vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/vpc/umn/FlowLog_0004.html
Qin Ying, Fan 662ede2c6b VPC UMN 20240105 version 
Reviewed-by: Sarda, Priya <prsarda@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: Qin Ying, Fan <fanqinying@huawei.com>
Co-committed-by: Qin Ying, Fan <fanqinying@huawei.com>
2024-04-18 12:13:40 +00:00

146 lines
16 KiB
HTML
Raw Permalink Blame History

<a name="FlowLog_0004"></a><a name="FlowLog_0004"></a>
<h1 class="topictitle1">Viewing a VPC Flow Log</h1>
<div id="body1547961960823"><div class="section" id="FlowLog_0004__section15598193716333"><h4 class="sectiontitle">Scenarios</h4><p id="FlowLog_0004__p14468192824214">View information about your flow log record.</p>
<p id="FlowLog_0004__p8118659113310">The capture window is approximately 10 minutes, which indicates that a flow log record will be generated every 10 minutes. After creating a VPC flow log, you need to wait about 10 minutes before you can view the flow log record.</p>
<div class="note" id="FlowLog_0004__note11123475317"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="FlowLog_0004__p6431815388">If an ECS is in the stopped state, its flow log records will not be displayed.</p>
</div></div>
</div>
<div class="section" id="FlowLog_0004__section7359352124511"><h4 class="sectiontitle">Procedure</h4><ol id="FlowLog_0004__ol1599100493"><li id="FlowLog_0004__li16376160184113">Log in to the management console.</li></ol><ol start="2" id="FlowLog_0004__ol433412616258"><li id="FlowLog_0004__li1261701516256">Click <span><img id="FlowLog_0004__en-us_topic_0118498823_image338921514480" src="en-us_image_0000001818982734.png"></span> in the upper left corner and select the desired region and project.</li></ol><ol start="3" id="FlowLog_0004__ol113341928344"><li id="FlowLog_0004__li65321958215">Click <span><img id="FlowLog_0004__en-us_topic_0118498850_image8750174734412" src="en-us_image_0000001865582981.png"></span> in the upper left corner and choose <strong id="FlowLog_0004__b74381552113516"><span id="FlowLog_0004__text16438185220358">Network</span><span id="FlowLog_0004__text5438652153519"></span></strong> &gt; <strong id="FlowLog_0004__b12439155219352">Virtual Private Cloud</strong>.<p id="FlowLog_0004__p1182103318256">The <strong id="FlowLog_0004__b638735717355">Virtual Private Cloud</strong> page is displayed.</p>
</li></ol><ol start="4" id="FlowLog_0004__ol86651458101716"><li id="FlowLog_0004__li15362774171923">In the navigation pane on the left, choose <strong id="FlowLog_0004__b472112210378">VPC Flow Logs</strong>.</li><li id="FlowLog_0004__li56651158141710">Locate the target VPC flow log and click <strong id="FlowLog_0004__b8869042123814">View Log Record</strong> in the <strong id="FlowLog_0004__b135221046143810">Operation</strong> column to view information about the flow log record in LTS.<div class="fignone" id="FlowLog_0004__fig3110112519524"><span class="figcap"><b>Figure 1 </b>Viewing a log record</span><br><span><img id="FlowLog_0004__image1611013253524" src="en-us_image_0000001865663181.png"></span></div>
<div class="fignone" id="FlowLog_0004__fig184421854195912"><span class="figcap"><b>Figure 2 </b>Flow log record</span><br><span><img id="FlowLog_0004__image1944365414598" src="en-us_image_0000001818823446.png"></span></div>
