This topic describes how to view the traffic data of an Elastic Compute Service (ECS) instance in a virtual private cloud (VPC) by using flow logs.

Prerequisites

Before you start, make sure that the following requirements are met:
  • A VPC is created and two vSwitches are created in the VPC. In this example, the vSwitches are named vSwitch 1 and vSwitch 2. For more information, see Create an IPv4 VPC.
  • ECS 1 and ECS 2 are created in vSwitch 1. ECS 3 and ECS 4 are created in vSwitch 2. Applications are deployed on ECS 2 and ECS 4. For more information, see Create an instance by using the wizard.

Background information

The following scenario is used as an example. ECS 2 and ECS 4 are connected to different vSwitches that belong to the same VPC. Large amounts of data are exchanged between ECS 2 and ECS 4. The IT department wants to view the traffic data in details. Flow log 1

Procedure

Procedure

Step 1: Create a flow log

  1. Log on to the VPC console.
  2. In the left-side navigation pane, choose O&M and Monitoring > Flow Log.
  3. In the top navigation bar, select the region where you want to create the flow log.
    In this example, select the region where the VPC is deployed.
  4. On the Flow Log page, click Create FlowLog.
    Create a flow log
  5. In the Create FlowLog dialog box, set the following parameters and click OK:
    • Name: Enter a name for the flow log. In this example, ECS2_to_ECS4 is used.
    • Resource Type: Select the type of resource whose traffic data you want to capture, and then select the resource. In this example, ENI and the elastic network interface (ENI) of ECS 2 are selected. The flow log captures the traffic data of ECS 2 from its ENI.

      If you want to capture the traffic data of ECS 4, specify ENI as the resource type, and then select the ENI of ECS 4.

    • Traffic Type: Select the type of traffic data that you want to capture. In this example, All is selected.
    • Project: Select the project that is used to store the captured traffic data. In this example, Create Project is selected.
    • Logstore: Select the Logstore that is used to store the captured traffic data. In this example, Create Logstore is selected.
    • Turn on FlowLog Analysis Report Function: In this example, this switch is turned on. After you turn on the switch, Log Service indexing is enabled and a dashboard for the Logstore is created. Then, you can consume the log data by using SQL queries and analyze the log data on the dashboard. Log Service dashboards are free of charge. However, Log Service indexing is billed based on data usage. For more information, see Log Service billing.
    • Description: Enter a description for the flow log.
    Configure a flow log

Step 2: View the flow log

View the traffic data generated when ECS 2 communicates with ECS 4.

  1. On the Flow Log page, find the flow log and click the name of the Logstore in the LogStore column.
    View the flow log
  2. Query the traffic data generated when ECS 2 communicates with ECS 4 by performing the steps in the following figure.
    Procedure
    Step Description
    1 Enter the following SQL statement to aggregate and sort the traffic data generated when ECS 2 communicates with ECS 4:
    eni-id: eni-bp1a69mvjujbaw**** and dstaddr: "192.XX.XX.188" | select date_format(from_unixtime(__time__ - __time__% 60), '%H:%i:%S') as time, dstaddr,sum(bytes*8/("end"-start)) as bandwidth group by time,dstaddr order by time asc limit 1000
    The SQL statement specifies the following parameters: time, bandwidth (bit/s), and dstaddr (destination address). time and dstaddr are aggregate columns and are sorted in ascending order of time. In this case, 1,000 log entries are retrieved. The following section describes the parameters:
    • eni-id: the ENI ID of ECS 2.
    • dstaddr: the private IP address of ECS 4.
    • Set other parameters to the values shown in this example.
    Note To retrieve traffic data generated when ECS 4 communicates with ECS 2, select ENI and then select ECS 4 when you create the flow log. Then, set eni-id to the ENI ID of ECS 4 and set dstaddr to the private IP address of ECS 2 when you enter the SQL statement, and repeat other steps.
    2 Select the time period that you want to query.
    3 Click the Graph tab and click Chart to select a chart type.
    4 In the Properties section, set the following parameters:
    • Chart Types: Line Chart is selected in this example.
    • X Axis: Set the value to time.
    • Y Axis: Set the value to bandwidth.
    • Aggregate Column: Set the value to dstaddr.
    • Format: Set the value to bps, Kbps, Mbps.
    Keep the default settings for other parameters.
    5 Click Add to New Dashboard and set the following parameters in the dialog box that appears:
    • Operation: Create Dashboard is used in this example.
    • Dashboard Name: Enter a name for the dashboard. In this case, ECS2_to_ECS4 is entered.
    • Chart Name: Enter a name for the chart. In this example, Traffic_ECS2_to_ECS4 is entered.
    You can view information about the flow log on the dashboard.
    6 Click Search & Analyze to view the traffic data generated when ECS 2 communicates with ECS 4.