Create an SAG flow log instance - Simple Log Service - Alibaba Cloud Documentation Center

You can create a flow log instance in the Smart Access Gateway (SAG) console. Then, the information about the inbound and outbound network traffic of SAG instances is delivered to Simple Log Service. This topic describes how to create a flow log instance.

Prerequisites

A SAG-1000 device that is upgraded to version 1.7.0 or later is purchased. For more information, see Purchase SAG devices and Upgrade an SAG instance to a later version.
A project and a Logstore are created in Simple Log Service. For more information, see Create a project and Create a Logstore.

Procedure

Log on to the SAG console.
In the top navigation bar, select a region.
In the left-side navigation pane, click Flow Logs.
The first time you use the flow log feature, click Authorize Now and complete the authorization as prompted.
If the AliyunVPCLogArchiveRole role already exists in the current Alibaba Cloud account, you do not need to repeat the authorization.
Warning
Do not revoke permissions from the AliyunVPCLogArchiveRole role or delete the role. Otherwise, flow logs cannot be pushed to Simple Log Service.

Create a flow log instance.

On the Flow Logs page, click Create Flow Log.

In the Create Flow Log panel, configure the parameters and click OK. The following table describes the parameters.

Parameter	Description
Resource Group	Select a resource group for the flow log instance.
Name	Specify a name for the flow log instance.
Output Interval Under Active Connections	Specify the interval at which the log data of active network connections is collected. Valid values: 60 to 6000. Unit: seconds.
Output Interval Under Inactive Connections	Specify the interval at which the log data of inactive network connections is collected. Valid values: 10 to 600. Unit: seconds.
Deliver Flow Log Data To	Select SLS.
SLS Region	The region where the Simple Log Service project resides.
SLS Project	The project that is used to manage flow log-related resources, such as Logstores.
SLS Logstore	The Logstore that is used to store flow logs.

Associates the flow log instance with an SAG instance.
1. In the flow log instance list, click the flow log instance.
2. In the Associated Instances section, click Add Instance.
3. In the Add Instance panel, select the SAG instance with which you want to associate the flow log instance and click Save.

After you configure the settings, the information about inbound and outbound network traffic of the SAG instance is delivered to Simple Log Service.

Related operations

Operation	Description
Disassociate a flow log instance from an SAG instance	In the Associated Instances section of the details page of the flow log instance, you can disassociate the flow log instance from one or more SAG instances. For more information, see Disassociate a flow log from an SAG instance.
Disable the flow log feature	If you want to stop capturing the traffic information of an SAG instance, click Stop in the Actions column of the associated flow log instance to disable the flow log feature. For more information, see Disable a flow log.
Delete a flow log instance	If you no longer need to capture the traffic information of an SAG instance, choose > Delete in the Actions column of the associated flow log instance. For more information, see Delete a flow log. Important Before you delete a flow log instance, you must disassociate the flow log instance from the related SAG instances. If you delete a flow log instance, the related project and pushed logs are not automatically deleted. To prevent additional fees, you can delete the project that is used to store flow logs in the Simple Log Service console after you delete a flow log instance. For more information, see Delete a project.

What to do next

After SAG flow logs are delivered to Simple Log Service, you can query, analyze, download, ship, and transform the logs in the Simple Log Service console. You can also create alert rules for the logs. For more information, see Common operations on logs of Alibaba Cloud services.