<p id="FlowLog_0004__p15138111772317">The flow log record is in the following format:</p>
<pre class="screen" id="FlowLog_0004__screen7138817152312">&lt;version&gt; &lt;project-id&gt; &lt;interface-id&gt; &lt;srcaddr&gt; &lt;dstaddr&gt; &lt;srcport&gt; &lt;dstport&gt; &lt;protocol&gt; &lt;packets&gt; &lt;bytes&gt; &lt;start&gt; &lt;end&gt; &lt;action&gt; &lt;log-status&gt;</pre>
<p id="FlowLog_0004__p18138171713237">Example 1: The following is an example of a flow log record in which data was recorded during the capture window:</p>
<pre class="screen" id="FlowLog_0004__screen61387175231">1 5f67944957444bd6bb4fe3b367de8f3d 1d515d18-1b36-47dc-a983-bd6512aed4bd 192.168.0.154 192.168.3.25 38929 53 17 1 96 1548752136 1548752736 ACCEPT OK</pre>
<p id="FlowLog_0004__p9138201714235">Value <strong id="FlowLog_0004__b73339661313">1</strong> indicates the VPC flow log version. Traffic with a size of 96 bytes to NIC <strong id="FlowLog_0004__b53224614138">1d515d18-1b36-47dc-a983-bd6512aed4bd</strong> during the past 10 minutes (from 16:55:36 to 17:05:36 on January 29, 2019) was allowed. A data packet was transmitted over the UDP protocol from source IP address <strong id="FlowLog_0004__b193301631315">192.168.0.154</strong> and port <strong id="FlowLog_0004__b14331106161318">38929</strong> to destination IP address <strong id="FlowLog_0004__b1233215619133">192.168.3.25</strong> and port <strong id="FlowLog_0004__b2033317617136">53</strong>.</p>
<p id="FlowLog_0004__p1213818176235">Example 2: The following is an example of a flow log record in which no data was recorded during the capture window:</p>
<pre class="screen" id="FlowLog_0004__screen413851762315">1 5f67944957444bd6bb4fe3b367de8f3d 1d515d18-1b36-47dc-a983-bd6512aed4bd - - - - - - - 1431280876 1431280934 - NODATA</pre>
<p id="FlowLog_0004__p2013821716230">Example 3: The following is an example of a flow log record in which data was skipped during the capture window:</p>
<pre class="screen" id="FlowLog_0004__screen12138181712232">1 5f67944957444bd6bb4fe3b367de8f3d 1d515d18-1b36-47dc-a983-bd6512aed4bd - - - - - - - 1431280876 1431280934 - SKIPDATA</pre>
<div class="p" id="FlowLog_0004__p2013811171231"><a href="#FlowLog_0004__table1313851722313">Table 1</a> describes the fields of a flow log record.
<div class="tablenoborder"><a name="FlowLog_0004__table1313851722313"></a><a name="table1313851722313"></a><table cellpadding="4" cellspacing="0" summary="" id="FlowLog_0004__table1313851722313" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Log field description</caption><thead align="left"><tr id="FlowLog_0004__row813819178239"><th align="left" class="cellrowborder" valign="top" width="21.25%" id="mcps1.3.2.5.2.14.2.2.4.1.1"><p id="FlowLog_0004__p4138151722319"><strong id="FlowLog_0004__b42231630175912">Field</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="38.29%" id="mcps1.3.2.5.2.14.2.2.4.1.2"><p id="FlowLog_0004__p313821712314"><strong id="FlowLog_0004__b2356133145912">Description</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40.46%" id="mcps1.3.2.5.2.14.2.2.4.1.3"><p id="FlowLog_0004__p181381117112313"><strong id="FlowLog_0004__b84235270685752">Example Value</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="FlowLog_0004__row513861742316"><td class="cellrowborder" valign="top" width="21.25%" headers="mcps1.3.2.5.2.14.2.2.4.1.1 "><p id="FlowLog_0004__p171381817152313">version</p>
