Details of fields in VPC flow logs - Simple Log Service - Alibaba Cloud Documentation Center

This topic describes the fields of Virtual Private Cloud (VPC) flow logs.

Field	Description
version	The version of the flow log.
vswitch-id	The ID of the vSwitch to which the ENI belongs.
vm-id	The ID of the Elastic Compute Service (ECS) instance with which the ENI is associated.
vpc-id	The ID of the VPC to which the ENI belongs.
account-id	The account ID.
eni-id	The ENI ID.
srcaddr	The source IP address.
srcport	The source port.
dstaddr	The destination IP address.
dstport	The destination port.
protocol	The Internet Assigned Numbers Authority (IANA) protocol number of the traffic. For more information, see Protocol Numbers.
direction	The traffic direction. Valid values: in: inbound out: outbound
packets	The number of data packets.
bytes	The size of data packets.
start	The time when the capture starts.
tcp-flags	The following section describes some TCP flags and corresponding masks: SYN: 2 SYN,ACK: 18 RST: 4 PSH: 8 URG: 32 FIN: 1 For more information about TCP flags, see RFC: 793.
end	The time when the capture ends.
log-status	The logging status of the flow log. Valid values: OK: Data is recorded. NODATA: No inbound or outbound traffic was transmitted through the ENI during the capture window. SKIPDATA: Some flow log records were skipped during the capture window.
action	The action that was performed on the traffic flow. Valid values: ACCEPT: The traffic flow was allowed by security groups or ACLs. REJECT: The traffic flow was rejected by security groups or ACLs.