What Is a Flow Log?
Log Tank Service (LTS) can record flow logs for enterprise routers. A flow log records traffic of attachments on enterprise routers in real time. These logs allow you to monitor the network traffic of attachments and analyze network attacks, improving the O&M efficiency.
Flow logs can capture traffic of the following types of attachments:
- A VPC attachment indicates that a VPC is attached to an enterprise router. Flow logs can collect the traffic between the VPC and other attachments of the enterprise router.
- A VPN gateway attachment indicates that a VPN gateway is attached to an enterprise router. Flow logs can collect the traffic between the on-premises data center and the cloud connected by VPN.
- A global DC gateway attachment indicates that a Direct Connect global DC gateway is attached to an enterprise router. Flow logs can collect the traffic between the on-premises data center and the cloud connected by Direct Connect.
Creation Process
Before creating a flow log for an enterprise router, you need to create a log group and a log stream on the LTS console.
Figure 1 Process of creating a flow log
Constraints
- By default, you can create a maximum of 20 flow logs.
- For TCP and UDP fragments, flow logs can record only the first fragment. Other fragments cannot be recorded because of incomplete packet header.
- Flow logs can only record traffic generated for network communications and do not capture traffic generated by the network. For example, BGP traffic used by an enterprise router to learn routes of attachments is not recorded.
Parent topic: Flow Logs