</td>
<td class="cellrowborder" valign="top" width="38.29%" headers="mcps1.3.2.5.2.14.2.2.4.1.2 "><p id="FlowLog_0004__p181381017102311">The VPC flow log version.</p>
</td>
<td class="cellrowborder" valign="top" width="40.46%" headers="mcps1.3.2.5.2.14.2.2.4.1.3 "><p id="FlowLog_0004__p181383178234">1</p>
</td>
</tr>
<tr id="FlowLog_0004__row1013818170231"><td class="cellrowborder" valign="top" width="21.25%" headers="mcps1.3.2.5.2.14.2.2.4.1.1 "><p id="FlowLog_0004__p813814175238">project-id</p>
</td>
<td class="cellrowborder" valign="top" width="38.29%" headers="mcps1.3.2.5.2.14.2.2.4.1.2 "><p id="FlowLog_0004__p14138171752312">The project ID.</p>
</td>
<td class="cellrowborder" valign="top" width="40.46%" headers="mcps1.3.2.5.2.14.2.2.4.1.3 "><p id="FlowLog_0004__p41383177232">5f67944957444bd6bb4fe3b367de8f3d</p>
</td>
</tr>
<tr id="FlowLog_0004__row51388179233"><td class="cellrowborder" valign="top" width="21.25%" headers="mcps1.3.2.5.2.14.2.2.4.1.1 "><p id="FlowLog_0004__p1138517132311">interface-id</p>
</td>
<td class="cellrowborder" valign="top" width="38.29%" headers="mcps1.3.2.5.2.14.2.2.4.1.2 "><p id="FlowLog_0004__p10138121792314">The ID of the NIC for which the traffic is recorded.</p>
</td>
<td class="cellrowborder" valign="top" width="40.46%" headers="mcps1.3.2.5.2.14.2.2.4.1.3 "><p id="FlowLog_0004__p13138131762311">1d515d18-1b36-47dc-a983-bd6512aed4bd</p>
</td>
</tr>
<tr id="FlowLog_0004__row91381417172313"><td class="cellrowborder" valign="top" width="21.25%" headers="mcps1.3.2.5.2.14.2.2.4.1.1 "><p id="FlowLog_0004__p313851792312">srcaddr</p>
</td>
<td class="cellrowborder" valign="top" width="38.29%" headers="mcps1.3.2.5.2.14.2.2.4.1.2 "><p id="FlowLog_0004__p17138151742312">The source IP address.</p>
</td>
<td class="cellrowborder" valign="top" width="40.46%" headers="mcps1.3.2.5.2.14.2.2.4.1.3 "><p id="FlowLog_0004__p913821715234">192.168.0.154</p>
</td>
</tr>
<tr id="FlowLog_0004__row4138817182313"><td class="cellrowborder" valign="top" width="21.25%" headers="mcps1.3.2.5.2.14.2.2.4.1.1 "><p id="FlowLog_0004__p15138717162315">dstaddr</p>
</td>
<td class="cellrowborder" valign="top" width="38.29%" headers="mcps1.3.2.5.2.14.2.2.4.1.2 "><p id="FlowLog_0004__p1313821714235">The destination IP address.</p>
</td>
<td class="cellrowborder" valign="top" width="40.46%" headers="mcps1.3.2.5.2.14.2.2.4.1.3 "><p id="FlowLog_0004__p181381017162318">192.168.3.25</p>
</td>
</tr>
<tr id="FlowLog_0004__row11381917152316"><td class="cellrowborder" valign="top" width="21.25%" headers="mcps1.3.2.5.2.14.2.2.4.1.1 "><p id="FlowLog_0004__p1513815171239">srcport</p>
</td>
<td class="cellrowborder" valign="top" width="38.29%" headers="mcps1.3.2.5.2.14.2.2.4.1.2 "><p id="FlowLog_0004__p3138101712237">The source port.</p>
</td>
<td class="cellrowborder" valign="top" width="40.46%" headers="mcps1.3.2.5.2.14.2.2.4.1.3 "><p id="FlowLog_0004__p31381817152318">38929</p>
</td>
</tr>
<tr id="FlowLog_0004__row2013819179235"><td class="cellrowborder" valign="top" width="21.25%" headers="mcps1.3.2.5.2.14.2.2.4.1.1 "><p id="FlowLog_0004__p10138217122314">dstport</p>
</td>
