All Products
Search

This Product

    Simple Log Service:Log fields

    Document Center

    Simple Log Service:Log fields

    Last Updated:Feb 21, 2025

    This topic describes the fields of Virtual Private Cloud (VPC) flow logs.

    Field

    Description

    __topic__

    The topic of the log. The value is fixed as flow_log.

    version

    The version of the flow log.

    vswitch-id

    The ID of the vSwitch to which the Elastic Network Interface (ENI) is bound.

    vm-id

    The ID of the Elastic Compute Service (ECS) instance to which the ENI is bound.

    vpc-id

    The ID of the VPC to which the ENI belongs.

    account-id

    The ID of the Alibaba Cloud account.

    eni-id

    The ID of the ENI.

    srcaddr

    The source IP address.

    srcport

    The source port

    dstaddr

    The destination IP address.

    dstport

    The destination port

    protocol

    The Internet Assigned Numbers Authority (IANA) protocol number of the traffic. For more information, see Protocol Numbers.

    direction

    The traffic direction. Valid values:

    • in: inbound

    • out: outbound

    packets

    The number of data packets.

    bytes

    The size of data packets.

    start

    The start time of the capture window.

    end

    The end time of the capture window.

    log-status

    The logging status of the flow log. Valid values:

    • OK: Data is recorded.

    • NODATA: No inbound or outbound traffic is transmitted through the ENI during the capture window.

    • SKIPDATA: Some flow logs are skipped during the capture window.

    action

    The action that is performed on the traffic. Valid values:

    • ACCEPT: The traffic is allowed by security groups or access control lists (ACLs).

    • REJECT: The traffic is rejected by security groups or ACLs.

    tcp-flags

    The TCP flags. The mappings between TCP flags and masks are as follows:

    • SYN: 2

    • SYN, ACK: 18

    • RST: 4

    • PSH: 8

    • URG: 32

    • FIN: 1

    For more information about TCP flags, see RFC: 793.

    traffic_path

    The sampling path of the traffic. Valid values:

    • all: all traffic

    • ipv4Gateway: the traffic that passes through an IPv4 gateway to the Internet

    • natGateway: the traffic that passes through a NAT gateway

    • vpnGateway: the traffic that passes through a VPN gateway

    • gatewayEndpoint: the traffic that passes through a gateway endpoint to a cloud service

    • transitRouter: the traffic that passes through a transit router

    • virtualBorderRouter: the traffic that passes through a virtual border router (VBR) to a leased line

    Note

    The sampling path feature is disabled by default. To use this feature, contact your account manager.

    srctype

    The CIDR block information of the source IP address after you enable the inter-domain analysis feature.

    Note

    This field is recorded only if you enable the inter-domain analysis feature.

    dsttype

    The CIDR block information of the destination IP address after you enable the inter-domain analysis feature.

    Note

    This field is recorded only if you enable the inter-domain analysis feature.