Simple Log Service:Create a flow log instance

Prerequisites

• An inter-region connection is created between two regions if you want to capture network traffic information between the regions. For more information, see Manage inter-region connections.

• A VBR is connected to a transit router if you want to capture traffic information over a VBR connection. For more information, see Create a VBR connection.

Procedure

1. Log on to the CEN console.

2. On the Instances page, click the ID of the CEN instance that you want to manage.

3. On the Basic Information > Transit Router tab, click the ID of the transit router that you want to manage.

4. On the details page of a transit router, click the Flow Logs tab.

5. On the Flow Logs tab, click Create Flow Log.

6. In the Create Flow Log dialog box, configure the parameters and click OK. The following table describes the parameters.

   Parameter	Description
   Name	Specify a name for the flow log instance.
   Description	Specify a description for the flow log instance.
   Region	By default, the region where the current transit router resides is displayed.
   Transit Router ID	By default, the ID of the current transit router is displayed.
   Instance	Select the instance whose network traffic you want to capture. Inter-region: If you want to capture the information about inter-region traffic between transit routers, select Inter-region and the corresponding inter-region connection. VBR: If you want to capture traffic information over a VBR connection, select VBR and the corresponding VBR connection.
   Project	Select a Simple Log Service project that is used to manage CEN flow log-related resources. Select Project: Select an existing project. Create Project: Enter a project name. The system automatically creates a project.
   Logstore	Select a Logstore that is used to store CEN flow logs. Select Logstore: Select an existing Logstore. Create Logstore: Enter a Logstore name. The system automatically creates a Logstore.
   Collection Interval	Select the duration of the time window.
   Notes on Creating Service Linked Roles	When you create a flow log instance, the system automatically creates the service-linked role AliyunServiceRoleForSLSAudit. Simple Log Service can assume the AliyunServiceRoleForSLSAudit role to obtain the required read and write permissions on transit routers to collect traffic information. If the AliyunServiceRoleForSLSAudit role already exists, the system does not recreate it. For more information, see Manage the AliyunServiceRoleForSLSAudit service-linked role. Warning Do not delete the RAM role or revoke permissions from the RAM role. Otherwise, CEN flow logs cannot be pushed to Simple Log Service.

   After you create a flow log instance, CEN delivers the information about inter-region traffic between transit routers or traffic over a VBR connection to Simple Log Service.

   Related operations

   Operation	Description
   Disable the flow log feature	If you want to stop capturing traffic information, click Stop in the Actions column of the required flow log instance to disable the flow log feature.
   Delete a flow log instance	If you no longer need to capture traffic information, click Delete in the Actions column of the flow log instance that you want to delete. Important If you delete a flow log instance, the related project and pushed logs are not automatically deleted. To prevent additional fees, you can delete the project that is used to store flow logs in the Simple Log Service console after you delete a flow log instance. For more information, see Manage a project.

   What to do next

   After CEN flow logs are delivered to Simple Log Service, you can query, analyze, download, ship, and transform the logs in the Simple Log Service console. You can also create alert rules for the logs. For more information, see Common operations on logs of Alibaba Cloud services.