CCN Cross-Region Flow Logging

Recent Pages

CCN Cross-Region Flow Logging

Last updated: 2024-01-10 14:47:24

CCN provides the flow log collection feature to collect and analyze cross-region traffic and generate logs and analysis charts. This helps you stay informed of cross-region communication and quickly locate and solve problems based on the logs, thus improving the business availability and Ops efficiency.
Note: 
The flow log feature is in beta test. To try it out, submit a ticket for application.
The Flow Log service is free of charge, but the data stored in CLS will be charged at the standard prices of CLS.
As flow log data is stored in CLS, make sure that you have granted CLS access to Flow Logs.
Directions
1. Log in to the VPC console and click Diagnostic Tools > Flow Logs on the left sidebar.
2. Select the region in the top-left corner of the Flow Logs page and click +Create.
3. Configure the following parameters in the Create Flow Log window.
Field
Description
Name
Enter a name for the flow log to be created.
Collection Range
Multiple collection ranges are supported currently. Cross-region CCN traffic is selected here.
CCN
CCN instance ID.
Collection Type
Select the type of traffic to be collected by the flow log: all traffic, or the traffic rejected or accepted by security groups or ACL.
Logset
Specify the storage location in CLS for flow logs. If you already have a logset, select it directly; otherwise, keep Created by System selected, so that the system will create one for you. You can also click Create to create one in the CLS console.
Log Topic
Specify the minimum dimension of log storage, which is used to distinguish between different types of logs, such as `Accept` log. If you already have a log topic, select it directly; otherwise, keep 
Created by System
  selected, so that the system will create one for you. You can also go to the CLS console to create one.
Note: For more information on how to configure a logset, log topic, and index, see Creating Logsets and Log Topics.
Tag Key
Click Advanced Options to enter or select a tag key for the identification and management of flow logs.
Tag Value
Click Advanced Options to enter or select a tag value. It can also be left empty.
4. Click OK.
Note: 
You can view the record of a newly created flow log in CLS after six minutes upon the creation (one minute for the capture window and five minutes for data publishing).
5. After about six minutes, click Storage Location or View to enter the Search and Analysis page of the CLS service, select the region and time period for which to view logs, and click Search and Analyze to view the logs.
Note: 
For field descriptions, see Appendix. For more information on log analysis, see Quick Analysis.
Appendix
Flow log records of cross-region CCN traffic
The flow logs of cross-region CCN traffic record the network flows filtered by the "quintuple + traffic source region + traffic destination region" rule in a specific capture window; that is, only flow logs that meet the rule in the capture window can be recorded as flow logs of cross-region CCN traffic.
Quintuple + traffic source region + traffic destination region
A quintuple refers to a collection of five values: source IP address, source port, destination IP address, destination port, and transport layer protocol.
The traffic source region refers to the region from which cross-region CCN traffic is sent.
The traffic destination region refers to the region to which cross-region CCN traffic arrives.
Capture window
It refers to a time period of one minute, during which FL aggregates data and takes about five minutes to publish the flow log records. Flow log records are strings separated with spaces in the following format:
srcaddr dstregionid dstport start dstaddr version packets ccnid protocol srcregionid bytes action region-id srcport end log-status
Field
Data Type
Description
srcaddr
text
Source IP.
dstregionid
text
Traffic destination region.
dstport
long
Traffic destination port. This field will take effect only for UDP/TCP protocols and will be displayed as "-" for other protocols.
start
long
The timestamp when the first packet is received in the current capture window. If there are no packets in the capture window, it will be displayed as the start time of the capture window in Unix seconds.
dstaddr
text
Destination IP.
version
text
Flow log version.
packets
long
Number of packets transferred in the capture window. This field will be displayed as "-" when log-status is NODATA.
ccnid
text
Unique CCN instance ID. To get the information of your CCN instance, contact us.
protocol
long
IANA protocol number of the traffic. For more information, see Assigned Internet Protocol Numbers.
srcregionid
text
Traffic source region.
bytes
long
Number of bytes transferred in the capture window. This field will be displayed as "-" when log-status is NODATA.
action
text
Operation associated with the traffic:
ACCEPT: Cross-region traffic normally forwarded over CCN.
REJECT: Cross-region traffic prevented from being forwarded due to traffic throttling.
region-id
text
Region where logs are recorded.
srcport
text
Traffic source port. This field will take effect only for UDP/TCP protocols and will be displayed as "-" for other protocols.
end
long
The timestamp when the last packet is received in the current capture window. If there are no packets in the capture window, it will be displayed as the end time of the capture window in Unix seconds.
log-status
text
Logging status of the flow log. Valid values:
OK: Data is normally logged to the specified destination.
NODATA: There was no inbound or outbound network flow in the capture window, in which case both the packets and bytes fields will be displayed as -1.
FAQs
How do I view flow logs between specified regions?
If the flow log feature is enabled in the Shanghai region, all outbound traffic from Shanghai and inbound traffic to Shanghai will be collected. To collect the flow logs between two regions, you can filter out the expected flow logs by srcregion and dstregion in CLS. For more information, see Context Search and Analysis.

