Flow Log
Last Updated:2021-12-16
The Baidu AI Cloud flow log is used to record the network flow information sent and received by a BCC instance in the VPC. Also, this feature can provide users with the capabilities of traffic analysis, visualization, fault diagnosis/location, and network architecture tuning. The core fields of the flow log are quintuple, statistical information, timestamp, flow operation (whether it is allowed by access control), and so on.
Description:
- At present, the flow log is available only in the Guangzhou region. If you want to use the flow log, you can Apply for Open Beta Test.
Application Scenarios:
- Fault Location: The flow log feature can save the fault site, help you locate the network fault quickly, and solve the root cause of the problem timely. For example, the feature can quickly determine whether the BCC is inaccessible because the security group or the ACL setting is unreasonable.
- Architecture Optimization: The flow log feature can collect network interface card traffic, help you improve data-driven network operations capabilities, and rationally optimize network architecture, e.g., analyze historical network data and build business network benchmarks. Also, the feature can discover performance bottlenecks in time, scale up the capacity or degrade the traffic reasonably, analyze access user regions and network traffic, expand business coverage reasonably, and optimize network security policies.
- Warning: The increase of traditional flow checkpoints degrades the performance of the CVM server. The flow log can timely find the network security threat and improve the system security without affecting the performance of the CVM server, for example, attempt to connect a wide range of IP addresses, communicate with known threat IP addresses, and identify unusual protocols.
Before the Configuration, You Need to Know About the Following Aspects:
- You can create up to 10 flow logs in each region.
- You can associate the flow logs with log sets in the same region but cannot do that across regions.
- The flow log supports the region and model of the Baidu Cloud Compute to which the network interface card used to collect the traffic information belongs.
| Region | Model |
|---|---|
| South China - Guangzhou | General g4, compute optimized c4, intensive compute optimized ic4, and memory optimized m4 |
Create Flow Log
- In the virtual private cloud (VPC) console, select "Flow Log" in the navbar to enter the flow log list page.
- Click the "Create Flow Log" button so that a pop-up box appears.
- Enter the following configuration information:
| Configuration Item | Description |
|---|---|
| Current region | It is available only in the Guangzhou region. You can change the region through the region in the upper left corner. |
| Name | Name of the user-defined flow log |
| Resource type | Select the type of resource you want to capture the traffic, and then select the corresponding resource. You can select the following resource types: Virtual private cloud: capture the traffic information of all network cards in the specified virtual private cloud; Subnet: capture the traffic information of all network interface cards in the specified subnet; Baidu Cloud Compute: capture the traffic information of all network interface cards on the specified Baidu Cloud Compute; NIC: capture the traffic information of the specified network interface card. |
| Traffic type | Select the type of traffic to be captured: All traffic: capture all traffic of the specified resource; Allowed: capture the traffic that the specified resource is allowed by the security group or ACL rule; Denied: capture the traffic of the specified resources that is denied by the security group or ACL rule. |
| Log set | Select a log set that stores the captured traffic: select an existing log set: select a log set that stores the captured traffic from an existing item New log set: create a new log set to store the captured traffic. |
| Description | Description of the input flow log, which does not exceed 200 characters. |
Description:
- The flow log does not incur any costs because the data is stored in the log service. Thus, the billing is based on the log service standards.
- Click "OK" to complete the flow log creation.
Create Log Set
You need to create a log set in the log service to store and view flow logs. For specific operations, see Operation Guide for Log Set.
Delete Flow Log
- In the virtual private cloud console, select "Flow Log" in the navbar to enter the flow log list page.
- Select the flow log you want to delete, and then click "Delete" and confirm the operation.
Description:
- Deleting the flow log does not mean the deletion of the flow log.
View Flow Log Records
You can view the flow logs in the log service to help you locate business problems quickly. You can select multiple log topics in the same log set to query the records across log topics. For details, see Log Search.
The description of the flow log field is as below:
| Field | Description |
|---|---|
| account_id | The user ID of the flow log. |
| action | Operations associated with traffic: accept: Traffic recorded by the security group and ACL; reject: Traffic rejected by the security group and ACL. |
| direction | Flow direction: in: Traffic in the inbound direction out: Traffic in the outbound direction. |
| src_addr | source IP |
| dst_addr | Destination IP |
| src_port | Source port of the traffic |
| dst_port | Destination port of the traffic |
| protocol | 4-layer protocol number |
| start_time | Start time of the traffic |
| end_time | End time of the traffic |
| log_status | Logging status of the flow log: OK: The data logging is normal. |
| n_packets | Number of messages |
| n_bytes | Number of bytes |
| version | Flow log version number |
| port_id | Baidu Cloud Compute port ID |
| vm_id | Baidu Cloud Compute ID bound to the network interface card |
| subnet_id | Subnet ID of the network interface card. |
| vpc_id | VPC ID of the network interface card. |