This topic describes how to enable the flow log feature in the VPC console. After you enable the feature, you can use Log Service to collect flow logs.
- Log on to the VPC console.
- In the upper-left corner of the page, select the region where the instances reside.
- In the left-side navigation pane, click Flow Log.
- Authorized VPC as prompted.Note
- This operation is required only when you perform the authorization for the first time. You must complete the authorization by using your Alibaba Cloud account.
- If you use a RAM user to log on to VPC, the RAM user must be granted relevant permissions. For more information, see RAM user authorization.
- You must not delete the RAM role or revoke the permissions from the RAM role. Otherwise, logs cannot be shipped to Log Service.
- On the Flow Log page, click Create FlowLog.
- In the Create FlowLog dialog box, set the parameters and click OK.
Parameter Description Name The name of a flow log instance.
The name must be 2 to 128 characters in length and can contain letters, digits, hyphens (-), and underscores (_). The name must start with a letter and cannot start with
Resource Type Select the type of resources for which you want to capture traffic data, and select a resource. Valid values:
- Network Interface: captures traffic data for a specified ENI.
- vSwitch: captures traffic data for all the ENIs attached to a specified vSwitch.
- VPC: captures traffic data for all the ENIs in a specified VPC.
If the VPC to which a specified vSwitch or ENI belongs contains ECS instances of the following instance families, you cannot create a flow log instance for the VPC, vSwitch, or ENI.
ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.In this case, you must upgrade or release the ECS instances.
Note If the VPC to which a specified vSwitch or ENI belongs contains ECS instances of the specified instance families, and flow log instances are created, you must upgrade or release the ECS instances. Otherwise, the flow log feature may not function as expected.
- For more information about how to upgrade an ECS instance, see Upgrade the instance types of subscription instances or Change the instance type of a pay-as-you-go instance.
- For more information about how to release an ECS instance, see Release an instance.
Traffic Type Select the type of data traffic to be captured. Valid values:
- All: captures all data traffic of the specified resource.
- Allow: captures only the data traffic allowed by the security group rules.
- Drop: captures only the data traffic that is rejected by the security group rules.
Project Select a project to store flow logs.Note The project that stores VPC flow logs must reside in the same region as the flow log instance. You can ship flow logs of multiple resource instances in the same region to the same Logstore. Logstore Select a Logstore to store flow logs. Turn on FlowLog Analysis Report Function If you turn on the switch, Log Service enables the indexing feature for the Logstore and creates a dashboard. Description The description of the flow log instance.
The description must be 2 to 256 characters in length and cannot start with