Smart Access Gateway (SAG) supports flow logs that capture information about the inbound and outbound traffic of the associated SAG devices. You can monitor network traffic and troubleshoot errors based on this information. You can also analyze workloads and make informed business decisions based on flow logs.
Types of flow log
- Log Service flow logs
Log Service flow logs store captured traffic information in Alibaba Cloud Log Service. You can query and analyze log data in Log Service. Log Service flow logs are free of charge in public preview. Log Service charges fees for log storage and retrieval.
Log Service flow logs store the captured traffic information as log entries in Log Service. Each log entry includes the traffic information about a specific 5-tuple during a specific time period. You can specify the time period. During the specified time period, data is aggregated and then stored as a log entry.
- NetFlow flow logs
NetFlow flow logs encapsulate the captured traffic information into NetFlow packets, which are transmitted to NetFlow collectors. You can query log data on the NetFlow collectors.
Fields of flow logs
| Field | Description |
|---|---|
| Instance_id | The ID of the SAG instance.
Note NetFlow flow logs do not support this field.
|
| snid | The serial number of the SAG device.
Note NetFlow flow logs do not support this field.
|
| ali-uid | The UID of the Alibaba Cloud account.
Note NetFlow flow logs do not support this field.
|
| start | The beginning of the validity period of the 5-tuple. |
| end | The end of the validity period of the 5-tuple. |
| protocol | The transport layer protocol of the network traffic. |
| srcaddr | The source CIDR block of the network traffic. |
| srcport | The source port of the network traffic. |
| dstaddr | The destination CIDR block of the network traffic. |
| dstport | The destination port of the network traffic. |
| packets | The number of packets transmitted during the specified time period. |
| bytes | The size of the packets. |
| tcp-flags | The TCP flags. |
| tos | The type of service (ToS) field in the IP header. |
| inport | The ID of the port that receives packets. |
| outport | The ID of the port and transmits packets. |
Configuration procedure
The following procedure shows how to configure a flow log.
- Create a flow log
You can specify the location where log data is stored. The type of flow log is determined by the storage location. For more information, see Create a flow flog.
- Associate the flow log with an SAG instance
After you create a flow log, you must associate it with an SAG instance. The flow log captures traffic information about the associated SAG instance. For more information, see Associate a flow log with SAG instances.
- Query flow log data
After you create and associate the flow log with an SAG instance, you can query the log data. You can analyze network traffic that flows through the SAG instance, reduce business costs, and troubleshoot network errors based on the captured traffic information. For more information, see Query flow log data.