This topic describes how to create a flow log. Flow log is a feature of Virtual Private Cloud (VPC). It is used to capture inbound and outbound network traffic that is transmitted through Elastic Network Interfaces (ENIs). This helps diagnose access control list (ACL) rules, monitor network traffic, and deal with network problems. To use this feature to capture network traffic, you must first create a flow log.


Before you create a flow log, make sure that the following requirements are met:


  1. Log on to the VPC console.
  2. In the left-side navigation pane, click Flow Log.
  3. Optional:If this is first time you use the flow log feature, click Authorize and Confirm. You must complete the authorization so that flow logs can be imported to Log Service.
    Notice You only need to perform this authorization once during the first time you use the flow log feature with your Alibaba Cloud account.
  4. In the top menu bar, specify the region where you want to create the flow log.
  5. On the Flow Log page, click Create FlowLog.
  6. In the Create FlowLog dialog box, set the following parameters and click OK.
    Parameter Description
    Name Specify a name for the flow log.

    The name must be 2 to 128 characters in length and can contain letters, Chinese characters, digits, hyphens (-), and underscores (_). The name must start with a letter or Chinese character and cannot start with http:// or https://.

    Resource Type Select the type of resource for which you want to capture traffic before you select a resource. Supported resource types:
    • Network Interface: captures traffic from the specified ENI.
    • VSwitch: captures traffic from all ENIs attached to the specified VSwitch.
    • VPC: captures traffic from all ENIs in the specified VPC network.

    If the VPC to which a specified VSwitch or ENI belongs contains Elastic Compute Service (ECS) instances of the following instance families, you cannot create a flow log for the VPC network, VSwitch, or ENI.

    ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.

    You must upgrade or release the ECS instances before you can create flow logs.
    Note If the VPC network to which a specified VSwitch or ENI belongs contains ECS instances of the preceding instance families, and flow logs are already created, you must upgrade or release the ECS instance for the flow flogs to work as expected. For more information, see Overview of VPC advanced features.
    Traffic type Select the type of traffic to be captured. Options:
    • All: all types of traffic.
    • Allow: traffic that is accepted by security group rules of the specified resource.
    • Drop: traffic that is denied by security group rules of the specified resource.
    Project Specify a project to store the traffic captured.
    Logstore Specify a Logstore to store the log data captured.
    Turn on FlowLog Analysis Report Function You can select this option to enable Log Service indexing and create a dashboard for the Logstore. Then, you can consume the log data by using SQL queries or analyze the log data in the dashboard.

    Log Service indexing is billed based on data usage but dashboards are free of charge. For more information, see Log Service billing.

    Note This option is available only when the analysis report feature of the specified Logstore is disabled.
    Description Enter a description for the flow log.

    The description must be 2 to 256 characters in length and cannot start with http:// or https://.