DescribeFlowLogs - Virtual Private Cloud - Alibaba Cloud Documentation Center

This topic is generated by a machine translation engine without any human intervention. ALIBABA CLOUD DOES NOT GUARANTEE THE ACCURACY OF MACHINE TRANSLATED CONTENT. To request a human-translated version of this topic or provide feedback on this translation, please include it in the feedback form.

Query flow logs.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- For mandatory resource types, indicate with a prefix of * .
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
vpc:DescribeFlowLogs	get	FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/`	none	none

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The region ID of the flow log. You can obtain the region ID by calling the DescribeRegions interface.	cn-hangzhou
FlowLogName	string	No	The name of the flow log. The name must be 1 to 128 characters long and cannot start with `http://` or `https://`.	myFlowlog
FlowLogId	string	No	The ID of the flow log.	fl-bp1f6qqhsrc2c12ta****
Description	string	No	The description of the flow log. The description must be 1 to 256 characters long and cannot start with `http://` or `https://`.	This is my Flowlog.
ResourceType	string	No	The resource type of the traffic to capture. Values: NetworkInterface: Elastic Network Interface (ENI). VSwitch: All ENIs within a VSwitch. VPC: All ENIs within a VPC.	NetworkInterface
ResourceId	string	No	The resource ID of the traffic to capture.	eni-askldfas****
TrafficType	string	No	The type of traffic to collect. Values: All: All traffic. Allow: Traffic allowed by access control. Drop: Traffic denied by access control.	All
ProjectName	string	No	The Project that manages the captured traffic.	FlowLogProject
LogStoreName	string	No	The Logstore that stores the captured traffic.	FlowLogStore
Status	string	No	The status of the flow log. Values: Active: The flow log is in an active state. Activating: The flow log is being created. Inactive: The flow log is in an inactive state.	Active
PageNumber	integer	No	The page number, with a default value of 1.	1
PageSize	integer	No	The number of items per page in a paginated query, with a maximum value of 50 and a default value of 20.	20
VpcId	string	No	The ID of the VPC for which you want to view the flow log.	vpc-bp1nwd16gvo1wgs****
ResourceGroupId	string	No	The resource group ID of the flow log.	rg-bp67acfmxazb4ph****
Tags	array<object>	No	The list of tags.
	object	No	The list of tags.
Key	string	No	The key of the tag. Up to 20 tag keys are supported. If you need to pass this value, it cannot be an empty string. A tag key can have up to 128 characters and cannot start with `aliyun` or `acs:`. It also cannot contain `http://` or `https://`.	FinanceDept
Value	string	No	The value of the tag. Up to 20 tag values are supported. If you need to pass this value, it can be an empty string. A tag value can have up to 128 characters and cannot start with `aliyun` or `acs:`. It also cannot contain `http://` or `https://`.	FinanceJoshua