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support

tencent cloud

Recent Pages

CCN Cross-Region Flow Logging

Directions

Appendix

Flow log records of cross-region CCN traffic

FAQs

How do I view flow logs between specified regions?

Was this page helpful?

Was this page helpful?

Field	Description
Name	Enter a name for the flow log to be created.
Collection Range	Multiple collection ranges are supported currently. Cross-region CCN traffic is selected here.
CCN	CCN instance ID.
Collection Type	Select the type of traffic to be collected by the flow log: all traffic, or the traffic rejected or accepted by security groups or ACL.
Logset	Specify the storage location in CLS for flow logs. If you already have a logset, select it directly; otherwise, keep Created by System selected, so that the system will create one for you. You can also click Create to create one in the CLS console.
Log Topic	Specify the minimum dimension of log storage, which is used to distinguish between different types of logs, such as `Accept` log. If you already have a log topic, select it directly; otherwise, keep Created by System selected, so that the system will create one for you. You can also go to the CLS console to create one. Note: For more information on how to configure a logset, log topic, and index, see Creating Logsets and Log Topics.
Tag Key	Click Advanced Options to enter or select a tag key for the identification and management of flow logs.
Tag Value	Click Advanced Options to enter or select a tag value. It can also be left empty.

Field	Data Type	Description
srcaddr	text	Source IP.
dstregionid	text	Traffic destination region.
dstport	long	Traffic destination port. This field will take effect only for UDP/TCP protocols and will be displayed as "-" for other protocols.
start	long	The timestamp when the first packet is received in the current capture window. If there are no packets in the capture window, it will be displayed as the start time of the capture window in Unix seconds.
dstaddr	text	Destination IP.
version	text	Flow log version.
packets	long	Number of packets transferred in the capture window. This field will be displayed as "-" when log-status is NODATA.
ccnid	text	Unique CCN instance ID. To get the information of your CCN instance, contact us.
protocol	long	IANA protocol number of the traffic. For more information, see Assigned Internet Protocol Numbers.
srcregionid	text	Traffic source region.
bytes	long	Number of bytes transferred in the capture window. This field will be displayed as "-" when log-status is NODATA.
action	text	Operation associated with the traffic: ACCEPT: Cross-region traffic normally forwarded over CCN. REJECT: Cross-region traffic prevented from being forwarded due to traffic throttling.
region-id	text	Region where logs are recorded.
srcport	text	Traffic source port. This field will take effect only for UDP/TCP protocols and will be displayed as "-" for other protocols.
end	long	The timestamp when the last packet is received in the current capture window. If there are no packets in the capture window, it will be displayed as the end time of the capture window in Unix seconds.
log-status	text	Logging status of the flow log. Valid values: OK: Data is normally logged to the specified destination. NODATA: There was no inbound or outbound network flow in the capture window, in which case both the packets and bytes fields will be displayed as -1.

tencent cloud

Sign Up

Log in

Recent Pages

CCN Cross-Region Flow Logging

Directions

Appendix

Flow log records of cross-region CCN traffic

FAQs

How do I view flow logs between specified regions?

Was this page helpful?

Was this page helpful?