This topic describes how to enable the flow log feature in the Virtual Private Cloud (VPC) console.
Prerequisites
An elastic network interface (ENI), a VPC, or a vSwitch is created. For more information, see Create and manage ENIs, Create and manage a VPC, and Create and manage vSwitches.
A project and a Logstore are created in the region where the resource instances reside. For more information, see Create a project and Create a logstore.
Procedure
Before you can use a RAM user to enable the flow log feature, you must grant the required permissions to the RAM user. For more information, see RAM user authorization.
Log on to the VPC console.
In the left-side navigation pane, choose .
The first time you use the flow log feature, click Authorize Now and complete the authorization as prompted.
VPC flow logs can be written to Log Service only after you complete the authorization.
WarningYou cannot delete the RAM role or revoke the required permissions from the RAM role. Otherwise, flow logs cannot be delivered to Log Service.
In the top navigation bar, select the region where the resource instance resides.
For more information about the regions that support the flow log feature, see Limits.
On the Flow Log page, click Create a flow log.
In the Create a flow log dialog box, configure the parameters and click OK. The following table describes the parameters.
Parameter
Description
Flow Log Name
The name of the flow log instance.
Resource Type
Select the type of the resource from which you want to capture traffic, and then select a resource. Valid values:
VPC: captures traffic information from all ENIs in the specified VPC. If the VPC contains Elastic Compute Service (ECS) instances that do not support flow logs, traffic information about ENIs of the ECS instances cannot be captured.
vSwitch: captures traffic information from all ENIs that are associated with the specified vSwitch. If the vSwitch contains ECS instances that do not support flow logs, traffic information about ENIs of the ECS instances cannot be captured.
ENI: captures traffic information about the specified ENI. If the ENI is associated with an ECS instance that does not support flow logs, traffic information about the ENI cannot be captured.
ECS instances of the following types do not support flow logs:
ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.
To enable the flow log feature for ECS instances of the preceding families, you must upgrade the ECS instances. For more information, see Upgrade the instance types of subscription instances and Change the instance type of a pay-as-you-go instance.
Resource Group
Select the resource group to which the resource instance belongs.
Resource Instance
Select a resource instance from which you want to capture traffic.
Data Transfer Type
The type of traffic.
All Traffic: captures all traffic of the specified resource.
Allowed Traffic: captures traffic that is allowed by the security group rules of the specified resource.
Denied Traffic: captures traffic that is denied by the security group rules of the specified resource.
Project
Select a Log Service project that is used to manage resources related to VPC flow logs, such as Logstores and dashboards.
Select Project: Select an existing project.
Create Project: Create a project. For more information, see Create a project.
Logstore
Select a Logstore that is used to store VPC flow logs.
Select Logstore: Select an existing Logstore.
Create Logstore: Create a Logstore. For more information, see Create a logstore.
Enable Log Analysis Report
If you turn on this switch, Log Service enables the indexing feature for the Logstore and creates a dashboard.
After indexing is enabled, you can query and analyze VPC flow logs.
Sampling Interval (Minutes)
The interval at which flow logs are sampled.
Flow Log Description
The description of the flow log instance.
Related operations
The following table describes the operations that you can perform after you create a flow log instance.
You cannot delete, modify, enable, or disable a flow log instance that is created in the Log Service console.
Operation | Description |
Modify the name or description of a flow log instance | On the Flow Log page, find the flow log instance that you want to modify and click the |
Modify the sampling interval of a flow log instance | On the Flow Log page, find the flow log instance that you want to modify and click Edit in the Sampling Interval (Minutes) column. For more information, see Modify a flow log. |
Enable a flow log instance | On the Flow Log page, find the flow log instance that you want to enable and click Enable in the Actions column. For more information, see Enable a flow log. |
Disable a flow log instance | On the Flow Log page, find the flow log instance that you want to disable and click Disable in the Actions column. For more information, see Disable a flow log. After you disable a flow log instance, the flow log instance is not deleted. To capture traffic information about ENIs, re-enable the related flow log instance. |
Delete a flow log instance | On the Flow Log page, find the flow log instance that you want to delete and click Delete in the Actions column. For more information, see Delete a flow log. Important If you delete a flow log instance, the project and pushed logs are not automatically deleted. To prevent additional fees, you can delete the corresponding project that is used to store flow logs in the Log Service console after you delete a flow log instance. For more information, see Manage a project. |
icon in the Instance ID/Name or Description column to modify the name or description of the flow log instance. For more information, see What to do next
After Log Service collects VPC flow logs, you can query, analyze, download, ship, and transform the logs. You can also create alert rules for the logs. For more information, see Common operations on logs of Alibaba Cloud services.