Response parameters

Parameter	Type	Description	Example
	object	Detailed information about the flow logs.
PageSize	string	The number of items per page in a paginated query.	20
PageNumber	string	The page number.	1
RequestId	string	The request ID.	F7DDDC17-FA06-4AC2-8F35-59D2470FCFC1
TotalCount	string	The number of entries in the queried flow log list.	1
Success	string	Indicates whether the call was successful. Values: true: The call was successful. false: The call failed.	true
FlowLogs	array<object>	List of flow logs.
FlowLog	object	List of flow logs.
Status	string	The status of the flow log. Values: Active: The flow log is in an active state. Activating: The flow log is being created. Inactive: The flow log is in an inactive state.	Active
CreationTime	string	The creation time of the flow log.	2022-01-21T03:08:50Z
FlowLogName	string	The name of the flow log.	myFlowlog
TrafficType	string	The type of traffic captured by the flow log. Values: All: All traffic. Allow: Traffic allowed by access control. Drop: Traffic denied by access control.	All
ResourceType	string	The resource type of the traffic captured by the flow log: NetworkInterface: Elastic network interface. VSwitch: All elastic network interfaces within a VSwitch. VPC: All elastic network interfaces within a VPC.	NetworkInterface
Description	string	The description of the flow log.	Description
ProjectName	string	The Project that manages the captured traffic.	FlowLogProject
LogStoreName	string	The Logstore where the captured traffic is stored.	FlowLogStore
ResourceId	string	The resource ID of the traffic captured by the flow log.	eni-askldfas****
RegionId	string	The region ID to which the flow log belongs.	cn-hangzhou
FlowLogId	string	The ID of the flow log.	fl-bp1f6qqhsrc2c12ta****
BusinessStatus	string	The business status. Values: Normal: Normal status. FinancialLocked: Locked due to unpaid bills.	Normal
AggregationInterval	integer	The sampling interval of the flow log. Unit: minutes.	10
TrafficPath	array	The path of the captured traffic. Values: all: Indicates full collection. internetGateway: Indicates public network traffic collection.
TrafficPathList	string	The path of the collected traffic. Values: all (default): indicates full collection. internetGateway: indicates public network traffic collection.	all
ServiceType	string	The hosting type of the cloud service. It can be empty, indicating that the flow log was created by the user. When not empty, the only supported value is: sls, indicating that the flow log was created through the Log Service console. Note Flow log instances created through the Log Service console can be displayed in the VPC list, but they cannot be modified, started, stopped, or deleted within the VPC. If you need to perform these operations on the flow log, you can log in to the Log Service console to modify, start, stop, or delete it.	sls
ResourceGroupId	string	The ID of the resource group to which the flow log belongs.	rg-bp67acfmxazb4ph****
Tags	array<object>	List of tags
Tag	object	List of tags
Key	string	Tag key.	FinanceDept
Value	string	Tag value.	FinanceJoshua
FlowLogDeliverStatus	string	The delivery status of the flow log, with values: SUCCESS: Delivery succeeded. FAILED: Delivery failed.	FAILED
FlowLogDeliverErrorMessage	string	When log delivery fails, you can troubleshoot based on the error messages. Possible error messages include: UnavaliableTarget: The Logstore of the Log Service SLS is unavailable and cannot receive logs. It is recommended to check if the corresponding Logstore actually exists and is accessible. ProjectNotExist: The Project of the Log Service SLS does not exist. It is suggested to delete the original flow log and create a new one pointing to an existing Project. UnknownError: An internal error has occurred. Please try again later.	UnavaliableTarget
IpVersion	string	The type of IP address for collecting flow log traffic.	IPv4

Examples

Sample success responses

JSONformat

{
  "PageSize": 20,
  "PageNumber": 1,
  "RequestId": "F7DDDC17-FA06-4AC2-8F35-59D2470FCFC1",
  "TotalCount": 1,
  "Success": true,
  "FlowLogs": {
    "FlowLog": [
      {
        "Status": "Active",
        "CreationTime": "2022-01-21T03:08:50Z",
        "FlowLogName": "myFlowlog",
        "TrafficType": "All",
        "ResourceType": "NetworkInterface",
        "Description": "Description",
        "ProjectName": "FlowLogProject",
        "LogStoreName": "FlowLogStore",
        "ResourceId": "eni-askldfas****",
        "RegionId": "cn-hangzhou",
        "FlowLogId": "fl-bp1f6qqhsrc2c12ta****",
        "BusinessStatus": "Normal",
        "AggregationInterval": 10,
        "TrafficPath": {
          "TrafficPathList": [
            "all"
          ]
        },
        "ServiceType": "sls",
        "ResourceGroupId": "rg-bp67acfmxazb4ph****",
        "Tags": {
          "Tag": [
            {
              "Key": "FinanceDept",
              "Value": "FinanceJoshua"
            }
          ]
        },
        "FlowLogDeliverStatus": "FAILED",
        "FlowLogDeliverErrorMessage": "UnavaliableTarget",
        "IpVersion": "IPv4"
      }
    ]
  }
}

Error codes

HTTP status code	Error code	Error message	Description
400	InvalidInstanceId	Instance does not exist.	The error message returned because the specified instance does not exist.
400	ProjectOrLogstoreNotExist	The specified project or logstore does not exist.	The error message returned because the specified project or Logstore does not exist.
400	SourceProjectNotExist	The Source Project or logstore does not exist.	The error message returned because the source project or Logstore does not exist.
400	Unauthorized	This api does not support sub user or role.	The error message returned because you cannot call this operation as a RAM user.
400	ParameterInvalid	Invalid parameter.	The error message returned because a parameter is invalid.
400	InvalidRegionId.NotFound	The RegionId provided does not exist in our records.	The RegionId parameter is set to an invalid value. Specify a valid value and try again.

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2025-02-26	The Error code has changed. The response structure of the API has changed	View Change Details
2025-02-21	The Error code has changed. The response structure of the API has changed	View Change Details
2024-09-25	The Error code has changed. The response structure of the API has changed	View Change Details
2023-07-06	The Error code has changed. The response structure of the API has changed	View Change Details
2022-03-14	The Error code has changed. The response structure of the API has changed	View Change Details