All Products
Search
Document Center

Virtual Private Cloud:DescribeFlowLogs

Last Updated:Aug 29, 2024

Queries the information about flow logs.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
vpc:DescribeFlowLogsget
  • FlowLog
    acs:vpc:{#regionId}:{#accountId}:flowlog/*
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
RegionIdstringYes

The region ID of the flow log.

You can call the DescribeRegions operation to query the most recent region list.

cn-hangzhou
FlowLogNamestringNo

The name of the flow log.

The name must be 1 to 128 characters in length, and cannot start with http:// or https://.

myFlowlog
FlowLogIdstringNo

The ID of the flow log.

fl-bp1f6qqhsrc2c12ta****
DescriptionstringNo

The description of the flow log.

The description must be 1 to 256 characters in length, and cannot start with http:// or https://.

This is my Flowlog.
ResourceTypestringNo

The type of resource from which traffic is captured. Valid values:

  • NetworkInterface: elastic network interface (ENI)
  • VSwitch: all ENIs in a vSwitch
  • VPC: all ENIs in a virtual private cloud (VPC)
NetworkInterface
ResourceIdstringNo

The ID of the resource from which traffic is captured.

eni-askldfas****
TrafficTypestringNo

The type of traffic that is captured. Valid values:

  • All: all traffic
  • Allow: traffic that is allowed by access control
  • Drop: traffic that is denied by access control
All
ProjectNamestringNo

The project that manages the captured traffic data.

FlowLogProject
LogStoreNamestringNo

The Logstore that stores the captured traffic data.

FlowLogStore
StatusstringNo

The status of the flow log. Valid values:

  • Active
  • Activating
  • Inactive
Active
PageNumberintegerNo

The number of the page to return. Default value: 1.

1
PageSizeintegerNo

The number of entries to return on each page. Maximum value: 50. Default value: 20.

20
VpcIdstringNo

The ID of the VPC to which the flow log belongs.

vpc-bp1nwd16gvo1wgs****
ResourceGroupIdstringNo

The ID of the resource group to which the flow log belongs.

rg-bp67acfmxazb4ph****
Tagsarray<object>No

The list of tags.

objectNo
KeystringNo

The key of tag N to add to the resource. You can specify at most 20 tag keys. The tag key cannot be an empty string.

The tag key can be at most 128 characters in length. It cannot start with aliyun or acs:, and cannot contain http:// or https://.

FinanceDept
ValuestringNo

The value of tag N to add to the resource. You can specify at most 20 tag values. The tag value can be an empty string.

The tag value can be up to 128 characters in length and cannot start with acs: or aliyun. The tag value cannot contain http:// or https://.

FinanceJoshua

Response parameters

ParameterTypeDescriptionExample
object
PageSizestring

The number of entries per page.

20
PageNumberstring

The number of the returned page.

1
RequestIdstring

The request ID.

F7DDDC17-FA06-4AC2-8F35-59D2470FCFC1
TotalCountstring

The number of flow logs that are queried.

1
Successstring

Indicates whether the operation is successful. Valid values:

  • true
  • false
true
FlowLogsarray<object>

The information about the flow logs.

object
Statusstring

The status of the flow log. Valid values:

  • Active
  • Activating
  • Inactive
Active
CreationTimestring

The time when the flow log was created.

2022-01-21T03:08:50Z
FlowLogNamestring

The name of the flow log.

myFlowlog
TrafficTypestring

The type of traffic that is captured by the flow log. Valid values:

  • All: all traffic
  • Allow: traffic that is allowed by access control
  • Drop: traffic that is denied by access control
All
ResourceTypestring

The type of the resource from which traffic is captured. Valid values:

  • NetworkInterface: ENI
  • VSwitch: all ENIs in a vSwitch
  • VPC: all ENIs in a VPC
NetworkInterface
Descriptionstring

The description of the flow log.

Description
ProjectNamestring

The project that manages the captured traffic data.

FlowLogProject
LogStoreNamestring

The Logstore that stores the captured traffic data.

FlowLogStore
ResourceIdstring

The ID of the resource from which traffic is captured.

eni-askldfas****
RegionIdstring

The region ID of the flow log.

cn-hangzhou
FlowLogIdstring

The ID of the flow log.

fl-bp1f6qqhsrc2c12ta****
BusinessStatusstring

The business status of the flow log. Valid values:

  • Normal
  • FinancialLocked
Normal
AggregationIntervalinteger

The sampling interval of the flow log. Unit: minutes.

