Smart Access Gateway (SAG) supports flow logs that capture information about the inbound and outbound traffic of the associated SAG devices. You can monitor network traffic and troubleshoot errors based on this information. You can also analyze workloads and make informed business decisions based on flow logs.

Note Flow logs are supported by only SAG-1000 devices.

Types of flow log

Flows logs are classified into the following types based on the storage location:
  • Log Service flow logs

    Log Service flow logs store captured traffic information in Alibaba Cloud Log Service. You can query and analyze log data in Log Service. Log Service flow logs are free of charge in public preview. Log Service charges fees for log storage and retrieval.

    Log Service flow logs store the captured traffic information as log entries in Log Service. Each log entry includes the traffic information about a specific 5-tuple during a specific time period. You can specify the time period. During the specified time period, data is aggregated and then stored as a log entry.

  • NetFlow flow logs

    NetFlow flow logs encapsulate the captured traffic information into NetFlow packets, which are transmitted to NetFlow collectors. You can query log data on the NetFlow collectors.

Fields of flow logs

The following table lists the flow log fields and their descriptions.
Field Description
Instance_id The ID of the SAG instance.
Note NetFlow flow logs do not support this field.
snid The serial number of the SAG device.
Note NetFlow flow logs do not support this field.
ali-uid The UID of the Alibaba Cloud account.
Note NetFlow flow logs do not support this field.
start The beginning of the validity period of the 5-tuple.
end The end of the validity period of the 5-tuple.
protocol The transport layer protocol of the network traffic.
srcaddr The source CIDR block of the network traffic.
srcport The source port of the network traffic.
dstaddr The destination CIDR block of the network traffic.
dstport The destination port of the network traffic.
packets The number of packets transmitted during the specified time period.
bytes The size of the packets.
tcp-flags The TCP flags.
tos The type of service (ToS) field in the IP header.
inport The ID of the port that receives packets.
outport The ID of the port and transmits packets.

Configuration procedure

The following procedure shows how to configure a flow log.

  1. Create a flow log

    You can specify the location where log data is stored. The type of flow log is determined by the storage location. For more information, see Create a flow flog.

  2. Associate the flow log with an SAG instance

    After you create a flow log, you must associate it with an SAG instance. The flow log captures traffic information about the associated SAG instance. For more information, see Associate a flow log with SAG instances.

  3. Query flow log data

    After you create and associate the flow log with an SAG instance, you can query the log data. You can analyze network traffic that flows through the SAG instance, reduce business costs, and troubleshoot network errors based on the captured traffic information. For more information, see Query flow log data.