Function

This API is used to create a VPC flow log.

A VPC flow log captures information about the traffic going to and from your VPC. You can use flow logs to monitor network traffic, analyze network attacks, and to determine whether security group and firewall rules need to be modified.

VPC flow logs must be used together with the Log Tank Service (LTS). You need to create a log group and a log topic in LTS, and then create a VPC flow log.

URI

POST /v1/{project_id}/fl/flow_logs

Table 1 describes the parameters.

**Table 1** Parameter description
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID.

Request Parameters

**Table 2** Request parameter
Parameter	Mandatory	Type	Description
flow_log	Yes	flow_log object	FlowLog objects. For details, see Table 3.

**Table 3** Description of the **FlowLog** field
Parameter	Mandatory	Type	Description
name	No	String	Flow log name. The value can contain no more than 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).
description	No	String	Flow log description The value can contain no more than 255 characters and cannot contain angle brackets (< or >).
resource_type	Yes	String	Type of the resource for which that the logs to be collected. The value can be: port: a single network interface. vpc: All network interfaces in a VPC. network: All network interfaces in a subnet.
resource_id	Yes	String	ID of the resource for which that the logs to be collected.
traffic_type	Yes	String	Type of the traffic for which that the logs to be collected. The value can be: all: specifies that both accepted and rejected traffic of the specified resource will be logged. accept: specifies that only accepted inbound and outbound traffic of the specified resource will be logged. reject: specifies that only rejected inbound and outbound traffic of the specified resource will be logged.
log_group_id	Yes	String	Log group ID
log_topic_id	Yes	String	Log topic ID
index_enabled	No	Boolean	Whether to enable the log index.

Example Request

Create a VPC flow log. Set the resource type to port, resource ID to 05c4052d-8d14-488f-aa00-19fea5a25fde, traffic type to reject, log group ID to 05c4052d-8d14-488f-aa00-19fea5a25fdd, and log topic ID to a9d7dee7-37d2-4cba-a208-a016252aaa63.

POST https://{Endpoint}/v1/b2782e6708b8475c993e6064bc456bf8/fl/flow_logs

{
    "flow_log": {
        "name": "flowlog",
        "description": "just a test",
        "resource_type": "port",
        "resource_id": "05c4052d-8d14-488f-aa00-19fea5a25fde",
        "traffic_type": "reject",
        "log_group_id": "05c4052d-8d14-488f-aa00-19fea5a25fdd",
        "log_topic_id": "a9d7dee7-37d2-4cba-a208-a016252aaa63",
        "index_enabled": true
    }
}

Response Parameters

**Table 4** Response parameter
Parameter	Type	Description
flow_log	flow_log object	FlowLog objects. For details, see Table 5.

**Table 5** Description of the **FlowLog** field
Parameter	Type	Description
id	String	Flow log ID
name	String	Flow log name The value can contain no more than 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).
tenant_id	String	Project ID
description	String	Flow log description The value can contain no more than 255 characters and cannot contain angle brackets (< or >).
resource_type	String	Type of the resource for which that the logs to be collected. The value can be: port: a single network interface. vpc: All network interfaces in a VPC. network: All network interfaces in a subnet.
resource_id	String	ID of the resource for which that the logs to be collected.
traffic_type	String	Type of the traffic for which that the logs to be collected. The value can be: all: specifies that both accepted and rejected traffic of the specified resource will be logged. accept: specifies that only accepted inbound and outbound traffic of the specified resource will be logged. reject: specifies that only rejected inbound and outbound traffic of the specified resource will be logged.
log_group_id	String	Log group ID
log_topic_id	String	Log topic ID
index_enabled	Boolean	Whether to enable the log index function
admin_state	Boolean	Whether to enable the flow log function
status	String	Flow log status The value can be: ACTIVE: Enabled DOWN: Disabled ERROR: Abnormal
created_at	String	Time when the flow log is created UTC time in the format of yyyy-MM-ddTHH:mmss
updated_at	String	Time when the flow log is updated UTC time in the format of yyyy-MM-ddTHH:mmss

Example Response

{
    "flow_log": {
        "id": "f49f00f1-0f15-470a-a8c5-4e879e461c8d",
        "name": "flowlog",
        "description": "just a test",
        "tenant_id": "b2782e6708b8475c993e6064bc456bf8",
        "resource_type": "port",
        "resource_id": "05c4052d-8d14-488f-aa00-19fea5a25fde",
        "traffic_type": "reject",
        "log_group_id": "05c4052d-8d14-488f-aa00-19fea5a25fdd",
        "log_topic_id": "a9d7dee7-37d2-4cba-a208-a016252aaa63",
        "created_at": "2019-01-14T11:03:02",
        "updated_at": "2019-01-14T11:03:02",
        "index_enabled": false,
        "admin_state": true,
        "status": "ACTIVE"
    }
}

Status Code

See Status Codes.

Error Code

See Error Codes.

Creating a VPC Flow Log