<td class="cellrowborder" valign="top" width="38.29%" headers="mcps1.3.2.5.2.14.2.2.4.1.2 "><p id="FlowLog_0004__p17138131762314">The destination port.</p>
</td>
<td class="cellrowborder" valign="top" width="40.46%" headers="mcps1.3.2.5.2.14.2.2.4.1.3 "><p id="FlowLog_0004__p121381317162319">53</p>
</td>
</tr>
<tr id="FlowLog_0004__row121381117112313"><td class="cellrowborder" valign="top" width="21.25%" headers="mcps1.3.2.5.2.14.2.2.4.1.1 "><p id="FlowLog_0004__p1213861710233">protocol</p>
</td>
<td class="cellrowborder" valign="top" width="38.29%" headers="mcps1.3.2.5.2.14.2.2.4.1.2 "><p id="FlowLog_0004__p1513831742314">The Internet Assigned Numbers Authority (IANA) protocol number of the traffic. For details, see <a href="http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml" target="_blank" rel="noopener noreferrer">Assigned Internet Protocol Numbers</a>.</p>
</td>
<td class="cellrowborder" valign="top" width="40.46%" headers="mcps1.3.2.5.2.14.2.2.4.1.3 "><p id="FlowLog_0004__p3138171792310">17</p>
</td>
</tr>
<tr id="FlowLog_0004__row2138171719237"><td class="cellrowborder" valign="top" width="21.25%" headers="mcps1.3.2.5.2.14.2.2.4.1.1 "><p id="FlowLog_0004__p113801772317">packets</p>
</td>
<td class="cellrowborder" valign="top" width="38.29%" headers="mcps1.3.2.5.2.14.2.2.4.1.2 "><p id="FlowLog_0004__p9138171710235">The number of packets transferred during the capture window.</p>
</td>
<td class="cellrowborder" valign="top" width="40.46%" headers="mcps1.3.2.5.2.14.2.2.4.1.3 "><p id="FlowLog_0004__p6138171720239">1</p>
</td>
</tr>
<tr id="FlowLog_0004__row313811178234"><td class="cellrowborder" valign="top" width="21.25%" headers="mcps1.3.2.5.2.14.2.2.4.1.1 "><p id="FlowLog_0004__p171381517112312">bytes</p>
</td>
<td class="cellrowborder" valign="top" width="38.29%" headers="mcps1.3.2.5.2.14.2.2.4.1.2 "><p id="FlowLog_0004__p813861716230">The number of bytes transferred during the capture window.</p>
</td>
<td class="cellrowborder" valign="top" width="40.46%" headers="mcps1.3.2.5.2.14.2.2.4.1.3 "><p id="FlowLog_0004__p6138121792314">96</p>
</td>
</tr>
<tr id="FlowLog_0004__row11384176232"><td class="cellrowborder" valign="top" width="21.25%" headers="mcps1.3.2.5.2.14.2.2.4.1.1 "><p id="FlowLog_0004__p71380173233">start</p>
</td>
<td class="cellrowborder" valign="top" width="38.29%" headers="mcps1.3.2.5.2.14.2.2.4.1.2 "><p id="FlowLog_0004__p513841762316">The time, in Unix seconds, of the start of the capture window.</p>
</td>
<td class="cellrowborder" valign="top" width="40.46%" headers="mcps1.3.2.5.2.14.2.2.4.1.3 "><p id="FlowLog_0004__p61381178236">1548752136</p>
</td>
</tr>
<tr id="FlowLog_0004__row17138121720239"><td class="cellrowborder" valign="top" width="21.25%" headers="mcps1.3.2.5.2.14.2.2.4.1.1 "><p id="FlowLog_0004__p1313819174239">end</p>
</td>
<td class="cellrowborder" valign="top" width="38.29%" headers="mcps1.3.2.5.2.14.2.2.4.1.2 "><p id="FlowLog_0004__p11138017112317">The time, in Unix seconds, of the end of the capture window.</p>
</td>
<td class="cellrowborder" valign="top" width="40.46%" headers="mcps1.3.2.5.2.14.2.2.4.1.3 "><p id="FlowLog_0004__p1313821782316">1548752736</p>
</td>
</tr>
<tr id="FlowLog_0004__row11383177238"><td class="cellrowborder" valign="top" width="21.25%" headers="mcps1.3.2.5.2.14.2.2.4.1.1 "><p id="FlowLog_0004__p1138517132310">action</p>
