba Cloud account.
eni-id	The ID of the ENI.
srcaddr	The source IP address.
srcport	The source port.
dstaddr	The destination IP address.
dstport	The destination port.
protocol	The Internet Assigned Numbers Authority (IANA) protocol number of traffic. For more information, see Protocol Numbers.
direction	The direction of the traffic. Valid values: in: inbound traffic out: outbound traffic
packets	The number of data packets.
bytes	The size of data packets.
start	The time when the capture starts.
end	The time when the capture ends.
log-status	The state of the flow log record. Valid values: OK: The data is recorded. NODATA: No inbound or outbound traffic is transmitted through the ENI during the time period. SKIPDATA: Some flow log records are skipped within the time period.
action	The action that has been performed on the traffic flow. Valid values: ACCEPT: the traffic flow has been allowed by security groups or ACLs. REJECT: the traffic flow has been rejected by security groups or ACLs.

Billing method

You can store and analyze flow logs only in Log Service. You are charged for traffic flow data collection and Log Service when you use flow logs.

The fee of traffic flow data collection
A fee is charged based on the amount of traffic flow data that is captured.

Note The fee of traffic flow data collection is not charged during the public preview.
The fee of Log Service
The data captured by a flow log is stored in Log Service. You can view and analyze the flow log in Log Service. You are charged for data storage and retrieval when you use Log Service.

Limits

The following table describes the limits of flow logs.


Item	Default limit	Adjustable
Maximum number of flow logs that can be created in each region	10	N/A
ECS instance families that do not support flow logs	When you enable flow logs for a VPC or a vSwitch, ECS instances in the VPC or vSwitch do not support flow logs if they belong to the following instance families. Other ECS instances that meet the requirement support flow logs. ENIs that are associated with ECS instances of the following instance families do not support flow logs. ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.	Upgrade or release an ECS instance. For more information about how to upgrade an ECS instance, see Upgrade the instance types of subscription instances and Change the instance type of a pay-as-you-go instance. For more information about how to release an ECS instance, see Release an instance.

Procedure

To configure a flow log, perform the following steps:

Activate Log Service
The traffic data captured by the flow log feature is stored in Alibaba Cloud Log Service. Therefore, you must activate Log Service before you create a flow log.
Optional. Create an AccessKey pair
If you want to import data by calling the API or SDK, you must create an AccessKey pair. If you want to log events by using Logtail, you do not need to create an AccessKey pair.
Create a project.
You must create a project in Log Service. For more information, see Create a project.
Ceate a Logstore
A Logstore is a set of resources created for a project. All data in a Logstore is retrieved from the same source. After you create a project, you must create a Logstore. For more information, see Create a Logstore.
Specify a resource from which traffic flow data is captured
Before you create a flow log, you must specify the resource from which traffic flow data is captured. You can capture traffic flow data from an ENI, VPC, or vSwitch. For more information, see Create an ENI, Work with VPCs, and Work with vSwitches.
Create a flow log
After you create a flow log, the flow log can capture the traffic data of network instances that are attached to a Cloud Enterprise Network (CEN) instance in different regions. For more information, see Work with flow logs.
View flow logs
After you create a flow log, you can view the flow log. You can analyze cross-region data transmission, control data transfer costs, and troubleshoot network errors based on the captured traffic data. For more information, see Analyze a flow log.