Create a flow log - Simple Log Service - Alibaba Cloud Documentation Center

This topic describes how to create and manage a flow log in the VPC console.

Prerequisites

You have created the required resource instances. For more information, see Create and use an Elastic Network Interface, Create and manage a Virtual Private Cloud, and Create and manage a VSwitch.
You have created a Simple Log Service (SLS) project and a logstore in the same region as the resource instance. For more information, see Manage projects and Create a logstore.

Procedure

Important

To enable flow logs with a RAM user, you must first grant the required permissions to that user. For more information, see Grant permissions to a RAM user.

Log on to the VPC console.
In the left-side navigation pane, choose O&M and Monitoring > Flow Log.
Before you use the flow log feature for the first time, click Authorize Now and follow the on-screen instructions to grant the required permissions.
This permission allows VPC to write flow logs to SLS.
Warning
Do not revoke the permissions or delete the RAM role. Otherwise, VPC cannot deliver flow logs to SLS.
In the top navigation bar, select the Region where your resource instance is located.
For information about the Regions that support flow log, see Flow logs.
On the Flow Log page, click Create a flow log.

On the Create a flow log page, set the parameters and click OK.

Parameter	Description
Flow Log Name	Enter a name for the flow log.
Resource Type	Select the type of resource for which you want to capture traffic, and then select the resource. The following resource types are supported: VPC: Captures traffic of all Elastic Network Interfaces (ENIs) in the specified Virtual Private Cloud (VPC). If the VPC contains an Elastic Compute Service (ECS) instance of an instance type that does not support flow logs, flow log cannot capture traffic from the ENI of that instance. VSwitch: Captures traffic of all ENIs in the specified VSwitch. If the VSwitch contains an ECS instance of an instance type that does not support flow logs, flow log cannot capture traffic from the ENI of that instance. ENI: Captures traffic of the specified ENI. If the ENI is attached to an ECS instance of an instance type that does not support flow logs, flow log cannot capture traffic from the ENI. The following ECS instance families do not support flow logs: ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4. To capture flow logs, upgrade the instance type. For more information, see Upgrade the instance types of subscription instances and Change the instance type of a pay-as-you-go instance.
Resource Group	Select the Resource Group of the resource instance.
Resource Instance	Select the resource instance from which to capture traffic.
Data Transfer Type	Select the type of traffic to capture. All Traffic: Captures all traffic of the specified resource. Allowed Traffic: Captures traffic that is allowed by Security Group rules. Denied Traffic: Captures traffic that is denied by Security Group rules.
Project	Select the SLS project to use for managing flow log resources, such as logstores and dashboards. Select Project: Select an existing Project. Create Project: Create a new Project. For more information, see Manage a Project.
Logstore	Select the logstore to store VPC flow logs. Select Logstore: Select an existing logstore. Create Logstore: Create a new logstore. For more information, see Create a logstore.
Enable Log Analysis Report	When enabled, SLS automatically enables the indexing feature and creates a dashboard for the logstore. VPC flow logs can be queried and analyzed after the indexing feature is enabled.
Sampling interval (minutes)	Select a sampling interval for the flow log.
Description	Enter a description for the flow log.

Related operations

After you create a flow log, the following operations are available.

Important

Flow log instances created in the SLS console cannot be managed from the VPC console.

Operation	Description
Modify the name or description of a flow log	On the Flow Log page, find the flow log that you want to manage. In the Instance ID/Name or Description column, click the icon to modify the name or description of the flow log. For more information, see Modify a flow log.
Modify the sampling interval of a flow log	On the Flow Log page, find the flow log that you want to manage. In the Sampling interval (minutes) column, click Edit to modify the sampling interval. For more information, see Modify a flow log.
Enable a flow log	On the Flow Log page, find the flow log that you want to enable and click Enable in the Actions column. For more information, see Enable a flow log.
Disable a flow log	On the Flow Log page, find the flow log that you want to disable and click Disable in the Actions column. For more information, see Disable a flow log. Disabling a flow log does not delete it. You can enable it again to resume traffic capture.
Delete a flow log	On the Flow Log page, find the flow log that you want to delete and click Delete in the Actions column. For more information, see Delete a flow log. Important Deleting a flow log does not automatically delete the project and the delivered logs. To avoid unnecessary charges, delete the destination project in the SLS console after you delete the flow log. For more information, see Delete a project.

Next steps

After SLS collects VPC flow logs, you can query, analyze, download, ship, and process the logs, or create alert rules. For more information, see Common operations on cloud service logs.