10
TrafficPatharray

The sampling scope of the traffic that is collected. Valid values:

  • all (default value): all traffic
  • internetGateway: Internet traffic
Note By default, the traffic path feature is unavailable. To use this feature, submit a ticket.
string

The sampling scope of the traffic that is collected. Valid values:

  • all (default value): all traffic
  • internetGateway: Internet traffic
Note By default, the traffic path feature is unavailable. To use this feature, submit a ticket.
all
ServiceTypestring

The hosting type of the cloud service.

  • This parameter can be empty, which indicates that the flow log is created by the user.
  • If this parameter is not empty, the value is set to sls. The value sls indicates that the flow log is created in the Simple Log Service (SLS) console.
Note A flow log that is created in the SLS console can be displayed in the VPC list. However, you cannot modify, start, stop, or delete the flow log in the VPC console. If you want to manage the flow log, you can log on to the SLS console and perform required operations.
sls
ResourceGroupIdstring

The ID of the resource group to which the flow log belongs.

rg-bp67acfmxazb4ph****
Tagsarray<object>

The list of tags.

object
Keystring

The key of tag N.

FinanceDept
Valuestring

The value of tag N.

FinanceJoshua
FlowLogDeliverStatusstring

Indicates whether the flow log is delivered. Valid values:

  • SUCCESS
  • FAILED
FAILED
FlowLogDeliverErrorMessagestring

If the flow log failed to be delivered, you can troubleshoot based on the following error messages that may be returned:

  • UnavaliableTarget: The Logstore of SLS is unavailable and cannot receive logs. Check whether the Logstore is available.
  • ProjectNotExist: The project of SLS does not exist. We recommend that you delete the project and create a new one.
  • UnknownError: An internal error occurred. Try again later.
UnavaliableTarget

Examples

Sample success responses

JSONformat

{
  "PageSize": "20",
  "PageNumber": "1",
  "RequestId": "F7DDDC17-FA06-4AC2-8F35-59D2470FCFC1",
  "TotalCount": "1",
  "Success": "true",
  "FlowLogs": {
    "FlowLog": [
      {
        "Status": "Active",
        "CreationTime": "2022-01-21T03:08:50Z",
        "FlowLogName": "myFlowlog",
        "TrafficType": "All",
        "ResourceType": "NetworkInterface",
        "Description": "Description",
        "ProjectName": "FlowLogProject",
        "LogStoreName": "FlowLogStore",
        "ResourceId": "eni-askldfas****",
        "RegionId": "cn-hangzhou",
        "FlowLogId": "fl-bp1f6qqhsrc2c12ta****",
        "BusinessStatus": "Normal",
        "AggregationInterval": 10,
        "TrafficPath": {
          "TrafficPathList": [
            "all"
          ]
        },
        "ServiceType": "sls",
        "ResourceGroupId": "rg-bp67acfmxazb4ph****",
        "Tags": {
          "Tag": [
            {
              "Key": "FinanceDept",
              "Value": "FinanceJoshua"
            }
          ]
        },
        "FlowLogDeliverStatus": "FAILED",
        "FlowLogDeliverErrorMessage": "UnavaliableTarget"
      }
    ]
  }
}

Error codes

HTTP status codeError codeError messageDescription
400InvalidInstanceIdInstance does not exist.The error message returned because the specified instance does not exist.
400ProjectOrLogstoreNotExistThe specified project or logstore does not exist.The error message returned because the specified project or Logstore does not exist.
400SourceProjectNotExistThe Source Project or logstore does not exist.The error message returned because the source project or Logstore does not exist.
400UnauthorizedThis api does not support sub user or role.The error message returned because you cannot call this operation as a RAM user.
400ParameterInvalidInvalid parameter.The error message returned because a parameter is invalid.
400InvalidRegionId.NotFoundThe RegionId provided does not exist in our records.The RegionId parameter is set to an invalid value. Specify a valid value and try again.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2023-07-06The Error code has changed. The response structure of the API has changedView Change Details
2022-03-14The Error code has changed. The response structure of the API has changedView Change Details