This topic describes how to create a flow log. After you create a flow log, you can capture the inbound and outbound traffic over the Elastic Network Interface (ENI) in your Virtual Private Cloud (VPC). With flow logs, you can check access control rules, monitor network traffic, and troubleshoot network faults.
- Log Service is activated. For more information, see Log Service page.
- A Project and a Logstore are created to store traffic data. For more information, see Create a project and Create a Logstore.
- A capture resource is created. For more information, see Create an ENI, Create a VPC, and Create a VSwitch.
- Log on to the VPC console.
- In the left-side navigation pane, click FlowLog.
- Optional: If it is the first time that you use the flow log function, click Confirm Authorization Policy to authorize VPC to write data to your Logstore.
Notice The authorization is required only when the primary account uses the flow log function for the first time.
- Select the region in which you want to create a flow log.
- On the FlowLog page, click Create FlowLog.
- On the Create FlowLog page, set the following parameters, and then click OK.
Configuration Description Name Enter a name for the flow log to be created.
The name must be 2 to 128 characters in length and can contain letters, numbers, underscores (_), and hyphens (-). The name must start with a letter and cannot start with
Resource Type Select the type of the resource for which you want to capture traffic, and then select a resource. Options:
- Network Interface: Captures traffic for the selected ENI.
- VSwitch: Captures traffic for all the ENIs in the selected VSwitch.
- VPC: Captures traffic for all the ENIs in the selected VPC.
If the target VPC, the VPC to which the target VSwitch belongs, or the VPC to which the target ENI belongs, contains any instance of the following instance type families, you cannot create any flow log for the target VPC, VSwitch, or ENI.
ecs.c1, ecs.c2, ecs.c4, ecs.c5, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, ecs.xn4.
To create flow logs for such resources, you must upgrade the instance type. For more information, see Instance families that support instance type changes.
Traffic Type Select the type of the traffic to be captured. Options:
- All: All traffic of the specified resource is captured.
- Allow: Only the traffic allowed by the security group rules is captured.
- Drop: Only the traffic not allowed by the security group rules is captured.
LogStore Select a Project and a Logstore to store traffic data. Turn on FlowLog Analysis Report Function If this option is selected, the indexing function is automatically enabled and a dashboard is created for the selected Logstore. You can perform an SQL and visualized analysis of the captured traffic data.
The indexing function is charged by traffic. The dashboard is provided free of charge. For more information, see Log Service pricing.Note This option is available only when the report function of the selected Logstore is disabled.
Description Enter a description for the flow log.
The description must be 2 to 256 characters in length and cannot start with