</td>
<td class="cellrowborder" valign="top" width="38.29%" headers="mcps1.3.2.5.2.14.2.2.4.1.2 "><p id="FlowLog_0004__p19138171732318">The action associated with the traffic:</p>
<ul id="FlowLog_0004__ul151381717152318"><li id="FlowLog_0004__li9138191782318"><strong id="FlowLog_0004__b14572625182814">ACCEPT</strong>: The recorded traffic was allowed by the security groups or <span id="FlowLog_0004__text11248715171311">firewall</span><span id="FlowLog_0004__text45551720134"></span>s.</li><li id="FlowLog_0004__li1413801732316"><strong id="FlowLog_0004__b1093101312218">REJECT</strong>: The recorded traffic was denied by the security groups or <span id="FlowLog_0004__text19632232191316">firewall</span><span id="FlowLog_0004__text7632113215134"></span>s.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="40.46%" headers="mcps1.3.2.5.2.14.2.2.4.1.3 "><p id="FlowLog_0004__p8138617162312">ACCEPT</p>
</td>
</tr>
<tr id="FlowLog_0004__row1713820178232"><td class="cellrowborder" valign="top" width="21.25%" headers="mcps1.3.2.5.2.14.2.2.4.1.1 "><p id="FlowLog_0004__p91383171236">log-status</p>
</td>
<td class="cellrowborder" valign="top" width="38.29%" headers="mcps1.3.2.5.2.14.2.2.4.1.2 "><p id="FlowLog_0004__p1713861762314">The logging status of the VPC flow log:</p>
<ul id="FlowLog_0004__ul21381617122319"><li id="FlowLog_0004__li6138121712310"><strong id="FlowLog_0004__b54661210129">OK</strong>: Data is logging normally to the chosen destinations.</li><li id="FlowLog_0004__li1981731516371"><strong id="FlowLog_0004__b1375524588">NODATA</strong>: There was no traffic of the <strong id="FlowLog_0004__b84235270616738">Filter</strong> setting to or from the NIC during the capture window.</li><li id="FlowLog_0004__li18138617172314"><strong id="FlowLog_0004__b44741312212">SKIPDATA</strong>: Some flow log records were skipped during the capture window. This may be caused by an internal capacity constraint or an internal error.</li></ul>
<p id="FlowLog_0004__p192827623912">Example:</p>
<p id="FlowLog_0004__p18825610113911">When <strong id="FlowLog_0004__b84235270616831">Filter</strong> is set to <strong id="FlowLog_0004__b84235270616850">Accepted traffic</strong>, if there is accepted traffic, the value of <strong id="FlowLog_0004__b842352706161659">log-status</strong> is <strong id="FlowLog_0004__b84235270616174">OK</strong>. If there is no accepted traffic, the value of <strong id="FlowLog_0004__b842352706161743">log-status</strong> is <strong id="FlowLog_0004__b842352706161747">NODATA</strong> regardless of whether there is rejected traffic. If some accepted traffic is abnormally skipped, the value of <strong id="FlowLog_0004__b518035696162046">log-status</strong> is <strong id="FlowLog_0004__b842352706162055">SKIPDATA</strong>.</p>
</td>
<td class="cellrowborder" valign="top" width="40.46%" headers="mcps1.3.2.5.2.14.2.2.4.1.3 "><p id="FlowLog_0004__p161381417142314">OK</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</li></ol>
<p id="FlowLog_0004__p136731571117">You can enter a keyword on the log topic details page on the LTS console to search for flow log records.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="FlowLog_0001.html">VPC Flow Log</a></div>
</div>
</div>
View Git Blame Copy Permalink