Collecting Logs from VPC
LTS can collect logs from VPC.
Prerequisites
You have purchased and used a Huawei Cloud VPC.
Restrictions
For details about the supported ECSs, see VPC Flow Log Overview.
Procedure
Perform the following operations to configure VPC log ingestion:
- Log in to the LTS console.
- In the navigation pane on the left, choose Log Ingestion and and click VPC (Virtual Private Cloud).
- Select a log stream.
- Select a log group from the Log Group drop-down list. If there are no desired log groups, click Create Log Group to create one.
- Select a log stream from the Log Stream drop-down list. If there are no desired log streams, click Create Log Stream to create one.
- Click Next: Configure VPC.
- Configure VPC.
Click Configure VPC.
- On the VPC console, choose VPC Flow Logs.
- On the VPC Flow Logs page, click Create VPC Flow Log and configure parameters.
- Click OK.
- Click Next: Configure Log Stream.
Table 1 Log stream parameters Parameter
Description
Auto Structure and Index
If
is enabled, the log stream is automatically structured and indexed. The structuring is based on the VPC template, and the indexing enables quick analysis for all parsed VPC fields. Enabling structuring and indexing is required for SQL analysis of VPC logs with visual charts.
Auto Add Tag log_type=apig_layer_access
If this option is enabled, the tag log_type=vpc_flow is automatically added to the log stream, and the VPC dashboard template can then match this log stream.
Auto Create Dashboard
If this option is enabled, a VPC dashboard is automatically created for the log stream.
- Click Submit.
Structuring Template Details
- VPC log example
Table 2 Structuring template example Template Name
Example Log
VPC
1 5f67944957444bd6bb4fe3b367de8f3d 1d515d18-1b36-47dc-a983-bd6512aed4bd 192.168.0.154 192.168.3.25 38929 53 17 1 96 1548752136 1548752736 ACCEPT OK
- Structuring fields and description
Table 3 Structuring fields Field
Example
Description
Type
version
1
VPC flow log version
long
project_id
5f67944957444bd6bb4fe3b367de8f3d
Project ID
string
interface_id
1d515d18-1b36-47dc-a983-bd6512aed4bd
ID of the NIC for which the traffic is recorded
string
srcaddr
192.168.0.154
Source IP address
string
dstaddr
192.168.3.25
Destination IP address
string
srcport
38929
Source port
long
dstport
53
Destination port
long
protocol
17
Internet Assigned Numbers Authority (IANA) protocol number of the traffic. For details, see Assigned Internet Protocol Numbers.
long
packets
1
Number of data packets transferred
long
bytes
96
Size of the data packets transferred
long
start
1548752136
Start time of the capture window, in Unix seconds
long
end
1548752736
End time of the capture window, in Unix seconds
long
action
ACCEPT
Action associated with the traffic:
- ACCEPT: The recorded traffic was permitted by the security groups or network ACLs.
- REJECT: The recorded traffic was denied by the security groups or network ACLs.
string
log_status
OK
Status of the VPC flow log:
- OK: Data was logged normally to the chosen destinations.
- NODATA: There was no traffic of the Filter setting to or from the NIC during the capture window.
- SKIPDATA: Some flow log records were skipped during the capture window. This may be caused by an internal capacity constraint or an internal error.
Example:
When Filter is set to Accepted traffic, if there is accepted traffic, the value of log-status is OK. If there is no accepted traffic, the value of log-status is NODATA regardless of whether there is rejected traffic. If some accepted traffic is abnormally skipped, the value of log-status is SKIPDATA.
string
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot