CreateFlowLog - Express Connect - Alibaba Cloud Documentation Center

Creating a flow log enables log delivery by default.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

expressconnectrouter:CreateFlowLog

create

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
EcrId	string	Yes	The ID of the Express Connect Router (ECR) instance.	ecr-mezk2idmsd0vx2****
DryRun	boolean	No	Specifies whether to perform a dry run. Valid values: true: performs a dry run to check the request without modifying service resources. false (Default): sends the request.	false
ClientToken	string	No	The client token that is used to ensure the idempotence of the request. Generate a value for this parameter on your client to make sure that the value is unique among different requests. `ClientToken` can contain only ASCII characters. Note If you do not specify this parameter, the system uses the RequestId of the request as the ClientToken. The RequestId of each request is unique.	02fb3da4-130e-11e9-8e44-00****
FlowLogName	string	No	The name of the flow log. Note The name can be empty or 0 to 128 characters in length. It cannot start with `http://` or `https://`.	myFlowlog
Description	string	No	The description of the flow log. Note The description can be empty or 0 to 256 characters in length. It cannot start with `http://` or `https://`.	myFlowlog
InstanceType	string	Yes	The type of the network instance. Valid value: VBR: a virtual border router (VBR) instance.	VBR
InstanceId	string	Yes	The ID of the VBR instance.	vbr-xxx
Interval	integer	No	The aggregation interval for a flow log to capture traffic. Unit: seconds. Valid values: 60 600 Default value: 600.	60
SamplingRate	string	No	The sampling ratio. Valid values: 1:4096 1:2048 1:1024 Default value: 1:4096.	1:4096
ProjectName	string	Yes	The project that stores the captured traffic. If you have created a project in the current region, enter the name of the project. If you have not created a project in the current region, specify a custom name for the project. The system automatically creates the project. The project name must be globally unique within an Alibaba Cloud region and cannot be modified after it is created. The naming conventions are as follows: The project name must be globally unique. It can contain only lowercase letters, digits, and hyphens (-). It must start and end with a lowercase letter or a digit. It must be 3 to 63 characters in length. The length must be 3 to 63 characters.	flowlog-project
LogStoreName	string	Yes	The Logstore that stores the captured traffic. If you have created a Logstore in the current region, enter the name of the Logstore. If you have not created a Logstore in the current region, specify a custom name for the Logstore. The system automatically creates the Logstore. The naming conventions for the Logstore name are as follows: The Logstore name must be unique within the same project. It can contain only lowercase letters, digits, hyphens (-), and underscores (_). It must start and end with a lowercase letter or a digit. It must be 3 to 63 characters in length.	flowlog-logstore
Tag	array<object>	No	The tags. You can add up to 20 tags.
	object	No	The tag information.
Key	string	No	The tag key of the resource. If you specify this parameter, you cannot leave it empty. The tag key can be up to 128 characters in length. It cannot start with aliyun or acs: and cannot contain http:// or https://.	TestKey
Value	string	No	The tag value. The tag value can be an empty string. The tag value can be up to 128 characters in length. It cannot start with acs: and cannot contain http:// or https://.	TestValue
ResourceGroupId	string	No	The ID of the resource group to which the flow log instance belongs.	rg-aek2aq7f4va****
TargetSlsRegionId	string	No	The region of the project to which you want to deliver logs. This parameter is required only for cross-region log delivery.	cn-hangzhou

Response elements

Element	Type	Description	Example
	object	RpcResponse
RequestId	string	The request ID.	6FABF516-FED3-5697-BDA2-B18C5D9A****
Success	boolean	Indicates whether the request was successful. Valid values: True: The request was successful. False: The request failed.	True
Code	string	The status code. A value of 200 indicates that the request was successful. For more information about other error codes, see the Error codes section.	200
Message	string	The returned message.	OK
HttpStatusCode	integer	The HTTP status code.	200
DynamicCode	string	The dynamic error code.	IllegalParamFormat.EcrId
DynamicMessage	string	The dynamic error message that is used to replace the `%s` placeholder in the `ErrMessage` parameter. Note If the `ErrMessage` parameter returns The Value of Input Parameter %s is not valid and the `DynamicMessage` parameter returns DtsJobId, the specified DtsJobId parameter is invalid.	The param format of EcrId **** is illegal.
AccessDeniedDetail	string	The details of the access denial.	Authentication is failed for ****
FlowLogId	string	The ID of the flow log instance.	ecr-flog-m5evbtbpt****

Examples

Success response

JSON format

{
  "RequestId": "6FABF516-FED3-5697-BDA2-B18C5D9A****\n",
  "Success": true,
  "Code": "200",
  "Message": "OK",
  "HttpStatusCode": 200,
  "DynamicCode": "IllegalParamFormat.EcrId",
  "DynamicMessage": "The param format of EcrId **** is illegal.",
  "AccessDeniedDetail": "Authentication is failed for ****\n",
  "FlowLogId": "ecr-flog-m5evbtbpt****"
}

Error codes

HTTP status code	Error code	Error message	Description
400	IncorrectStatus.Ecr	Ecr Status does not allow current operation.	The status of the express connect gateway instance does not allow the current operation. Currently, other operations are being performed or the express connect gateway instance is being deleted. Please try again later.
400	OperationDenied.ForceDeleting	The current instance is being deleted.	Your current operation is rejected and the leased line gateway instance is being forcibly deleted. Please try again later.
400	UnsupportedRegion	Feature not supported in specified region.	The specified region does not support the leased line gateway function.
400	ResourceAlreadyExist.FlowLogId	The specified resource of FlowLogId[%s] already exists.	The created flow log already exists. Please check and try again.
400	InternalErrorTemp	The request processing has failed due to some unknown error.	The request processing has failed due to some unknown error.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.