Smart Access Gateway (SAG) supports flow logs, which are used to capture information about inbound and outbound network traffic of SAG instances. You can check traffic status and troubleshoot errors based on flow logs. You can also analyze flow log data and make informed business decisions.

Limits

Flow logs are supported only by SAG-1000 devices that are upgraded to version 1.7.0 or later.

If the version of your SAG-1000 device is earlier than 1.7.0, upgrade the SAG-1000 device first. For more information, see Upgrade an SAG device to a later version.

Types of flow log

Flow logs are classified into the following types based on the storage location:
  • Log Service flow logs

    Log Service flow logs store the captured traffic information in Alibaba Cloud Log Service. You can query and analyze log data in Log Service. Log Service flow logs are free of charge during public preview. Log Service charges fees for log storage and retrieval.

    Log Service flow logs store the captured traffic information as log entries in Log Service. Each log entry includes the traffic information about a specific 5-tuple during a specific time period. You can specify the time period for log collection. During the specified time period, data is aggregated and then stored as log entries.

  • NetFlow flow logs

    NetFlow flow logs encapsulate the captured traffic information into NetFlow packets, which are transmitted to NetFlow collectors. You can query log data on the NetFlow collectors.

Fields in flow log entries

The following table describes the fields in a flow log entry.
Field Description
Instance_id The ID of the SAG instance.
Note NetFlow flow logs do not support this field.
snid The serial number of the SAG device.
Note NetFlow flow logs do not support this field.
ali-uid The ID of the Alibaba Cloud account.
Note NetFlow flow logs do not support this field.
start The beginning of the log collection time period.
end The end of the log collection time period.
protocol The protocol used to transfer the network traffic.
srcaddr The source IP address.
srcport The source port.
dstaddr The destination IP address.
dstport The destination port.
packets The number of data packets.
bytes The size of data packets.
tcp-flags The TCP flags.
tos The type of service (ToS) field in the IP header.
inport The ID of the port that receives packets.
outport The ID of the port and transmits packets.

Procedure

The following procedure shows how to configure a flow log:

  1. Create a flow log

    You can specify the location where log data is stored. The type of flow log is determined by the storage location. For more information, see Create a flow log.

  2. Associate the flow log with an SAG instance

    After you create a flow log, you must associate it with an SAG instance. Then, the flow log captures the information about network traffic of the associated SAG instance. For more information, see Associate a flow log with an SAG instance.

  3. Query flow log data

    After you create and associate the flow log with an SAG instance, you can query the log data. You can analyze network traffic that flows through the SAG instance, reduce business costs, and troubleshoot network errors based on the captured traffic information. For more information, see Query flow log data.