What is FL?
FL provides you with a full-time, full-flow, non-intrusive traffic collection service, so you can store and analyze network traffic in real time. For example, you can use VPC flow logs to capture incoming/outgoing ENI, NAT Gateway, or cross-region CCN traffic to help you troubleshoot issues.
Note:
The FL service for NAT Gateway and cross-region CCN traffic is currently in beta. To try it out, submit a ticket. What is a flow log record?
A flow log record represents a network flow in your flow logs. Each record captures a specific quintuple network flow within a capture window. For more information, see Flow Log Record. What traffic will FL capture?
FL will capture all traffic except the following:
Traffic generated by Windows instances for activation of Windows license.
DHCP traffic.
What are some common FL use cases?
quickly locate network issues
optimize network architecture
quickly detect network security threats
What services does FL support?
It supports the collection of traffic of ENI, NAT Gateway, and CCN in VPC.
Services such as CVM, TencentDB, gateways, peering connections are currently not supported.
Can I edit a flow log's configuration after creation?
After a flow log is created, only its name and tag can be modified, while its storage location, collection type, and other configuration information cannot. To modify the configuration, delete the flow log and create a new one with the desired configuration.
Is FL free of charge?
FL is free of charge, but the data stored in CLS is charged according CLS' billing rules.
How do I use FL?
Why can't I see the log data after creating an ENI flow log?
First, as flow log data is stored in CLS, make sure that you have granted FL the access to CLS. Secondly, when creating the flow log, if you select a log topic created in the CLS console without the "Flowlog" flag, then you need to go to the Index Configuration tab on the log topic details page, and confirm that Index Status is Enabled. Otherwise, you cannot find the log data in CLS.
A log topic without the "Flowlog" flag:The Index Status needs to be "Enabled":
Was this page helpful?