Flow Log Center, jointly provided by Simple Log Service (SLS) and Virtual Private Cloud (VPC), delivers policy statistics, elastic network interface (ENI) traffic statistics, and inter-CIDR-block traffic statistics to help you analyze VPC flow logs.
Product trial
The SLS Playground provides a Flow Log Center demo with sample instances, data, and visualization charts so you can explore the features in a ready-made environment.
Click Flow Log Center to try the demo.
The data in the SLS Playground is for demonstration purposes only. Do not use it in a production environment.
Features
Flow Log Center provides two core capabilities: a monitoring center and inter-domain analysis.
-
Monitoring center
Analyzes and monitors VPC flow logs.
-
Provides the Overview, Policy Statistics, ENI Traffic, and Inter-ECS Traffic dashboards. For more information, see Dedicated dashboards.
-
Provides a custom query page for querying and analyzing VPC flow logs. For more information, see Query and analyze logs.
-
-
Inter-domain analysis
When you enable inter-domain analysis, the system automatically creates a data transformation job that generates VPC flow logs enriched with CIDR block information. You can use these logs to analyze traffic between different CIDR blocks.
-
Provides the Inter-domain Traffic, ECS-to-Domain Traffic, and Threat Intelligence dashboards. For more information, see Dedicated dashboards.
-
Provides a custom query page for querying and analyzing VPC flow logs enriched with CIDR block information. For more information, see Query and analyze logs.
-
Assets
-
Projects and Logstores
Create a custom project and Logstore to store VPC flow logs. When you configure inter-domain CIDR blocks, the system automatically creates a data transformation job and a Logstore named flowlog-enriched-Instance ID to store the transformed VPC flow logs.
-
Dedicated dashboards
Table 1. Dedicated dashboards
Dashboard
Associated Logstore
Description
Overview
Custom Logstore
Provides an overview of VPC flow logs.
Policy Statistics
Custom Logstore
Shows policy information such as Accept and Reject trends, and the count of accepted and rejected traffic based on the 5-tuple (source CIDR block, source port, protocol type, destination CIDR block, and destination port).
-
ACCEPT: Traffic is allowed by security groups and network access control lists (ACLs).
-
REJECT: Traffic is rejected by security groups and network ACLs.
ENI Traffic
Custom Logstore
Shows inbound and outbound traffic of ENIs.
Inter-ECS Traffic
Custom Logstore
Shows traffic between Elastic Compute Service (ECS) instances.
Inter-domain Traffic
Logstore named flowlog-enriched-Instance ID
Shows traffic between different CIDR blocks.
ECS-to-Domain Traffic
Logstore named flowlog-enriched-Instance ID
Shows traffic from an ECS instance to a destination CIDR block.
Threat Intelligence
Logstore named flowlog-enriched-Instance ID
Shows threat intelligence for source and destination IP addresses.
-
Billing
The flow log feature allows you to deliver only the network logs that are extracted to SLS. When you use the flow log feature, you are charged for SLS usage and network log extraction.
Fees for network log extraction
You are charged based on the data amount of network logs that are extracted. The fees are included in the bills of VPC. For more information, see Billing of flow logs.
Fees for SLS usage
If the dedicated logstore uses the pay-by-feature billing mode, you are charged for storage, read traffic, number of requests, data transformation, and data shipping after the flow logs are collected from VPC to SLS. The fees are included in the bills of SLS. For more information, see Pay-by-feature billable items.
If the dedicated logstore uses the pay-by-ingested-data billing mode, you are charged for storage of raw data that is written after the flow logs are collected from VPC to SLS. The fees are included in the bills of SLS. For more information, see Billable items for the pay-by-ingested-data model.
Limits
The Simple Log Service project and the VPC instance must be in the same region.